Home > Northern Virginia jobs > Northern Virginia trades & labor jobs

Posted: Monday, February 5, 2018 11:36 AM

Join a growing, fast-paced and high-performance Attack Surface Management team. Information security is an integral part of Visa s corporate culture. It is essential to maintaining our position as an industry leader in electronic payments, and it is the responsibility of each and every employee to safeguard information, protect it from unauthorized access, and ensure regulatory compliance. Information security has a significant effect on privacy, consumer confidence, external reputation, and/or the bottom line, and it is a priority on everyone s agenda.
The successful candidate will work in the Attack Surface Management team. Organizations often see security as collections of identified vulnerabilities in silos. This isolated perspective misses the proverbial big picture--the \"attack surface\". This role requires the ability to be forward thinking and assist with developing unique solutions that are at the forefront of technology; the Attack Surface Management Team at Visa is a leader in the space not a follower. The primary focus of this role is to assist with the identification and notification of vendor patches. This will be accomplished by tracking internal and external vulnerabilities, and then applying the appropriate risk-ratings to prioritize remediation to ensure Visa is appropriately protected. This role will be expected to work with various teams and their managers, supervisors and/or professional staff and may lead project teams to achieve milestones or objectives, coordinate with IT Ops & Eng. and engage business personnel to ensure remediation solutions are identified, tested and made available to all groups responsible for vulnerability remediation to ensure PCI-DSS attestation. A successful candidate should be expected to be a proactive worker and generate security solutions that enhance the business they support. You must be able to take your experience and knowledge of security to the next level and work with a world class team to deliver on the Attack Surface Management goal of developing the complete perspective for operational and management visibility of Visa s overall Attack Surface. Are you up for the challenge?
* Implement under the direction of the Director of Attack Surface Recon team utilizing the enterprise-wide strategy for the Attack Surface Management Program with established key initiatives/projects focused on the reduction of technology risk within Visa.
* Operate as a Subject Matter Expert for Vendor Patch Management
* Assist in the development of solutions and solving complex/unique problems w/ regard to Visa s Attack Surface
* Assist in the execution of departmental plans, including business, production and/or organizational priorities and contribute to the Attack Surface Management functional strategy.
* Work with IT and business teams to develop solutions that address root causes.
* Utilize existing vulnerability management, security configuration management, and web application scanning tools and processes to extend coverage, increase effectiveness and expand capabilities.
* Work with diverse IT and business teams to assist in developing solutions to remediate identified vulnerabilities and misconfigurations in a risk prioritized, effective and efficient fashion.
* Provide support to Audit, Legal, Human Resources, Corporate Security and Executives.
* Possess the ability to effectively identify, evaluate and communicate new and ongoing security threat.
* Bachelors Degree in Information Assurance and Security (or related field) or equivalent work experience
* 2-4 years of experience in Information Security with experience in vulnerability management, security configurations management, or other security scanning.
* Possess strong technical security skills and comprehension of security and risk
* Ability to work on complex projects and with diverse teams
* Familiar with Vulnerability Management tools such as Qualys QualysGuard, nCircle IP360, McAfee Foundstone, Tenable Nessus, etc.
* Familiar with Policy Compliance tools such as Qualys QualysGuard, Symantec CCS, Microsoft SCM, etc.
* Familiar with Security Single Pane of Glass implementations or frameworks such as RSA Archer, Modulo, Risk I/O, etc.
* Knowledge of PCI-DSS compliance standards and guidelines
* Knowledge and experience with diverse IT architectures and enterprise IT data centers, large-scale transaction processing environments, external hosted services and cloud computing environments. Extensive knowledge and experience with physical and virtual server configurations and implementations.
* Experience working with security management tools (i.e. vulnerability scanners, file integrity monitoring, configuration monitoring, etc.) and perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.).
* Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.).
* Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE and Open Web Application Security Project (OWASP) processes and remediation recommendations.
* Strong technical understanding and experience assessing threats to and identifying weaknesses in multiple operating system platforms, database and application servers, and custom and off the shelf applications, etc.
* Must be both a self-starter and team player with the ability to work independently with limited supervision.
* Excellent writing and verbal communication skills, interpersonal and presentation skills and the proven ability to influence and communicate effectively.
* Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines.
* Security-related certifications a plus CRISC, CISSP, CISM, etc.
All your information will be kept confidential according to EEO guidelines.
Associated topics: identity, identity access management, iam, information security, malicious, phish, security, security engineer, security officer, vulnerability


• Location: Northern Virginia

• Post ID: 45466297 nova is an interactive computer service that enables access by multiple users and should not be treated as the publisher or speaker of any information provided by another information content provider. © 2018