Senior Cybersecurity Engineer

Company Description

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose - to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

Job Description

At Visa, your work has global impact. You'll be part of a collaborative team shaping the future of secure digital commerce. We offer:

• A culture of innovation and inclusion
• Access to cutting-edge technology
• Opportunities for career growth
• A chance to help billions move money securely

Position Summary

We are seeking a Cybersecurity Software Engineer to join our Center of Excellence within the Cybersecurity & Risk team. This role will lead strategic initiatives in application security, vulnerability remediation, and compliance exception handling. You'll collaborate across engineering, infrastructure, and product teams to drive secure development practices and ensure alignment with Visa's global security standards.

Key Responsibilities

Security Compliance & Shift-Left Execution

• Ensure timely closure of security findings within Required Remediation Dates (RRD)
• Manage exception workflows aligned with internal governance and external standards (e.g., PCI DSS V4)
• Identify compliance gaps and drive shift-left strategies to reduce recurring issues
• Partner with Cybersecurity SMEs and development teams to validate remediation plans and escalate overdue items
• Support automation and tooling enhancements for compliance tracking and reporting

IAM Control Enforcement

• Coordinate enforcement of IAM controls (e.g., unapproved access, rogue violations, password rotation, SSH key hygiene)
• Track unresolved findings and collaborate with platform teams to resolve blockers
• Ensure consistent application of IAM standards across CMS and other Technology Leadership Teams (TLTs)

Security Exception Management

• Oversee the lifecycle of exception requests across platforms and services
• Validate remediation plans and monitor expiration timelines

Vulnerability Remediation

• Lead resolution of high-priority findings (e.g., insecure configurations, deprecated protocols, exposed secrets)
• Coordinate with tooling teams to purge sensitive data and close findings

Security Testing Automation

• Drive automation of Dynamic Application Security Testing (DAST) using tools like Burp Suite Enterprise
• Integrate security scanning into CI/CD pipelines for scalable deployments

Developer Enablement

• Organize workshops and forums on container security, IAM, secure architecture, and security best practices
• Promote adoption of developer-friendly security tools for code hygiene and reachability analysis

Cross-Functional Leadership

• Act as a central point of contact for technical debt resolution and exception tracking
• Ensure continuity through backup coverage and support during team transitions

Exception & UAR Management

• Monitor exception volumes and identify opportunities to shift-left.
• Manage User Access Revalidation (UAR) completion within TLT.

TLT Forum Engagement

• Represent CMS in TLT Cybersecurity SME forums and IAM / TLT Bi-weekly meetings.

Dashboard & Tooling Oversight

• Validate data in Cyber Security dashboards and ensure CMS metrics are accurately reflected.
• Advocate for necessary improvements to reduce false positives and improve remediation accuracy.

This is a hybrid position. Expectation of days in office will be confirmed by your Hiring Manager.

Visa is not offering relocation assistance for this role.

Qualifications

Basic Qualifications:
5+ years of relevant work experience with a Bachelor's Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters, MBA, JD, MD) or 0 years of work experience with a PhD, OR 8+ years of relevant work experience.
5+ years in application software security, and vulnerability management, or technical program management
Strong understanding of SSDLC, containerization, and cloud-native security practices
Proven ability to lead cross-functional teams and manage complex remediation timelines
Proficiency in Java/J2EE, Spring, JavaScript, Angular, NodeJS, MySQL, REST APIs
Excellent communication and stakeholder engagement skills
Self-starter with a drive to raise the technical bar and deliver results
Provides direction for selecting appropriate engineering techniques to solve non-functional requirements at the project level.
Ability to multitask and handle multiple competing priorities. Should possess excellent planning and organizational skills.

Preferred Qualifications:
Experience organizing technical workshops or training sessions
Familiarity with compliance frameworks and audit readiness
Background in exception handling workflows and enterprise security platforms
Hands-on experience with GitHub, CI/CD pipelines, and security tools (e.g., Sonatype Nexus-IQ, Burp Suite)

Additional Information

Work Hours: Varies upon the needs of the department.

Travel Requirements: This position requires travel 5-10% of the time.

Mental/Physical Requirements: This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

Visa will consider for employment qualified applicants with criminal histories in a manner consistent with applicable local law, including the requirements of Article 49 of the San Francisco Police Code.

U.S. APPLICANTS ONLY: The estimated salary range for a new hire into this position is 145,300.00 to 210,850.00 USD per year, which may include potential sales incentive payments (if applicable). Salary may vary depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for bonus and equity. Visa has a comprehensive benefits package for which this position may be eligible that includes Medical, Dental, Vision, 401 (k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness Program.

Visa is not offering relocation assistance for this role.