About Us Visa is a world leader in payments technology, facilitating transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories, dedicated to uplifting everyone, everywhere by being the best way to pay and be paid.
At Visa, you'll have the opportunity to create impact at scale — tackling meaningful challenges, growing your skills and seeing your contributions impact lives around the world.
Join Visa and do work that matters – to you, to your community, and to the world. Progress starts with you.
Job Description
We are looking for a Senior Cybersecurity Engineer to join our Identity Engineering team. This role operates at the intersection of security, platform engineering, and cloud-native architecture, helping design, build, and operate secure identity and authorization foundations that support critical financial workloads at scale.
The engineer will work closely with application engineering, platform, SRE, and external partners to ensure identity services are secure, resilient, and easy to consume. This is a hands-on role for someone who enjoys building, automating, and continuously improving security capabilities in modern cloud environments.
Key responsibilities include:
- Designing, implementing, and operating identity and authorization platforms used across internal and external services
- Defining and evolving authentication and authorization patterns based on OAuth 2.0, OpenID Connect, and token-based security
- Supporting and improving API security using API Gateway technologies, preferably Kong, including authentication flows, rate limiting, and policy enforcement
- Collaborating with engineering teams to securely integrate identity solutions into APIs and services
- Building and maintaining infrastructure using Infrastructure as Code (Terraform)
- Operating and securing Kubernetes-based workloads and identity-related services
- Contributing to cloud architecture decisions with a strong focus on security, resilience, and scalability
- Partnering with DevOps and SRE teams to improve observability, incident response, and operational excellence
- Participating in security reviews, threat modeling, and architecture design discussions
- Defining best practices, documentation, and reference architectures for identity and access management
- Continuously learning and staying current with modern identity, cloud security, and platform engineering practices
This is a remote position. A remote position does not require job duties be performed within proximity of a Visa office location. Remote positions may be required to be present at a Visa office with scheduled notice. #LI-Remote
Qualifications
Basic Qualifications:
- 5 or more years of relevant work experience with a Bachelor's Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters, MBA, JD, MD) or 0 years of work experience with a PhD
Preferred Qualifications:
- 6 or more years of work experience with a Bachelor's Degree or 4 or more years of relevant experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or up to 3 years of relevant experience with a PhD
- 6 or more years of work experience with a Bachelor's Degree or 4 or more years of relevant experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or up to 3 years of relevant experience with a PhD
- Strong experience securing API Gateway platforms, with deep familiarity in architectures based on Kong Gateway (Enterprise or OSS), including ingress and egress traffic patterns in cloud‑native environments.
- Proven expertise in Identity and service‑to‑service security, including the design, enforcement, and validation of mTLS‑based communication, certificate lifecycle management, and trust boundaries across distributed systems.
- Hands‑on experience working with Public Key Infrastructure (PKI) concepts and implementations, including certificate issuance, rotation, revocation, and integration with gateways and workloads.
- Deep understanding of API security controls implemented at the gateway layer, such as OAuth2, OpenID Connect, JWT validation, client credentials, rate limiting, traffic filtering, and abuse prevention.
- Strong experience securing Kubernetes‑based platforms, including API Gateway deployments running inside clusters, with knowledge of namespaces, workload isolation, network policies, and integration with service mesh when applicable.
- Solid experience reviewing and influencing Infrastructure as Code (IaC) used to provision API Gateways, identity components, and supporting infrastructure, particularly using Terraform and GitOps‑style workflows.
- Proven ability to perform security assessments, threat modeling, and architectural reviews for gateway and identity platforms, identifying systemic risks, misconfigurations, and scalability concerns.
- Strong understanding of observability and security monitoring for gateways and identity services, including logs, metrics, and traces used to detect anomalies, investigate incidents, and support audits.
- Excellent analytical and problem‑solving skills, with strong attention to detail when operating in high‑traffic, multi‑environment, and multi‑region platforms.
- Ability to clearly communicate security risks, architectural decisions, and remediation strategies to engineering teams, platform owners, and non‑technical stakeholders.
- Demonstrated ability to lead and influence cross‑functional teams, including platform engineering, SRE, and application teams, ensuring consistent security baselines across the API and identity ecosystem.
- Programming experience is desirable but not required; the role prioritizes security architecture, platform design, control enforcement, and risk management over feature‑level development.
Visa is an EEO Employer
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.