Senior Application Security Engineer

Visa is a world leader in payments technology, facilitating transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories, dedicated to uplifting everyone, everywhere by being the best way to pay and be paid.

At Visa, you'll have the opportunity to create impact at scale - tackling meaningful challenges, growing your skills and seeing your contributions impact lives around the world. Join Visa and do work that matters - to you, to your community, and to the world.

Progress starts with you.

The Senior Application Security Engineer will play a key role within the Application Security team, providing hands‑on technical expertise, guidance, and enablement to development teams across Featurespace. This position is responsible for enhancing application security by assessing vulnerabilities, promoting secure development methods, offering guidance on remediation, and making sure Visa's security standards and requirements are met.

This position requires strong technical capability, excellent communication skills, and the ability to work collaboratively across engineering, product, and security stakeholders.

• Review and triage findings from application security tooling, including SAST, DAST, SCA, and container scanning solutions.
• Provide technical guidance to development teams to support remediation of vulnerabilities and improve security posture.
• Conduct or support penetration testing and targeted security assessments where appropriate.
• Review and escalate critical application security risks to the appropriate technical and business stakeholders.

• Support engineering teams in understanding and meeting Visa security standards and requirements.
• Provide coaching, best practice, and security knowledge sharing to promote secure development across the organization.
• Deliver training sessions for technical and non‑technical groups on application security topics and processes.

• Contribute to continuous improvement of application security processes, tooling, and standards.
• Support exception management, including reviewing risk acceptance submissions and documenting decisions.
• Assist with compliance and evidencing requirements related to application security activities.

• Partner closely with development, DevOps, infrastructure, and product stakeholders to drive secure design and remediation outcomes.
• Share expertise and mentor other members of the Application Security team.
• Participate in relevant cross‑functional forums (e.g., BCWG) where application security topics arise.

This is a hybrid position. Expectation of days in office will be confirmed by your hiring manager.

Bachelor's degree in Computer Science, Information Security, or related field-or equivalent hands‑on experience.

Demonstrable experience in application security engineering, secure development, vulnerability management, or related security domain.

Familiarity with common AppSec tooling: SAST, DAST, SCA, container scanning, and cloud security tools.

Experience supporting compliance or regulatory requirements (e.g., PCI DSS).

Relevant certifications (e.g., OSCP, OSWE, GWAPT, CISSP) are desirable.

Strong technical proficiency across application security and vulnerability research.

Excellent understanding of secure coding principles, common vulnerability classes, and modern application architectures.

Strong analytical mindset and critical assessment skills to evaluate findings and advise on secure solutions.

Excellent interpersonal and communication skills, capable of influencing and guiding engineering teams.

Ability to evolve with the role as technologies, threats, and team needs change.

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.