Job Description
Company Description
Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.
Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.
Job Description
Information security is foundational to Visa’s culture and critical to our leadership in electronic payments. This role sits within Cybersecurity’s Global Business‑to‑Business Identity & Access Management (B2B IAM) team, which secures access to Visa’s business portals and associated services worldwide. You will design, implement, and operate IAM solutions—primarily on ForgeRock—aligned to an evolving threat landscape, regulatory obligations, and enterprise architecture. You will partner closely with Operations, Database, and Middleware Engineering to meet or exceed SLA and availability targets while supporting compliance with GDPR, PCI DSS, and ISO/IEC 27001.
Essential Functions
· Support SSO integrations on ForgeRock Access Management (AM): apply standard configs, run integration tests, and triage issues under guidance.
· Assist in setting up and maintaining federation using SAML 2.0, OpenID Connect, and OAuth 2.0 (manage metadata, certificates/keys, and basic troubleshooting with logs).
· Contribute to authorization policy updates and help build adaptive authentication trees/journeys in ForgeRock AM using approved patterns and templates.
· Participate in AM environment operations: follow runbooks to apply configuration changes, perform basic hardening/tuning in non‑production, execute supervised changes in production.
· Help validate and tune session management configurations across regions in test, raise risks and anomalies promptly.
· Assist with ForgeRock Directory Services (DS): routine health checks, replication status verification, user/directory sync jobs, and backups following SOPs.
· Maintain LDAP settings (password policies, ACIs) and write simple automation scripts (Shell/Python) for repetitive tasks.
· Execute performance and load test plans created by senior engineers, collect results and highlight bottlenecks.
· Deploy and manage ForgeRock web/app server agents via standard procedures across IIS, Apache HTTP Server, NGINX, Apache Tomcat, Node.js, and JBoss Web Server (JWS)—initially in test, then production with oversight.
· Implement and support Multi‑Factor Authentication (MFA) rollouts, monitor success/error rates and assist with troubleshooting.
· Provide L2 operational support on rotation, document KB articles and known‑error records, and escalate appropriately.
· Produce clear documentation (change records, runbooks, build/ops notes) and keep them current.
· Collaborate effectively with globally distributed teams and participate in change/release cadences, make timely, well‑informed recommendations and escalate urgent issues.
This is a hybrid position. Expectation of days in office will be confirmed by your Hiring Manager.
Qualifications
Basic Qualifications
• 5+ years of relevant work experience with a Bachelor’s Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters, MBA, JD, MD) or 0 years of work experience with a PhD, OR 8+ years of relevant work experience.
• Familiarity with Web/application servers: Apache HTTP Server, Microsoft IIS, Apache Tomcat, exposure to NGINX or JWS is a plus.
• LDAP concepts and basic directory administration tasks.
• Linux fundamentals and basic Windows Server administration.
• Monitoring/logging tools (e.g., Splunk or Elastic/Kibana, Grafana/Prometheus) for dashboards and alerts.
• Understanding of SSO/federation standards (SAML 2.0, OpenID Connect, OAuth 2.0) and MFA concepts.
• Working knowledge of software development practices: Git, pull requests, basic scripting (Shell/Python), and issue/change tracking in Jira (or similar).
• Strong collaboration and communication skills with globally distributed teams, organized, detail oriented, and eager to learn.
• Awareness of release/change management and safe deployment patterns (e.g., peer reviews, maintenance windows, rollback plans).
Preferred Qualifications
• 5+ years of relevant work experience with a Bachelor’s Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters, MBA, JD, MD) or 0 years of work experience with a PhD, OR 8+ years of relevant work experience.
• Hands on academic/internship experience integrating SSO or configuring IAM platforms (ForgeRock AM/DS preferred).
• Exposure to API auth concepts (OAuth 2.0 flows, JWT) and mTLS basics.
• Familiarity with web/security architecture fundamentals (TLS, reverse proxies, load balancers, WAF concepts).
• Basic CI/CD and infrastructure as code exposure (e.g., Jenkins/GitHub Actions/GitLab CI, Terraform) and automated config promotion between environments.
• Experience writing small automations (Shell/Python/Groovy) to reduce toil, interest in using analytics/ML to automate repetitive IAM tasks.
• Awareness of incident/change/problem management processes and how they apply to IAM operations.
• Understanding of why GDPR, PCI DSS, and ISO/IEC 27001 matter for access controls, logging, and data handling.
Additional Information
Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.
