Senior Application Security Engineer

JobsCloseBy Editorial Insights

Visa seeks a Senior Application Security Engineer to join the Application Security team in Reading, delivering expertise to development teams and ensuring Visa’s standards are met. You will review SAST, DAST, SCA and container scans, guide remediation, and support penetration tests while escalating critical risks and partnering with engineering, DevOps to drive design. The role includes coaching, governance, risk acceptance, and evidencing compliance. This hybrid role requires strong communication and the ability to mentor others while evolving with technology. To apply, tailor your resume to show measurable vulnerability reductions, program improvements, PCI DSS experience and certifications, and demonstrate cross-functional collaboration for onsite days.

Company Description

Visa is a world leader in payments technology, facilitating transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories, dedicated to uplifting everyone, everywhere by being the best way to pay and be paid.

At Visa, you'll have the opportunity to create impact at scale — tackling meaningful challenges, growing your skills and seeing your contributions impact lives around the world. Join Visa and do work that matters — to you, to your community, and to the world.

Progress starts with you.

Job Description

The Senior Application Security Engineer will play a key role within the Application Security team, providing hands-on technical expertise, guidance, and enablement to development teams across Featurespace. This position is responsible for enhancing application security by assessing vulnerabilities, promoting secure development methods, offering guidance on remediation, and making sure Visa’s security standards and requirements are met.

This position requires strong technical capability, excellent communication skills, and the ability to work collaboratively across engineering, product, and security stakeholders.

Core Responsibilities:

Application Security & Vulnerability Support:

• Review and triage findings from application security tooling, including SAST, DAST, SCA, and container scanning solutions.
• Provide technical guidance to development teams to support remediation of vulnerabilities and improve security posture.
• Conduct or support penetration testing and targeted security assessments where appropriate.
• Review and escalate critical application security risks to the appropriate technical and business stakeholders.

Secure Development & Engineering Partnership:

• Support engineering teams in understanding and meeting Visa security standards and requirements.
• Provide coaching, best practices, and security knowledge sharing to promote secure development across the organization.
• Deliver training sessions for technical and non‑technical groups on application security topics and processes.

Process & Governance:

• Contribute to continuous improvement of application security processes, tooling, and standards.
• Support exception management, including reviewing risk acceptance submissions and documenting decisions.
• Assist with compliance and evidencing requirements related to application security activities.

Collaboration & Communication:

• Partner closely with development, DevOps, infrastructure, and product stakeholders to drive secure design and remediation outcomes.
• Share expertise and mentor other members of the Application Security team.
• Participate in relevant cross-functional forums (e.g., BCWG) where application security topics arise.

This is a hybrid position. Expectation of days in office will be confirmed by your hiring manager.

Qualifications

Bachelor’s degree in Computer Science, Information Security, or related field—or equivalent hands-on experience.
Demonstrable experience in application security engineering, secure development, vulnerability management, or related security domain.
Familiarity with common AppSec tooling: SAST, DAST, SCA, container scanning, and cloud security tools.
Experience supporting compliance or regulatory requirements (e.g., PCI DSS).
Relevant certifications (e.g., OSCP, OSWE, GWAPT, CISSP) are desirable.

Skills & Attributes:
Strong technical proficiency across application security and vulnerability research.
Excellent understanding of secure coding principles, common vulnerability classes, and modern application architectures.
Strong analytical mindset and critical assessment skills to evaluate findings and advise on secure solutions.
Excellent interpersonal and communication skills, capable of influencing and guiding engineering teams.
Ability to evolve with the role as technologies, threats, and team needs change.

Additional Information

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.