Sr. AppSec Engineer

Visa, Austin TX, US

Everywhere you want to be

Duration: Full-Time

The Sr. AppSec Engineer will work as a member of Visa Cybersecurity’s AppSecOps team. The objective of Visa’s AppSecOps team is to help developers build secure applications through devsecops tools, training, and operational support. With this mission in mind, AppSecOps team is proactively engaged with developers, product, and cybersecurity teams to help write secure code, find, and fix vulnerabilities earlier in the dev cycle through upskilling their security knowledge, using automated security testing tools like SAST/DAST/SCA and IAST.

The Sr. AppSec Engineer will be responsible for owning and maintaining automated security testing tools (SAST/DAST/SCA), support developers for IDE, CI/CD pipeline automation, reviewing vulnerability reports and testing remediation. The candidate will also participate in developing tools and automation scripts to support the tools in the AppSecOps team’s portfolio. The position also requires working in partnership with product development, secure software development lifecycle, ethical hacking, and production security teams to identify practices that help developers ship secure code faster to production and reduce application security debt. The Sr AppSec Engineer will own metrics and reporting for the program to support consistency and continuity of the ShiftLeft initiative that has enabled injecting security in the devops continuum at Visa. This position will also prepare reports to enhance security adherence make recommendations for the adoption of new policies and procedures for Visa services. The candidate should be a passionate developer advocate with a panache for client orientation and operational excellence, while operating in Agile environment.


  • System administrator for AppSecOps automated application security testing tools portfolio that includes SAST, DAST, IAST, SCA and API Security tools
  • Subject matter expertise in policies for security tools
  • Co-ordinate and execute system/network level pen tests and ethical hacking exercises.
  • Pro-actively research and Identify network and system vulnerabilities and provide recommended counter measures or mitigating controls to reduce risk to an acceptable and manageable level.
  • Reviews results of network and application ethical hacks in order to determine severity of findings and to ensure proper remediation is applied.
  • Provide accurate and timely reporting of findings and proposed remediation and mitigations.
  • Support Security Champions Training program through instruction and hands-on training
  • Provide technical support to senior management in identifying and streamlining new/existing protocols and tools used by the penetration testing team.
  • Mentor junior team members and Security Champions
  • Develop and automate scripts, tools and resources needed to advance automated security testing tools

Basic qualification:

  • 5 or more years of relevant work experience with a Bachelor’s Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters (or equivalent) in Computer Science, Information Security, Information Technology, Electrical/Electronics Engineering, or a related field, MBA, JD, MD) or 0 years of work experience with a PhD
  • 3-5 Years work experience in Cybersecurity or Web Application Development
  • Experience in system administration, web application security and threat modeling
  • Understanding of OWASP Top 10 and SANS Top 25 web application and network vulnerabilities
  • Deep knowledge of automated security testing tools like SAST, DAST, SCA, IAST and fuzz testing tools
  • Proficiency in one or more scripting language. E.g. Perl, Python, Shell Scripting etc.
  • Proficiency in one or more high level programming languages like Java, JavaScript, HTML, C, C++, Ruby etc.
  • Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
  • Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks, and protocols with respect to application development and deployment
  • Knowledge of web application design, penetration testing, application risk assessment and risk categorization
  • Expertise and experience in web/mobile application and network penetration testing
  • Knowledge of exploit development, vulnerability research/reporting or writing system modules in C & C++, a major advantage and added bonus.
  • Understanding of OSI and TCP stack with emphasis on computer architecture and networking protocols
  • Knowledge of web application technologies and layer 7 protocols like HTTP, DHCP, DNS, FTP etc.
  • Familiarity with pen testing tools & frameworks like Burpsuite, Metasploit, Kali, Canvas, etc.
  • Strong problem solving and analytical skills
  • Excellent verbal and written communication skills
  • Strong operational skills; quality and results oriented
  • Strong client service orientation

Preferred qualification:

  • 6 or more years of work experience with a Bachelor’s Degree or 4 or more years of relevant experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or up to 3 years of relevant experience with a PhD

Visa has adopted a COVID-19 vaccination policy to safeguard the health and well-being of our employees and visitors. As a condition of employment, all employees based in the U.S. are required to be fully vaccinated for COVID-19, unless a reasonable accommodation is approved or as otherwise required by law

Work Hours: Varies upon the needs of the department

Travel Requirements: This position requires travel 5-10% of the time.

Mental/Physical Requirements: This position will be performed in an office setting.  The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.

Visa is an EEO Employer.  Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.  Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.


Visa will consider for employment qualified applicants with criminal histories in a manner consistent with applicable local law, including the requirements of Article 49 of the San Francisco Police Code.

About Visa

Visa Inc. (NYSE: V) is the world’s leader in digital payments. Our mission is to connect the world through the most innovative, reliable and secure payment network - enabling individuals, businesses and economies to thrive. Our advanced global processing network, VisaNet, provides secure and reliable payments around the world, and is capable of handling more than 65,000 transaction messages a second. The company’s relentless focus on innovation is a catalyst for the rapid growth of connected commerce on any device, and a driving force behind the dream of a cashless future for everyone, everywhere. As the world moves from analog to digital, Visa is applying our brand, products, people, network and scale to reshape the future of commerce.

Want to learn more about Visa? Visit Visa's website.