Cybersecurity Engineer

Visa Technology & Operations LLC, a Visa Inc. company, needs a Cybersecurity Engineer (multiple openings) in Austin, Texas to: Define, embed, and enforce consistent Secure Software Development Lifecycle (SSDLC) practices and secure-by-design principles for all Visa technology projects. Ensure the end-to-end security of Visa products by conducting hands-on security assessments, integrating threat modeling into the SDLC, and helping development teams remediate risks. Build, maintain, and improve security tools (e.g., SAST, DAST, SCA), integrating them within the CI/CD pipeline to create automated, developer-friendly security workflows. Own the end-to-end lifecycle for internally developed security tools and products, and automations, including their development, security, deployment, maintenance, and operational support. Perform Security Architecture and Low-Level Application Design reviews, with a strong emphasis on Data Protection, Authentication, Authorization, Web Application and API Security. Contribute to the development of security standards for emerging technologies, including evaluating AI-generated code, defining guardrails for LLM tools, etc. Develop and optimize processes to improve the software development efficiency and accelerate the adoption of secure development practices. Improve secure coding practices, application security requirements, automation, training, and metrics. Collaborate proactively and cross-functionally with product, engineering, and solution teams to manage software security risk in alignment with business goals and Visa's cybersecurity program objectives. Clearly communicate risks and recommendations to both technical and non-technical audiences. Develop, track, and report on key metrics to measure the effectiveness of the application security program and drive continuous improvement. Continuously research the threat landscape, emerging vulnerabilities, and industry best practices for secure software development and incident response to proactively improve Visa's application security posture. This position reports to the Austin, Texas office and may allow for partial telecommuting. Basic Qualifications: Master’s degree in Cybersecurity, Computer Science, or related field and 2 years of experience in the job offered or in a Cybersecurity Engineer-related, or similar occupation. Position requires experience in the following: Deep knowledge of OWASP Top 10, OWASP API Top 10, and CWE Top 25, and their associated attack vectors. Experience in architecting and implementing Secure SDLC (SSDLC) by embedding automated tools and secure practices into Agile development processes. Hands-on experience in performing security architecture and in-depth secure code reviews, and fixing vulnerabilities in the code. Proficiency in at least two programming languages - Java, C#/.NET, Microsoft PowerShell, or Python. Experience in building scalable automations and tools to streamline workflows and improve developer experience. Expertise in operating and managing SAST (e.g., Veracode, Checkmarx), SCA (e.g., Veracode SCA, Sonatype) and DAST (e.g., Acunetix, Burp Suite) tools to analyze the security posture of the code and applications. Hands-on experience in managing the full deployment lifecycle, from configuring CI/CD pipelines (tools like TeamCity or Jenkins) to managing production operations on Microsoft Windows Server (IIS) or Linux (Apache, Nginx) servers. Experience in managing the end-to-end vulnerability lifecycle, from technical triage and prioritization to timely remediation of the vulnerabilities. Experience in training developers on secure coding, including demonstrating the real-world impact of vulnerabilities. Experience in translating technical security data into clear metrics and insights to improve decision making and demonstrate program effectiveness. Worksite: Austin, Texas This is a hybrid position. Hybrid employees can alternate time between both remote and office. Em ... (truncated, view full listing at source)