Cybersecurity Engineer - Firewall Lockdown

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

The Firewall Lockdown team's core function is to ensure firewall rule compliance with current VISA policies, specifically Key Controls and Technical Security Requirements. We validate firewall rules to address high-risk network communications for Visa applications and processes, ensuring the firewall rules in our network environment remains non-risky / compliant with evolving network and zoning requirements.

A primary focus is the remediate & cleaning up and hardening of the existing firewall rules through the removal of expired rules. The team proactively identifies rules violating Visa Technical Security Requirements and inconsistent with Visa's least privilege access model. We conduct thorough traffic reviews for each violating rule and engage affected ATCs via multiple email communications. ATCs are then expected to either extend the rule's expiration, reject it, or disable it.

The firewall lockdown project has successfully transitioned into a BAU process, continuously addressing non-compliant rules. By comparing firewall rules against TSR, we actively manage legacy communications that may no longer meet current policy standards, ultimately fortifying Visa's network security posture.

Essential Functions:

• Drive core responsibilities including, but not limited to, in-depth rule auditing, zero-hit rule cleanup, management of expiring rules, identification and mitigation of high-risk rules, resolution of non-compliant rules, and the precise remediation and modification of firewall rules, strictly adhering to established change management protocols.

• Execute systematic and ad-hoc reviews of firewall rulesets, with a primary focus on Checkpoint and Palo Alto platforms, to ensure stringent adherence to established security policies, industry best practices, and regulatory compliance mandates.

• Lead comprehensive firewall rule audits, proactively identifying and addressing redundant, obsolete, or overly permissive rules, and formulating actionable remediation strategies.

• Develop and meticulously maintain comprehensive documentation for all firewall rules, encompassing their stated purpose, designated owner, and defined expiration dates. This includes fostering effective communication and collaboration with application owners to ensure alignment and accuracy.

• Collaborate strategically with internal security and assurance teams to thoroughly comprehend compliance requirements, translating these into secure, optimized, and efficient firewall rule configurations.

• Monitor and analyze firewall logs and security alerts to detect suspicious activities, policy violations, and potential security incidents, leveraging a strong understanding of security monitoring principles.

• Provide expert guidance and support on firewall security best practices, robust vulnerability management strategies, and effective threat mitigation techniques.

• Possession of demonstrable experience in troubleshooting network connectivity issues directly related to firewall rules, including those involving load balancers and other critical network infrastructure components, is a distinct advantage.

This is a hybrid position. Expectation of days in office will be confirmed by your Hiring Manager.

Basic Qualifications:
• 2+ years of relevant work experience and a Bachelors degree, OR 5+ years of relevant work experience. Masters graduates must have 2+ years of relevant work experience to qualify

Preferred Qualifications:
• 3 or more years of work experience with a Bachelor’s Degree or more than 2 years of work experience with an Advanced Degree (e.g. Masters, MBA, JD, MD)
• Advanced proficiency with two of Checkpoint Firewall-1, Palo Alto firewall technologies
• Ability to manage Provider-1 and/or Panorama management and logging systems
• Strong understanding of networks, security technologies, and systems technologies
• Proven ability to troubleshoot problems systematically in complex systems and network environments
• Customer focused mindset, excellent communication, interpersonal, and collaboration skills
• Experience with on and off premise DDOS solutions
• Experience with monitoring, tuning, and alerting
• Experience with server platforms, virtualization, containers, and cloud technologies
• Operational knowledge of systems, databases and network security engineering best practices
• ITIL certification preferred. Familiar with ITIL concepts such as Incident, Change, and Problem Management
• Experience with policy orchestration, compliance and automation tools (e.g. Tufin, Skybox)
• Preferred certifications include: Check Point Administrator (CCSA), Check Point Engineer (CCSE), Cisco Certified Network Associate (CCNA), Palo Alto Networks Certified Network Security Engineer (PCNSE)

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.