Senior Application Security Engineer
Role details
Job location
Tech stack
Job description
The Senior Application Security Engineer will play a key role within the Application Security team, providing hands-on technical expertise, guidance, and enablement to development teams across Featurespace. This position is responsible for enhancing application security by assessing vulnerabilities, promoting secure development methods, offering guidance on remediation, and making sure Visa's security standards and requirements are met., * Review and triage findings from application security tooling, including SAST, DAST, SCA, and container scanning solutions.
- Provide technical guidance to development teams to support remediation of vulnerabilities and improve security posture.
- Conduct or support penetration testing and targeted security assessments where appropriate.
- Review and escalate critical application security risks to the appropriate technical and business stakeholders.
Secure Development & Engineering Partnership:
- Support engineering teams in understanding and meeting Visa security standards and requirements.
- Provide coaching, best practices, and security knowledge sharing to promote secure development across the organization.
- Deliver training sessions for technical and non-technical groups on application security topics and processes.
Process & Governance:
- Contribute to continuous improvement of application security processes, tooling, and standards.
- Support exception management, including reviewing risk acceptance submissions and documenting decisions.
- Assist with compliance and evidencing requirements related to application security activities.
Collaboration & Communication:
- Partner closely with development, DevOps, infrastructure, and product stakeholders to drive secure design and remediation outcomes.
- Share expertise and mentor other members of the Application Security team.
- Participate in relevant cross-functional forums (e.g., BCWG) where application security topics arise.
This is a hybrid position. Expectation of days in office will be confirmed by your hiring manager.
Requirements
This position requires strong technical capability, excellent communication skills, and the ability to work collaboratively across engineering, product, and security stakeholders., Bachelor's degree in Computer Science, Information Security, or related field-or equivalent hands-on experience. Demonstrable experience in application security engineering, secure development, vulnerability management, or related security domain. Familiarity with common AppSec tooling: SAST, DAST, SCA, container scanning, and cloud security tools. Experience supporting compliance or regulatory requirements (e.g., PCI DSS). Relevant certifications (e.g., OSCP, OSWE, GWAPT, CISSP) are desirable.
Skills & Attributes: Strong technical proficiency across application security and vulnerability research. Excellent understanding of secure coding principles, common vulnerability classes, and modern application architectures. Strong analytical mindset and critical assessment skills to evaluate findings and advise on secure solutions. Excellent interpersonal and communication skills, capable of influencing and guiding engineering teams. Ability to evolve with the role as technologies, threats, and team needs change.
