Senior Vulnerability Analyst in Cambridge

Visa is a world leader in payments technology, facilitating transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories, dedicated to uplifting everyone, everywhere by being the best way to pay and be paid. At Visa, you will have the opportunity to create impact at scale — tackling meaningful challenges, growing your skills and seeing your contributions impact lives around the world. Join Visa and do work that matters — to you, to your community, and to the world. Progress starts with you.

The Senior Vulnerability Analyst will play a pivotal role in the internal Application Security team, leading the coordination and management of vulnerability processes across our infrastructure and products. This position is responsible for driving continuous improvement in vulnerability management, supporting compliance activities, and fostering collaboration across technical and business stakeholders.

• Coordinate Vulnerability Management: Work with asset owners and stakeholders to ensure prompt remediation, offering guidance as needed.
• Review and Escalation: Organize and lead regular vulnerability review calls, ensuring that appropriate stakeholders and asset owners are aware of open findings.
• Infrastructure Drop-In Sessions: Facilitate infrastructure vulnerability drop-in sessions to address technical issues and promote best practices.
• Reporting: Prepare and present quarterly vulnerability reports, raising findings to appropriate stakeholders and leadership.
• Compliance Support: Support PCI evidencing and Approved Scanning Vendor (ASV) activities, ensuring compliance with regulatory requirements.
• Exception Management: Guide exception management processes, review submissions, and track unresolved vulnerabilities, facilitating approvals and risk acceptance.
• Training and Enablement: Deliver training sessions to technical and non-technical teams on vulnerability management processes and security best practices.
• Collaboration: Prepare for and participate in Business Continuity Working Group (BCWG) meetings, fostering cross-functional collaboration.

This is a hybrid position. Expectation of days in office will be confirmed by your hiring manager.

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent professional experience.
• Demonstrable experience in vulnerability management, application security, or a related cybersecurity discipline.
• Experience supporting compliance activities (e.g., PCI DSS, ASV).
• Familiarity with security frameworks, risk management, and exception handling.
• Experience delivering training and collaborating with cross-functional teams.
• Relevant certifications (e.g., CISSP, CISM, CEH, OSCP) are desirable.

• Technical Expertise: Strong knowledge of vulnerability management tools and methods, application security experience is a plus.
• Analytical Skills: Strong analytical and advisory capabilities, with meticulous attention to detail in exception and risk management.
• Communication: Excellent interpersonal and communication skills, able to convey complex technical concepts to diverse audiences.
• Adaptability: Ability to adapt as the role evolves and as new threats and technologies emerge.

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

Job Family Group: Technology and Operations