Perimeter Security Information Security Senior Analyst


 visa Perimeter Security Information Security Senior Analyst
Company: Visa
Location: Ashburn, VA
Description: The successful candidate will work in the Attack Surface Management program responsible for protecting and improving Visa’s enterprise perimeter security posture. The senior information security analyst will identify, develop, and execute perimeter security initiatives. The team is responsible for vulnerability management, web application security, managing third party security engagements, governance of the overall perimeter security controls state, and introduction of new perimeter based security technologies where warranted.
  • Key individual contributor role with accountability for researching, measuring, preventing, detecting, and remediating security vulnerabilities at the infrastructure and application layers
  • Perform web application security testing to identify vulnerabilities and security risks to web applications and backend databases and collaborate with diverse IT and business teams to assist in the remediation efforts in a risk prioritized, effective, and efficient fashion.
  • Collaborate closely with the Security Operations Center, Network Operations Center, application support, and other operations teams to ensure appropriate response to security findings
  • Conduct risk analyses and identify perimeter information security exposures; work with the business and subject matter experts to shore up and resolve these issues. Conduct research on emerging issues and identified gaps in existing perimeter security controls
  • Provide metrics and supporting data used to derive the overall perimeter security state
  • Examine and recommend introduction of new perimeter-based security technologies where warranted
  • Conduct continuous security analysis on network, application, and infrastructure components; conduct causal analysis and work across IT and business teams to develop solutions that address root causes.
  • Conduct continuous analysis of security threat information (viruses, malicious code, industry events, hackers and zero day exploits, OEM weaknesses, IDS/IPS and SIEM alerting, etc.) in order to proactively assess and investigate emerging threats and potential impact to Visa.
  • Function as a subject matter expert during security incidents. Interact with and assist investigative teams within Visa on time sensitive, critical investigations.
  • This position will require after-hours and weekend work, as necessitated by change control windows and security incidents.
  • Bachelor’s Degree in Computer Science (or related field) or equivalent work experience
  • 5 to 10 years of experience in Information Security: experience with vulnerability management or performing penetration tests a plus
  • Experience working with perimeter technologies (router, firewalls, web proxies and intrusion prevention, etc.) and vulnerability management tools (vulnerability scanners).
  • Knowledge of Web Applications and Technologies: understanding of application programming languages, application servers, web services, browser technology, common vulnerabilities, security best practices, automated assessment tools, and manual testing techniques specific to web applications.
  • Networking/Network Engineering/Network Administration: understanding and experience in a broad range of networking concepts, technologies, architectures, and security concerns specific to networking
  • Experience with application security testing tools such as IBM AppScan, HP WebInspect, Veracode, WhiteHat Sentinel, and BurpSuite.
  • Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE) and Open Web Application Security Project (OWASP) processes and remediation recommendations.
  • The proven ability to influence and communicate effectively: excellent written and verbal communications skills, including an ability to communicate very technical findings to both technical and non-technical audiences, including project managers, systems engineers, developers, enterprise architects, and senior management.
  • Knowledge and experience with diverse IT architectures and enterprise IT data centers, large scale transaction processing environments, external hosted services and cloud computing environments. Knowledge and experience with physical and virtual server configurations and implementations.
  • Scripting/programming skills and familiarity with ethical hacking beneficial
  • Security-related certifications (CISSP, OSCP, GWAPT, etc…) a plus
  • Must be both a self-starter and team player with the ability to work independently with limited supervision
  • Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines.
Citizenship: No Requirement
Clearance Required: No
Contact:   –