Information security is foundational to Visa’s culture and critical to our leadership in electronic payments. This role sits within Cybersecurity’s Global Business‑to‑Business Identity & Access Management (B2B IAM) team, which secures access to Visa’s business portals and associated services worldwide. You will design, implement, and operate IAM solutions—primarily on ForgeRock—aligned to an evolving threat landscape, regulatory obligations, and enterprise architecture. You will partner closely with Operations, Database, and Middleware Engineering to meet or exceed SLA and availability targets while supporting compliance with GDPR, PCI DSS, and ISO/IEC 27001.
· Support SSO integrations on ForgeRock Access Management (AM): apply standard configs, run integration tests, and triage issues under guidance.
· Assist in setting up and maintaining federation using SAML 2.0, OpenID Connect, and OAuth 2.0 (manage metadata, certificates/keys, and basic troubleshooting with logs).
· Contribute to authorization policy updates and help build adaptive authentication trees/journeys in ForgeRock AM using approved patterns and templates.
· Participate in AM environment operations: follow runbooks to apply configuration changes, perform basic hardening/tuning in non‑production, execute supervised changes in production.
· Help validate and tune session management configurations across regions in test, raise risks and anomalies promptly.
· Assist with ForgeRock Directory Services (DS): routine health checks, replication status verification, user/directory sync jobs, and backups following SOPs.
· Maintain LDAP settings (password policies, ACIs) and write simple automation scripts (Shell/Python) for repetitive tasks.
· Execute performance and load test plans created by senior engineers, collect results and highlight bottlenecks.
· Deploy and manage ForgeRock web/app server agents via standard procedures across IIS, Apache HTTP Server, NGINX, Apache Tomcat, Node.js, and JBoss Web Server (JWS)—initially in test, then production with oversight.
· Implement and support Multi‑Factor Authentication (MFA) rollouts, monitor success/error rates and assist with troubleshooting.
· Provide L2 operational support on rotation, document KB articles and known‑error records, escalate appropriately.
· Produce clear documentation (change records, runbooks, build/ops notes) and keep them current.
· Collaborate effectively with globally distributed teams and participate in change/release cadences, make timely, well‑informed recommendations and escalate urgent issues.
• 2+ years of relevant work experience and a Bachelors degree, OR 5+ years of relevant work experience
• Familiarity with:
• Web/application servers: Apache HTTP Server, Microsoft IIS, Apache Tomcat, exposure to NGINX or JWS is a plus.
• LDAP concepts and basic directory administration tasks.
• Linux fundamentals and basic Windows Server administration.
• Monitoring/logging tools (e.g., Splunk or Elastic/Kibana, Grafana/Prometheus) for dashboards and alerts.
• Understanding of SSO/federation standards (SAML 2.0, OpenID Connect, OAuth 2.0) and MFA concepts.
• Working knowledge of software development practices: Git, pull requests, basic scripting (Shell/Python), and issue/change tracking in Jira (or similar).
• Strong collaboration and communication skills with globally distributed teams, organized, detail oriented, and eager to learn.
• Awareness of release/change management and safe deployment patterns (e.g., peer reviews, maintenance windows, rollback plans).
• 3 or more years of work experience with a Bachelor’s degree or more than 2 years of work experience with an Advanced Degree (e.g. Masters, MBA, JD, MD)
• Hands on academic/internship experience integrating SSO or configuring IAM platforms (ForgeRock AM/DS preferred).
• Exposure to API auth concepts (OAuth 2.0 flows, JWT) and mTLS basics.
• Familiarity with web/security architecture fundamentals (TLS, reverse proxies, load balancers, WAF concepts).
• Basic CI/CD and infrastructure as code exposure (e.g., Jenkins/GitHub Actions/GitLab CI, Terraform) and automated config promotion between environments.
• Experience writing small automations (Shell/Python/Groovy) to reduce toil, interest in using analytics/ML to automate repetitive IAM tasks.
• Awareness of incident/change/problem management processes and how they apply to IAM operations.
• Understanding of why GDPR, PCI DSS, and ISO/IEC 27001 matter for access controls, logging, and data handling.
