Working in the Red Team (offensive security), the role supports the identification and management of security risks and vulnerabilities across multiple domains. It involves close collaboration with development teams and cybersecurity squads, contributing to secure application and product development lifecycles. The position also ensures the overall health of the corporate environment by adhering to regulatory and compliance requirements, including ISO 27001 and PCI DSS, and by developing and maintaining security documentation and procedures.
A solid understanding of the OWASP Top 10 and NIST SP 800‑115 standards is required. Familiarity with the PCI DSS framework and basic knowledge of AWS services are considered strong assets.

What You'll Do

• Assess API and web application vulnerability
• Collaborate with Blue Team (Purple Team exercises)
• Engage in internal Red Team activities
• Test cloud and infrastructure with penetration testing
• Configure and automate offensive security development
• Execute vulnerability scanning activities
• Support for Governance, Risk, and Compliance (GRC) initiatives
• Collaborate with peer cybersecurity teams

This is a remote position. A remote position does not require job duties be performed within proximity of a Visa office location. Remote positions may be required to be present at a Visa office with scheduled notice. #LI-Remote

Basic Qualifications

• Experience working in offensive security / Red Team, penetration testing, or vulnerability assessment roles.
• Strong understanding of application security risks across APIs, microservices, and distributed systems.
• Knowledge of OWASP Top 10 and NIST SP 800‑115 security testing standards.
• Experience collaborating with development teams and cybersecurity squads to identify, communicate, and remediate security findings.
• Ability to support secure application and product development lifecycles.
• Strong documentation skills, including the ability to create and maintain security reports, procedures, and technical documentation.
• Basic knowledge of AWS services and cloud environments. 

Preferred Qualifications

• Basic knowledge of PCI DSS requirements and working in regulated environments.
• Familiarity with ISO 27001 security controls and audit requirements.

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.