Senior Vulnerability Analyst

JobsCloseBy Editorial Insights

Visa is seeking a Senior Vulnerability Analyst in Cambridge to lead vulnerability management across infrastructure and products, coordinating with asset owners, running regular review calls, and driving PCI DSS and ASV compliance while delivering quarterly risk reports. The role blends hands-on tooling with governance, demanding strong analytics, clear communication, and adaptability. To apply, tailor your resume to show hands-on vulnerability management and remediation, PCI/ASV experience, and relevant certifications (CISSP, CISM, CEH, OSCP), with concrete examples of reducing remediation times. Highlight your ability to explain complex findings to technical and non-technical audiences, and mention the hybrid work arrangement with days in Cambridge to be confirmed by the manager.

Company Description

Visa is a world leader in payments technology, facilitating transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories, dedicated to uplifting everyone, everywhere by being the best way to pay and be paid.

At Visa, you'll have the opportunity to create impact at scale — tackling meaningful challenges, growing your skills and seeing your contributions impact lives around the world. Join Visa and do work that matters — to you, to your community, and to the world.

Progress starts with you.

Job Description

The Senior Vulnerability Analyst will play a pivotal role in internal Application Security team, leading the coordination and management of vulnerability processes across our infrastructure and products. This position is responsible for driving continuous improvement in vulnerability management, supporting compliance activities, and fostering collaboration across technical and business stakeholders.

Core Responsibilities:

• Coordinate Vulnerability Management: Work with asset owners and stakeholders to ensure prompt remediation, offering guidance as needed.
• Review and Escalation: Organize and lead regular vulnerability review calls, ensuring that appropriate stakeholders and asset owners are aware of open findings.
• Infrastructure Drop-In Sessions: Facilitate infrastructure vulnerability drop-in sessions to address technical issues and promote best practices.
• Reporting: Prepare and present quarterly vulnerability reports, raising findings to appropriate stakeholders and leadership.
• Compliance Support: Support PCI evidencing and Approved Scanning Vendor (ASV) activities, ensuring compliance with regulatory requirements.
• Exception Management: Guide exception management processes, review submissions, and track unresolved vulnerabilities, facilitating approvals and risk acceptance.
• Training and Enablement: Deliver training sessions to technical and non-technical teams on vulnerability management processes and security best practices.
• Collaboration: Prepare for and participate in Business Continuity Working Group (BCWG) meetings, fostering cross-functional collaboration.

This is a hybrid position. Expectation of days in office will be confirmed by your hiring manager.

Qualifications

Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent professional experience.
Demonstrable experience in vulnerability management, application security, or a related cybersecurity discipline.
Experience supporting compliance activities (e.g., PCI DSS, ASV).
Familiarity with security frameworks, risk management, and exception handling.
Experience delivering training and collaborating with cross-functional teams.
Relevant certifications (e.g., CISSP, CISM, CEH, OSCP) are desirable

Skills & Attributes:
Technical Expertise: Strong knowledge of vulnerability management tools and methods, application security experience is a plus.
Analytical Skills: Strong analytical and advisory capabilities, with meticulous attention to detail in exception and risk management.
Communication: Excellent interpersonal and communication skills, able to convey complex technical concepts to diverse audiences.
Adaptability: Ability to adapt as the role evolves and as new threats and technologies emerge.

Additional Information

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.