• Monitors SIEM alerts
• Manages and configures security monitoring tools
• Prioritizes alerts or issues and performs triage to confirm a real security incident is taking place

• Receives incidents and performs deep analysis
• Correlates with threat intelligence to identify the threat actor, nature of the attack and systems or data affected
• Decides on strategy for containment, remediation and recovery and acts on it

• Day-to-day, conducts vulnerability assessments and penetration tests, and reviews alerts, industry news, threat intelligence and security data.
• Actively hunts for threats that have found their way into the network, as well as unknown vulnerabilities and security gaps. When a major incident occurs, joins the Tier 2 Analyst in responding and containing it.

• System administration skills
• Web programming languages, scripting languages
• Security certifications such as CISSP, CEH

• Identify unknown threats through threat hunting services
• Conduct data breach and security incident investigations
• Recover and examine data from computers and electronic storage devices
• Dismantle and rebuild damaged systems to retrieve lost data

• Identify additional systems/networks compromised by cyber attacks
• Compile evidence for legal cases
• Draft technical reports, write declarations and prepare evidence for trial
• Give expert counsel to attorneys about electronic evidence in a case
• Advise law enforcement on the credibility of acquired data
• Support the investigation and contribution to large and small scale computer security breaches
• Through review and analysis of cyber threats, provide both internal & external parties key information to respond to threat.

• Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets
• Work with law enforcement and business partnerships internationally to investigate cyber crime and threat actors.
• Collaborate with Business Partners in Risk & Fraud on cases, providing technical investigative capabilities.
• Interact and assist other investigative teams within Visa on time sensitive, critical investigations.
• Participate as part of a close team of technical specialists on coordinated responses and subsequent remediation of security incidents.

• Operating systems (Windows/Unix)
• Programming skills
• Network skills, including TCP/IP-based network communications
• Computer hardware and software systems

• Computer hardware and software systems
• Operating system installation, patching and configuration
• Backup and archiving technologies
• Cryptography principles
• eDiscovery tools
• Forensic software applications
• Cloud computing

• Big data analytics skills
• Strong knowledge of malware families and network attack vectors.
• Strong knowledge of Linux, Windows system internals.
• Strong knowledge of web applications and APIs

• Perform formal penetration tests on web-based applications, networks and computer systems
• Conduct physical security assessments of servers, systems and network devices
• Probe for vulnerabilities in web applications, fat/thin client applications and standard applications
• Pinpoint methods that attackers could use to exploit weaknesses and logic flaws

• Employ social engineering to uncover security holes (e.g. poor user security practices or password policies)
• Research, document and discuss security findings with management and IT teams
• Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets
• Provide feedback and verification as an organization fixes security issues

• Design and create new penetration tools and tests
• Review and define requirements for information security solutions
• Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets

• Operating systems (Windows/Unix)
• Programming skills
• Network servers and networking tools
• Computer hardware and software systems
• Web-based applications
• Cryptography principles

• Vulnerability analysis and reverse engineering
• Security frameworks
• Security tools and products
• Metasploit framework
• Forensics tools

• Ability to perform and coordinate system wide assessments
• Reporting issues in management language
• Certifications, such as OSCP, etc.

• Maintain data and monitor security access
• Perform vulnerability testing, risk analyses and security assessments
• Manage network, intrusion detection and prevention systems

• Deliver technical reports and formal papers on test findings
• Maintain and operate cybersecurity technology and and provide expertise in area of focus
• Provide awareness and guidance within Company's community on secure business processes, architecture design, and technical controls
• Monitor and report on the effectiveness of information security controls and compliance with information security policies.
• Develop automation scripts to handle and track incidents
• Analyze security breaches to determine their root cause
• Supervise changes in software, hardware, facilities, telecommunications and user needs

• Create new ways to solve existing production security issues
• Collaborate with colleagues on authentication, authorization and encryption solutions
• Evaluate new technologies and processes that enhance security capabilities
• Test security solutions using industry standard analysis criteria
• Respond to information security issues during each stage of a project’s lifecycle
• Train fellow employees in security awareness and procedures
• Analyze and advise on new security technologies and program conformance
• Configure and install firewalls and intrusion detection systems

• Operating systems (Windows/Unix)
• Programming skills
• Network skills, including TCP/IP-based network communications
• Computer hardware and software systems

• DLP, anti-virus and anti-malware
• TCP/IP, computer networking, routing and switching
• Windows, UNIX and Linux operating systems
• Network protocols and packet analysis tools
• C, C++, C#, Java or PHP programming languages
• Cloud computing

• Understanding of rules and regulations pertaining to IT Security and Data Protection
• ISO 27001/27002 standards plus ITIL and COBIT frameworks knowledge

• Implement, maintain, and oversee an effective technology risk oversight framework. Leverage knowledge of the industry, technologies, and product types to ensure effective management of risk
• Actively identify, assess, respond and escalate risks. Identify gaps and inform solutions identified resulting from inadequate internal processes, systems or human errors
• Participate in presentations and workshop sessions on Cybersecurity risk management activities, process analysis, risk identification, assessment, control, and mitigation

• Conduct internal and external security audits
• Serve as a liaison, collaborating and interfacing with risk partners and other second-line enterprise risk management functions to drive meaningful technology-risk reductions and escalation of risks, as needed.
• Comprehensively assess risks and gather insights from issues and events across technology business areas to provide an aggregated risk assessment. Design, implement, and/or influence internal governance processes (includes reporting, issue management, policy/standard review, risk identification, risk assessments, and risk monitoring).

