Senior Cybersecurity Engineer

Company Description

Founded by experienced entrepreneurs and engineers in 2016, Pismo is a technology company that provides a comprehensive processing platform for banking, card issuing and financial market infrastructure and helps customers innovate and build the next generation of banking and payment solutions. Pismo joined Visa in 2024.

Leveraging Visa’s solutions, our core platform, and an expanding suite of capabilities, Pismo addresses the technological challenges that large banks, marketplaces, and fintech companies face in migrating from legacy systems to more advanced technology in the market. Pismo’s cloud-based platform empowers firms to build and launch financial products rapidly, scaling as they grow to have a broader audience while keeping high security and availability standards.

Pismo’s 500+ employees are located in more than 10 countries around the world.

Job Description

We are looking for a Senior Cybersecurity Engineer to join our Identity Engineering team. This role operates at the intersection of security, platform engineering, and cloud-native architecture, helping design, build, and operate secure identity and authorization foundations that support critical financial workloads at scale.

The engineer will work closely with application engineering, platform, SRE, and external partners to ensure identity services are secure, resilient, and easy to consume. This is a hands-on role for someone who enjoys building, automating, and continuously improving security capabilities in modern cloud environments.

Key responsibilities include:

• Designing, implementing, and operating identity and authorization platforms used across internal and external services
• Defining and evolving authentication and authorization patterns based on OAuth 2.0, OpenID Connect, and token-based security
• Supporting and improving API security using API Gateway technologies, preferably Kong, including authentication flows, rate limiting, and policy enforcement
• Collaborating with engineering teams to securely integrate identity solutions into APIs and services
• Building and maintaining infrastructure using Infrastructure as Code (Terraform)
• Operating and securing Kubernetes-based workloads and identity-related services
• Contributing to cloud architecture decisions with a strong focus on security, resilience, and scalability
• Partnering with DevOps and SRE teams to improve observability, incident response, and operational excellence
• Participating in security reviews, threat modeling, and architecture design discussions
• Defining best practices, documentation, and reference architectures for identity and access management
• Continuously learning and staying current with modern identity, cloud security, and platform engineering practices

This is a remote position. A remote position does not require job duties be performed within proximity of a Visa office location. Remote positions may be required to be present at a Visa office with scheduled notice. #LI-Remote

Qualifications

Basic Qualifications:

• 6 or more years of work experience with a Bachelor's Degree or 4 or more years of relevant experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or up to 3 years of relevant experience with a PhD
• Strong experience securing API Gateway platforms, with deep familiarity in architectures based on Kong Gateway (Enterprise or OSS), including ingress and egress traffic patterns in cloud‑native environments.
• Proven expertise in Identity and service‑to‑service security, including the design, enforcement, and validation of mTLS‑based communication, certificate lifecycle management, and trust boundaries across distributed systems.
• Hands‑on experience working with Public Key Infrastructure (PKI) concepts and implementations, including certificate issuance, rotation, revocation, and integration with gateways and workloads.
• Deep understanding of API security controls implemented at the gateway layer, such as OAuth2, OpenID Connect, JWT validation, client credentials, rate limiting, traffic filtering, and abuse prevention.
• Strong experience securing Kubernetes‑based platforms, including API Gateway deployments running inside clusters, with knowledge of namespaces, workload isolation, network policies, and integration with service mesh when applicable.
• Solid experience reviewing and influencing Infrastructure as Code (IaC) used to provision API Gateways, identity components, and supporting infrastructure, particularly using Terraform and GitOps‑style workflows.
• Proven ability to perform security assessments, threat modeling, and architectural reviews for gateway and identity platforms, identifying systemic risks, misconfigurations, and scalability concerns.
• Strong understanding of observability and security monitoring for gateways and identity services, including logs, metrics, and traces used to detect anomalies, investigate incidents, and support audits.
• Excellent analytical and problem‑solving skills, with strong attention to detail when operating in high‑traffic, multi‑environment, and multi‑region platforms.
• Ability to clearly communicate security risks, architectural decisions, and remediation strategies to engineering teams, platform owners, and non‑technical stakeholders.
• Demonstrated ability to lead and influence cross‑functional teams, including platform engineering, SRE, and application teams, ensuring consistent security baselines across the API and identity ecosystem.

Preferred Qualifications:

• Programming experience is desirable but not required; the role prioritizes security architecture, platform design, control enforcement, and risk management over feature‑level development.

Additional Information

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

Client-provided location(s): Flexible / Remote, São Paulo, Brazil

Job ID: 686facd9-42c3-46b0-a244-9271a2689e95

Employment Type: OTHER

Posted: 2026-03-20T16:41:07