Job Description
At Visa, your work has global impact. You’ll be part of a collaborative team shaping the future of secure digital commerce. We offer:
A culture of innovation and inclusion
Access to cutting-edge technology
Opportunities for career growth
A chance to help billions move money securely
Position Summary
We are seeking a Cybersecurity Software Engineer to join our Center of Excellence within the Cybersecurity & Risk team. This role will lead strategic initiatives in application security, vulnerability remediation, and compliance exception handling. You’ll collaborate across engineering, infrastructure, and product teams to drive secure development practices and ensure alignment with Visa’s global security standards.
Key Responsibilities
Security Compliance & Shift-Left Execution
Ensure timely closure of security findings within Required Remediation Dates (RRD)
Manage exception workflows aligned with internal governance and external standards (e.g., PCI DSS V4)
Identify compliance gaps and drive shift-left strategies to reduce recurring issues
Partner with Cybersecurity SMEs and development teams to validate remediation plans and escalate overdue items
Support automation and tooling enhancements for compliance tracking and reporting
IAM Control Enforcement
Coordinate enforcement of IAM controls (e.g., unapproved access, rogue violations, password rotation, SSH key hygiene)
Track unresolved findings and collaborate with platform teams to resolve blockers
Ensure consistent application of IAM standards across CMS and other Technology Leadership Teams (TLTs)
Security Exception Management
Oversee the lifecycle of exception requests across platforms and services
Validate remediation plans and monitor expiration timelines
Vulnerability Remediation
Lead resolution of high-priority findings (e.g., insecure configurations, deprecated protocols, exposed secrets)
Coordinate with tooling teams to purge sensitive data and close findings
Security Testing Automation
Drive automation of Dynamic Application Security Testing (DAST) using tools like Burp Suite Enterprise
Integrate security scanning into CI/CD pipelines for scalable deployments
Developer Enablement
Organize workshops and forums on container security, IAM, secure architecture, and security best practices
Promote adoption of developer-friendly security tools for code hygiene and reachability analysis
Cross-Functional Leadership
Act as a central point of contact for technical debt resolution and exception tracking
Ensure continuity through backup coverage and support during team transitions
Exception & UAR Management
Monitor exception volumes and identify opportunities to shift-left.
Manage User Access Revalidation (UAR) completion within TLT.
TLT Forum Engagement
Dashboard & Tooling Oversight
Validate data in Cyber Security dashboards and ensure CMS metrics are accurately reflected.
Advocate for necessary improvements to reduce false positives and improve remediation accuracy.
This is a hybrid position. Expectation of days in office will be confirmed by your Hiring Manager.
Visa is not offering relocation assistance for this role.
Qualifications
Basic Qualifications:
• 5+ years of relevant work experience with a Bachelor’s Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters, MBA, JD, MD) or 0 years of work experience with a PhD, OR 8+ years of relevant work experience.
• 5+ years in application software security, and vulnerability management, or technical program management
• Strong understanding of SSDLC, containerization, and cloud-native security practices
• Proven ability to lead cross-functional teams and manage complex remediation timelines
• Proficiency in Java/J2EE, Spring, JavaScript, Angular, NodeJS, MySQL, REST APIs
• Excellent communication and stakeholder engagement skills
• Self-starter with a drive to raise the technical bar and deliver results
• Provides direction for selecting appropriate engineering techniques to solve non-functional requirements at the project level.
• Ability to multitask and handle multiple competing priorities. Should possess excellent planning and organizational skills.
Preferred Qualifications:
• Experience organizing technical workshops or training sessions
• Familiarity with compliance frameworks and audit readiness
• Background in exception handling workflows and enterprise security platforms
• Hands-on experience with GitHub, CI/CD pipelines, and security tools (e.g., Sonatype Nexus-IQ, Burp Suite)
Additional Information
Work Hours: Varies upon the needs of the department.
Travel Requirements: This position requires travel5-10% of the time.
Mental/Physical Requirements: This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.
Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.
Visa will consider for employment qualified applicants with criminal histories in a manner consistent with applicable local law, including the requirements of Article 49 of the San Francisco Police Code.
U.S. APPLICANTS ONLY: The estimated salary range for a new hire into this position is 145,300.00 to 210,850.00 USD per year, which may include potential sales incentive payments (if applicable). Salary may vary depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for bonus and equity. Visa has a comprehensive benefits package for which this position may be eligible that includes Medical, Dental, Vision, 401 (k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness Program.
Visa is not offering relocation assistance for this role.