Senior Cyber Security Engineer ( Web Application Security )

Visa, Ashburn VA, US

Everywhere you want to be

Duration: Full-Time

Candidate will develop, support, tune and deploy security solutions across Visa."¯"¯Primary day-today job duties involve - 

  • Web  Application Security: Engineering, deployment, and operations of security solutions, including Database Activity Monitoring and Web Application Firewalls, as well as integration of those platforms with other solutions as required. 

  • Security Software Development: Scripting and Development in Python,"¯"¯Shell scripting and development in other languages 


Web Application Security WAF Engineer: 

  • Engineers, configures, deploys, and maintains Web Application Firewall solutions 

  • Develops advanced scripts for manipulation of multiple data repositories to support analyst requirements 

  • Develops advanced alerts/reports to meet the requirements of key stakeholders 

  • Develops scalable security management tools and processes 

  • Develops automation for security tools management and workflow integration 

  • Collaborates with key stakeholders within Cybersecurity and Engineering teams to develop specific use cases to address specific business needs 

  • Creates WAF rules to mitigate threats and implements best practices 

  • Develop new SIEM content   for Cybersecurity teams,  including correlations, enrichments, dashboards, reports, and alerts that appropriately characterize web application attacks and mitigation mechanisms 


Basic Qualifications:

5 years of relevant work experience with a Bachelor's Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters, MBA, JD, MD) or 0 years of work experience with a PhD

Experience with one or more of:  Akamai, AWS Cloudfront, Cloudflare CDN and other CDN solutions 

Experience with one or more of the following: imperva Web Application Firewall, F5 WAF, and CDN Firewall 

Preferred Qualifications:

Web Application Firewall Experience (Must have): 

Experience with one or more of the following: 

SecDevOps Experience: 

  • Expert Python Scripting, Perl, Shell scripting. Development experience in C++, Java, Java Script. 
  • Excellent experience with Regular Expressions 
  • SecDevOps experience in maintaining and enhancing infrastructure as code with CloudFormation, Terraform, Puppet, Jenkins or CodeDeploy 
  • Experience with using knowledge management and code repositories, including Github, Gitlab, Jira, and Confluence 
  • Experience with Lambda, API Gateway  

"¯Application Security: 

  • Knowledge of SSDLC processes 
  • Required knowledge of open source and commercial application security tools and frameworks, including but not limited to Kali Web application testing tools 
  • Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks."¯ 
  • Excellent understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms 
  • Experience with Web Application Firewall management and rules 
  • Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework etc.) 
  • Excellent understanding of common network and web protocols 
  • Excellent understanding of DDoS techniques and mitigation mechanisms 

Cyber Defense and Incident Response: 

  • Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies 
  • Prior experience in Security Operations and Incident Response 
  • Excellent understanding of Cyber Security Operations, Incident Response processes 

Infrastructure management and support: 

  • System administration experience in a Windows and Unix environment 
  • Experience working in a large enterprise environment 
  • Experience integrating solutions in a multi-vendor environment 
  • Familiarity with Atlassian JIRA 


Visa has adopted a COVID-19 vaccination policy to safeguard the health and well-being of our employees and visitors. As a condition of employment, all employees based in the U.S. are required to be fully vaccinated for COVID-19, unless a reasonable accommodation is approved or as otherwise required by law.

Work Hours: Varies upon the needs of the department

Travel Requirements: This position requires travel 5-10% of the time.

Mental/Physical Requirements: This position will be performed in an office setting.  The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.

Visa is an EEO Employer.  Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.  Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

Visa will consider for employment qualified applicants with criminal histories in a manner consistent with applicable local law, including the requirements of Article 49 of the San Francisco Police Code.

About Visa

Visa Inc. (NYSE: V) is the world’s leader in digital payments. Our mission is to connect the world through the most innovative, reliable and secure payment network - enabling individuals, businesses and economies to thrive. Our advanced global processing network, VisaNet, provides secure and reliable payments around the world, and is capable of handling more than 65,000 transaction messages a second. The company’s relentless focus on innovation is a catalyst for the rapid growth of connected commerce on any device, and a driving force behind the dream of a cashless future for everyone, everywhere. As the world moves from analog to digital, Visa is applying our brand, products, people, network and scale to reshape the future of commerce.

Want to learn more about Visa? Visit Visa's website.