Senior Cybersecurity Analyst (ForgeRock)

Information security is foundational to Visas culture and critical to our leadership in electronic payments. This role sits within Cybersecuritys Global BusinesstoBusiness Identity & Access Management (B2B IAM) team which secures access to Visas business portals and associated services worldwide. You will design implement and operate IAM solutionsprimarily on ForgeRockaligned to an evolving threat landscape regulatory obligations and enterprise architecture. You will partner closely with Operations Database and Middleware Engineering to meet or exceed SLA and availability targets while supporting compliance with GDPR PCI DSS and ISO/IEC 27001.

Essential Functions

         Support SSO integrations on ForgeRock Access Management (AM): apply standard configs run integration tests and triage issues under guidance.

         Assist in setting up and maintaining federation using SAML 2.0 OpenID Connect and OAuth 2.0 (manage metadata certificates/keys and basic troubleshooting with logs).

         Contribute to authorization policy updates and help build adaptive authentication trees/journeys in ForgeRock AM using approved patterns and templates.

         Participate in AM environment operations: follow runbooks to apply configuration changes perform basic hardening/tuning in nonproduction execute supervised changes in production.

         Help validate and tune session management configurations across regions in test raise risks and anomalies promptly.

         Assist with ForgeRock Directory Services (DS): routine health checks replication status verification user/directory sync jobs and backups following SOPs.

         Maintain LDAP settings (password policies ACIs) and write simple automation scripts (Shell/Python) for repetitive tasks.

         Execute performance and load test plans created by senior engineers collect results and highlight bottlenecks.

         Deploy and manage ForgeRock web/app server agents via standard procedures across IIS Apache HTTP Server NGINX Apache Tomcat and JBoss Web Server (JWS)initially in test then production with oversight.

         Implement and support MultiFactor Authentication (MFA) rollouts monitor success/error rates and assist with troubleshooting.

         Provide L2 operational support on rotation document KB articles and knownerror records and escalate appropriately.

         Produce clear documentation (change records runbooks build/ops notes) and keep them current.

         Collaborate effectively with globally distributed teams and participate in change/release cadences make timely wellinformed recommendations and escalate urgent issues.

This is a hybrid position. Expectation of days in office will be confirmed by your Hiring Manager.

Qualifications :

Basic Qualifications
5 years of relevant work experience with a Bachelors Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters MBA JD MD) or 0 years of work experience with a PhD OR 8 years of relevant work experience.
Familiarity with Web/application servers: Apache HTTP Server Microsoft IIS Apache Tomcat exposure to NGINX or JWS is a plus.
LDAP concepts and basic directory administration tasks.
Linux fundamentals and basic Windows Server administration.
Monitoring/logging tools (e.g. Splunk or Elastic/Kibana Grafana/Prometheus) for dashboards and alerts.
Understanding of SSO/federation standards (SAML 2.0 OpenID Connect OAuth 2.0) and MFA concepts.
Working knowledge of software development practices: Git pull requests basic scripting (Shell/Python) and issue/change tracking in Jira (or similar).
Strong collaboration and communication skills with globally distributed teams organized detail oriented and eager to learn.
Awareness of release/change management and safe deployment patterns (e.g. peer reviews maintenance windows rollback plans).

Preferred Qualifications
5 years of relevant work experience with a Bachelors Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters MBA JD MD) or 0 years of work experience with a PhD OR 8 years of relevant work experience.
Hands on academic/internship experience integrating SSO or configuring IAM platforms (ForgeRock AM/DS preferred).
Exposure to API auth concepts (OAuth 2.0 flows JWT) and mTLS basics.
Familiarity with web/security architecture fundamentals (TLS reverse proxies load balancers WAF concepts).
Basic CI/CD and infrastructure as code exposure (e.g. Jenkins/GitHub Actions/GitLab CI Terraform) and automated config promotion between environments.
Experience writing small automations (Shell/Python/Groovy) to reduce toil interest in using analytics/ML to automate repetitive IAM tasks.
Awareness of incident/change/problem management processes and how they apply to IAM operations.
Understanding of why GDPR PCI DSS and ISO/IEC 27001 matter for access controls logging and data handling.

Additional Information :

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race color religion sex national origin sexual orientation gender identity disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

Remote Work :

No

Employment Type :

Full-time