Senior Cybersecurity Engineer (API Security & Platform)

We are looking for a Senior Cybersecurity Engineer to join our Identity Engineering team. This role operates at the intersection of security, platform engineering, and cloud-native architecture, helping design, build, and operate secure identity and authorization foundations that support critical financial workloads at scale. The engineer will work closely with application engineering, platform, SRE, and external partners to ensure identity services are secure, resilient, and easy to consume. This is a hands-on role for someone who enjoys building, automating, and continuously improving security capabilities in modern cloud environments. Key responsibilities include: Designing, implementing, and operating identity and authorization platforms used across internal and external services Defining and evolving authentication and authorization patterns based on OAuth 2.0, OpenID Connect, and token-based security Supporting and improving API security using API Gateway technologies, preferably Kong, including authentication flows, rate limiting, and policy enforcement Collaborating with engineering teams to securely integrate identity solutions into APIs and services Building and maintaining infrastructure using Infrastructure as Code (Terraform) Operating and securing Kubernetes-based workloads and identity-related services Contributing to cloud architecture decisions with a strong focus on security, resilience, and scalability Partnering with DevOps and SRE teams to improve observability, incident response, and operational excellence Participating in security reviews, threat modeling, and architecture design discussions Defining best practices, documentation, and reference architectures for identity and access management Continuously learning and staying current with modern identity, cloud security, and platform engineering practices This is a remote position. A remote position does not require job duties be performed within proximity of a Visa office location. Remote positions may be required to be present at a Visa office with scheduled notice. #LI-Remote Basic Qualifications: 6 or more years of work experience with a Bachelor's Degree or 4 or more years of relevant experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or up to 3 years of relevant experience with a PhD Strong experience securing API Gateway platforms , with deep familiarity in architectures based on Kong Gateway (Enterprise or OSS) , including ingress and egress traffic patterns in cloud‑native environments. Proven expertise in Identity and service‑to‑service security , including the design, enforcement, and validation of mTLS‑based communication , certificate lifecycle management, and trust boundaries across distributed systems. Hands‑on experience working with Public Key Infrastructure (PKI) concepts and implementations, including certificate issuance, rotation, revocation, and integration with gateways and workloads. Deep understanding of API security controls implemented at the gateway layer, such as OAuth2, OpenID Connect, JWT validation, client credentials, rate limiting, traffic filtering, and abuse prevention. Strong experience securing Kubernetes‑based platforms , including API Gateway deployments running inside clusters, with knowledge of namespaces, workload isolation, network policies, and integration with service mesh when applicable. Solid experience reviewing and influencing Infrastructure as Code (IaC) used to provision API Gateways, identity components, and supporting infrastructure, particularly using Terraform and GitOps‑style workflows. Proven ability to perform security assessments, threat modeling, and architectural reviews for gateway and identity platforms, identifying systemic risks, misconfigurations, and scalability concerns. Strong understanding of observability and security monitoring for gateways and identity services, including logs, metrics, and traces u ... (truncated, view full listing at source)