Senior Cybersecurity Engineer

At Visa your work has global impact. Youll be part of a collaborative team shaping the future of secure digital commerce. We offer:

• A culture of innovation and inclusion

• Access to cutting-edge technology

• Opportunities for career growth

• A chance to help billions move money securely

Position Summary

We are seeking a Cybersecurity Software Engineer to join our Center of Excellence within the Cybersecurity & Risk team. This role will lead strategic initiatives in application security vulnerability remediation and compliance exception handling. Youll collaborate across engineering infrastructure and product teams to drive secure development practices and ensure alignment with Visas global security standards.

Key Responsibilities

Security Compliance & Shift-Left Execution

• Ensure timely closure of security findings within Required Remediation Dates (RRD)

• Manage exception workflows aligned with internal governance and external standards (e.g. PCI DSS V4)

• Identify compliance gaps and drive shift-left strategies to reduce recurring issues

• Partner with Cybersecurity SMEs and development teams to validate remediation plans and escalate overdue items

• Support automation and tooling enhancements for compliance tracking and reporting

IAM Control Enforcement

• Coordinate enforcement of IAM controls (e.g. unapproved access rogue violations password rotation SSH key hygiene)

• Track unresolved findings and collaborate with platform teams to resolve blockers

• Ensure consistent application of IAM standards across CMS and other Technology Leadership Teams (TLTs)

Security Exception Management

• Oversee the lifecycle of exception requests across platforms and services

• Validate remediation plans and monitor expiration timelines

Vulnerability Remediation

• Lead resolution of high-priority findings (e.g. insecure configurations deprecated protocols exposed secrets)

• Coordinate with tooling teams to purge sensitive data and close findings

Security Testing Automation

• Drive automation of Dynamic Application Security Testing (DAST) using tools like Burp Suite Enterprise

• Integrate security scanning into CI/CD pipelines for scalable deployments

Developer Enablement

• Organize workshops and forums on container security IAM secure architecture and security best practices

• Promote adoption of developer-friendly security tools for code hygiene and reachability analysis

Cross-Functional Leadership

• Act as a central point of contact for technical debt resolution and exception tracking

• Ensure continuity through backup coverage and support during team transitions

Exception & UAR Management

• Monitor exception volumes and identify opportunities to shift-left.

• Manage User Access Revalidation (UAR) completion within TLT.

TLT Forum Engagement

• Represent CMS in TLT Cybersecurity SME forums and IAM / TLT Bi-weekly meetings.

Dashboard & Tooling Oversight

• Validate data in Cyber Security dashboards and ensure CMS metrics are accurately reflected.

• Advocate for necessary improvements to reduce false positives and improve remediation accuracy.

This is a hybrid position. Expectation of days in office will be confirmed by your Hiring Manager.

Visa is not offering relocation assistance for this role.

Qualifications :

Basic Qualifications:
5 years of relevant work experience with a Bachelors Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters MBA JD MD) or 0 years of work experience with a PhD OR 8 years of relevant work experience.
5 years in application software security and vulnerability management or technical program management
Strong understanding of SSDLC containerization and cloud-native security practices
Proven ability to lead cross-functional teams and manage complex remediation timelines
Proficiency in Java/J2EE Spring JavaScript Angular NodeJS MySQL REST APIs
Excellent communication and stakeholder engagement skills
Self-starter with a drive to raise the technical bar and deliver results
Provides direction for selecting appropriate engineering techniques to solve non-functional requirements at the project level.
Ability to multitask and handle multiple competing priorities. Should possess excellent planning and organizational skills.

Preferred Qualifications:
Experience organizing technical workshops or training sessions
Familiarity with compliance frameworks and audit readiness
Background in exception handling workflows and enterprise security platforms
Hands-on experience with GitHub CI/CD pipelines and security tools (e.g. Sonatype Nexus-IQ Burp Suite)

Additional Information :

Work Hours: Varies upon the needs of the department.

Travel Requirements: This position requires travel 5-10% of the time.

Mental/Physical Requirements: This position will be performed in an office setting.  The position will require the incumbent to sit and stand at a desk communicate in person and by telephone frequently operate standard office equipment such as telephones and computers.

Visa is an EEO Employer.  Qualified applicants will receive consideration for employment without regard to race color religion sex national origin sexual orientation gender identity disability or protected veteran status.  Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

Visa will consider for employment qualified applicants with criminal histories in a manner consistent with applicable local law including the requirements of Article 49 of the San Francisco Police Code.

U.S. APPLICANTS ONLY: The estimated salary range for a new hire into this position is 145300.00 to 210850.00 USD per year which may include potential sales incentive payments (if applicable). Salary may vary depending on job-related factors which may include knowledge skills experience and addition this position may be eligible for bonus and equity. Visa has a comprehensive benefits package for which this position may be eligible that includes Medical Dental Vision 401 (k) FSA/HSA Life Insurance Paid Time Off and Wellness Program.

Visa is not offering relocation assistance for this role.

Remote Work :

No

Employment Type :

Full-time