Sr. Cybersecurity Engineer, IAM

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

Information security is an integral part of Visa’s corporate culture.  It is essential to maintaining our position as an industry leader in electronic payments, and it is the responsibility of each employee to safeguard information, protect it from unauthorized access, and ensure regulatory compliance.  Information security has a significant effect on privacy, consumer confidence, external reputation, and/or the bottom line, and it is a priority on everyone’s agenda

The successful incumbent will be part of Visa’s Business to Business Identity & Access Management team, which is part of the larger Cybersecurity organization. The B2B IAM team has a Global focus, and is responsive to an evolving threat landscape, regulatory compliance, IT security requirements and technology architecture. The B2B IAM team is responsible for secure access to business portals and associated services.

Essential Functions:

• Deep understanding of web applications integration for single sign on using ForgeRock

• Setting up federation agreements using SAML 2, OpenID and OAuth protocols

• Setting up authorization policies and configuring authentication chains in ForgeRock AM

• Installation and configuration of ForgeRock AM

• Deep understanding of session management across geographically distributed locations

• Installation and configuration of ForgeRock Directory Server (DS)

• Deep understanding of replication and user directory synchronization

• Good knowledge of OpenID connects and OAuth protocols.

• Setting up LDAP password policies and ACIs using custom scripts

• Building a performance lab and setting up scripts to load test the different access management functions

• Building scripts to monitor production traffic patterns and translate the numbers into scripts for performance lab

• Familiarity with all different flavors of web servers and app servers including IIS, Apache, MGINX, Apache Tomcat and Node.js

• Installation of configuration of ForgeRock agents on web servers and app servers

• Demonstrate ability to work in a complex organization to determine business and customer needs, providing the best solution to meet those needs

• You will work closely with Operations, database, and middleware engineering teams to maintain high system up time according to agreed SLA

• Operate with little supervision and oversight

• Able to collaborate effectively with teams spread across different time zones

• Serve as the Subject Matter Expert (SME) for the team, acting as the primary point of contact for cross-functional teams and various support groups within Technology’s global teams

• Take on decision-making responsibilities that directly and significantly impact the productivity of individual support teams and the users they support 

• Develop technical design and build documentation for all aspects of the technical infrastructure

• Proficiency in Multi-Factor Authentication and its various implementations

This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.

Basic Qualifications:
•5+ years of relevant work experience with a Bachelor’s Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters, MBA, JD, MD) or 0 years of work experience with a PhD, OR 8+ years of relevant work experience.

Preferred Qualifications:
•6 or more years of work experience with a Bachelors Degree or 4 or more years of relevant experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or up to 3 years of relevant experience with a PhD
oKnowledgeable and working experience with Http web servers, Apache, IIS, Tomcat, JWS,
oKnowledgeable and working experience with LDAP technologies
oKnowledgeable and working experience with Linux & Windows operating systems
oKnowledgeable and working experience with application system and performance monitoring software tools
•Experience in managing global enterprise-wide platform solutions
•Able to work with cross-functional teams from different geographic locations globally.
•Understand various development methodology, including waterfall and Agile/Scrum
•Proven track record of executing and driving result in a collaborative and thoughtful manner
•Excellent verbal and written communication skills
•Understands release managements and familiar with tools like Jira
•Familiarity with various industry audit/security standards including PCI-DSS, NIST and FFIEC
•Strong knowledge of web-based 3-tier application and security architecture. Good knowledge of overall network architecture including firewalls, load balancer and WAF
•Knowledge and working experience of API authentication and authorization
•Known for building and growing first class engineering team
•Understanding of incident, change, and problem management, as well as software release management processes
•Familiarity with Cloud-based Identity and Access Management (IAM) solutions

Work Hours: Varies upon the needs of the department.

Travel Requirements: This position requires travel 5-10% of the time.

Mental/Physical Requirements: This position will be performed in an office setting.  The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.

Visa is an EEO Employer.  Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.  Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

Visa will consider for employment qualified applicants with criminal histories in a manner consistent with applicable local law, including the requirements of Article 49 of the San Francisco Police Code.

U.S. APPLICANTS ONLY: The estimated salary range for a new hire into this position is 139,800.00 to 202,750.00 USD per year, which may include potential sales incentive payments (if applicable). Salary may vary depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for bonus and equity. Visa has a comprehensive benefits package for which this position may be eligible that includes Medical, Dental, Vision, 401 (k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness Program.