Cybersecurity Engineer

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

Visa Technology & Operations LLC, a Visa Inc. company, needs a Cybersecurity Engineer (multiple openings) in Austin, Texas to:

1. Define, embed, and enforce consistent Secure Software Development Lifecycle (SSDLC) practices and secure-by-design principles for all Visa technology projects.
2. Ensure the end-to-end security of Visa products by conducting hands-on security assessments, integrating threat modeling into the SDLC, and helping development teams remediate risks.
3. Build, maintain, and improve security tools (e.g., SAST, DAST, SCA), integrating them within the CI/CD pipeline to create automated, developer-friendly security workflows.
4. Own the end-to-end lifecycle for internally developed security tools and products, and automations, including their development, security, deployment, maintenance, and operational support.
5. Perform Security Architecture and Low-Level Application Design reviews, with a strong emphasis on Data Protection, Authentication, Authorization, Web Application and API Security.
6. Contribute to the development of security standards for emerging technologies, including evaluating AI-generated code, defining guardrails for LLM tools, etc.
7. Develop and optimize processes to improve the software development efficiency and accelerate the adoption of secure development practices.
8. Improve secure coding practices, application security requirements, automation, training, and metrics.
9. Collaborate proactively and cross-functionally with product, engineering, and solution teams to manage software security risk in alignment with business goals and Visa's cybersecurity program objectives.
10. Clearly communicate risks and recommendations to both technical and non-technical audiences.
11. Develop, track, and report on key metrics to measure the effectiveness of the application security program and drive continuous improvement.
12. Continuously research the threat landscape, emerging vulnerabilities, and industry best practices for secure software development and incident response to proactively improve Visa's application security posture.
13. This position reports to the Austin, Texas office and may allow for partial telecommuting.

Basic Qualifications:

• Master’s degree in Cybersecurity, Computer Science, or related field and 2 years of experience in the job offered or in a Cybersecurity Engineer-related, or similar occupation.
• Position requires experience in the following:
  1. Deep knowledge of OWASP Top 10, OWASP API Top 10, and CWE Top 25, and their associated attack vectors.
  2. Experience in architecting and implementing Secure SDLC (SSDLC) by embedding automated tools and secure practices into Agile development processes.
  3. Hands-on experience in performing security architecture and in-depth secure code reviews, and fixing vulnerabilities in the code.
  4. Proficiency in at least two programming languages - Java, C#/.NET, Microsoft PowerShell, or Python.
  5. Experience in building scalable automations and tools to streamline workflows and improve developer experience.
  6. Expertise in operating and managing SAST (e.g., Veracode, Checkmarx), SCA (e.g., Veracode SCA, Sonatype) and DAST (e.g., Acunetix, Burp Suite) tools to analyze the security posture of the code and applications.
  7. Hands-on experience in managing the full deployment lifecycle, from configuring CI/CD pipelines (tools like TeamCity or Jenkins) to managing production operations on Microsoft Windows Server (IIS) or Linux (Apache, Nginx) servers.
  8. Experience in managing the end-to-end vulnerability lifecycle, from technical triage and prioritization to timely remediation of the vulnerabilities.
  9. Experience in training developers on secure coding, including demonstrating the real-world impact of vulnerabilities.
  10. Experience in translating technical security data into clear metrics and insights to improve decision making and demonstrate program effectiveness.

Worksite: Austin, Texas

This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.

Travel Requirements: This position does not require travel.

Mental/Physical Requirements: This position will be performed in an office setting.  The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.

Visa is an EEO Employer.  Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.  Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

U.S. APPLICANTS ONLY: The estimated salary range for this position is $123,700.00 to $191,300.00 USD per year, which may include potential sales incentive payments (if applicable). Salary may vary depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for bonus and equity. Visa has a comprehensive benefits package for which this position may be eligible that includes Medical, Dental, Vision, 401 (k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness Program.