• Review technology and risk management processes; examine documentation and flow to identify ways to improve and streamline risk mitigation processes. Where required by internal policies or external agencies, develop documentation of reports. This also includes developing, contributing to, and monitoring metrics and reporting (e.g., management reporting, internal reporting, etc.).
• Directly confer with business unit management and staff by scoping business problems, analyzing processes, risk exposure and sharing lessons learned. Identify problem drivers
• Partner with second-line risk management functions to help ensure proper execution of established frameworks, policies, standards, strategies (including risk appetite, RCSA).

• Knowledge of IT Security hardware, software and solutions
• Understanding of rules and regulations pertaining to IT Security and Data Protection
• ISO 27001/27002 standards plus ITIL and COBIT frameworks knowledge
• Experience using computer operating systems such as MS Windows, UNIX/Linux

• Database platforms
• Data analysis software
• Network penetration and testing tools
• Hardware and software firewalls and intrusion detection protocols

• Ability to perform and coordinate company wide audits
• Reporting issues in management language
• Relevant certifications

• Participates in the implementation and design of Cloud environments within his or her organization
• Collaborates with application developers and administrators for Cloud environments to deliver solutions that meet business and security requirementss
• Employs cloud-based APIs when suitable to write network/system level tools for safeguarding Cloud environments
• Stay abreast of emerging security threats, vulnerabilities and controls focused but not restricted to Cloud

• In addition: directs and influences multi-disciplinary teams in implementing and operating security controls in the Cloud
• Provides subject matter expertise on information security architecture and systems engineering to other IT and business teams

• In addition: provides efforts that shape the organization’s security policies and standards for use in cloud environments
• Interprets security and technical requirements into business requirements and communicate security risks to relevant stakeholders ranging from business leaders to engineers

• Familiarity with Cloud provider ecosystems like Amazon AWS, Google Cloud Platform and Microsoft Azure
• Practical knowledge of AWS, Google and Azure foundation services related to compute, network, storage, content delivery, administration and security, deployment and management, automation technologies
• Basic knowledge of micro services programming (AWS Lambda, Docker, etc.)
• Basic knowledge of Cloud security frameworks like CSA (Cloud Security Alliance) and NIST 800-210
• Holds entry-level vendor provided Cloud security certifications

• In addition: DevOps know-how building and deploying infrastructure with cloud deployment, build and test automation technologies like Ansible, Chef, Puppet, Docker, Jenkins, etc.
• Experience architecting, designing, and programming applications and ample experience in high level programming languages such as C++, C#, Java, Python, Visual Basic
• Familiarity using Cloud vendor’s security solutions such as EC2, DynamoDB, API Gateway, RDS, Lambda, CloudFront, CloudFormation, CloudWatch, Route 53, etc.
• Holds one or more Cloud security certifications like Cloud+ or CCSK

• Capability architecting highly available systems that utilize load balancing, horizontal scalability and high availability
• Understanding of complex enterprise environments and current technology in the Cloud
• Holds one or more advanced Cloud security certifications like GCSA or CCSP

• Serves as subject matter expert for guidance, direction, and oversight for company’s information security policies.
• Serves a project manager or project leader for information security projects
• Serves as the subject matter expert for providing technical expertise and support for security software.
• Manages and oversees the processes and outcomes for multiple interrelated security incidents, recoveries, breaches, intrusions, and system abuses. Ensures security incidents are resolved timely and appropriately.
• May lead and conducts multiple, complex and inter-dependent risk analyses of company’s information security architecture, focusing on threats and vulnerabilities affecting company’s hardware and software components, with the objective of proactively mitigating threats throughout our infrastructure.

Qualification required

• Must possess strong knowledge of business, information security and/or computer science
• CISSP &/or CISA 7/or other certifications are welcome

Typical experience in role 0-5 years

• Manage a diverse team of security administrators, analysts and IT professionals
• Act as a key liaison between upper-level management, programmers, risk assessment staff and auditors
• Create and execute strategies to improve the reliability and security of IT projects
• Define, implement and maintain corporate security policies and procedures
• Spearhead vulnerability audits, forensic investigations and mitigation procedures
• Respond immediately to security-related incidents and provide a thorough post-event analysis
• Institute organization-wide training in security awareness, protocols and procedures
• Assess, test and select new security products and technologies
• Prepare cost estimates and identify integration issues
• Administer department budgets and staff schedules

Qualification required

• Must possess strong knowledge of business, information security and/or computer science
• CISSP &/or CISA 7/or other certifications are welcome

Typical experience in role
5+ years

Typical experience in role
5-10 years

Typical experience in role
10+ years