Security Architect

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

As a Security Architect, you will play a critical role in safeguarding our cloud infrastructure and applications. You will conduct comprehensive security reviews and implement advanced security measures to protect against potential threats.

Essential Functions:

• Conduct in-depth security assessments and threat models of AWS, EKS, and web applications/APIs to identify vulnerabilities and propose effective solutions.
• Design and implement robust security architectures tailored for cloud environments, focusing on AWS and Kubernetes (EKS).
• Collaborate with DevOps and software development teams to integrate security best practices within CI/CD pipelines and across the development lifecycle.
• Develop and refine security policies and procedures to ensure comprehensive protection and compliance.
• Research and stay abreast of the latest security threats, tools, and methodologies, providing strategic recommendations.
• Provide technical guidance and training to internal teams to elevate security awareness and practices.

This is a hybrid position. Expectation of days in office will be confirmed by your Hiring Manager.

Basic Qualifications:

• 2+ years of relevant work experience and a Bachelors degree, OR 5+ years of relevant work experience

Preferred Qualifications

• 3 or more years of work experience with a Bachelor’s Degree or more than 2 years of work experience with an Advanced Degree (e.g. Masters, MBA, JD, MD)
• Security Architecture: Experience participating in Security Architecture reviews and/or Threat Modeling using industry standards.
• Pentesting: Hands-on experience with penetration testing is a strong advantage.
• Security Controls: Experience designing or supporting security controls for web applications and backend services such as API Gateways, Identity and Access Management, Data Protection, or Security Information and Event Management.
• Development Lifecycle: Understanding of Secure Development Lifecycle methodologies and Agile-based practices.
• Technical Knowledge: Working knowledge of middleware platforms and common development platforms (such as Java, C#, .NET).
• Security Standards: Familiarity with OWASP Top 10 and CWE Top 25 vulnerabilities.
• Cloud Security: Direct experience with, or strong understanding of, cloud-based services (SaaS, PaaS, IaaS) and their security considerations.
• Security Tools: Practical experience with security technologies such as intrusion detection/prevention systems, firewalls, antivirus, policy enforcement, configuration management, security monitoring, audit, or secure application development.
• Certifications: Industry certifications (e.g., CISSP, GIAC, OSCP) are preferred, or a strong willingness to pursue them.
• Team Collaboration: Experience working with or supporting cross-functional teams (e.g., security, engineering, pentest, operations) is highly valued.
• Communication: Strong written and verbal communication skills, with the ability to effectively document findings and communicate with both technical and non-technical stakeholders.
• M&A Activities: Experience supporting Mergers & Acquisitions (M&A) activities is considered a plus.

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.