Associate Cybersecurity Engineer, Intern - Summer 2026

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose - to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

Visa's Internship Program provides an immersive, 12-week journey where you'll work on impactful projects that drive Visa's mission forward. As a Visa intern, you'll build valuable connections across the organization, sharpen your communication and business acumen, and gain hands-on experience in a dynamic, global environment.

Throughout the program, you'll have exclusive access to interactive workshops and learning sessions designed to deepen your expertise, expand your industry knowledge, and elevate your professional skillset. You won't just be learning, you'll be contributing, collaborating, and innovating every step of the way. In addition to professional development, you'll enjoy a variety of intern social events that foster community, connection, and fun throughout the summer.

The experience culminates in an exciting final presentation, where you'll showcase your project achievements, share key insights, and present your recommendations to Visa's leaders and stakeholders. This is your chance to demonstrate your business impact, highlight your personal growth, and align your work with Visa's vision for the future.

Join Visa's world-class Cybersecurity department and gain unparalleled experience across a variety of critical security domains. This internship program is designed for passionate and driven individuals eager to contribute to Product Security Architecture, Identity and Access Management (IAM), or Mobile & Mac Security. As an intern, you will help proactively identify and mitigate security weaknesses, secure employee and customer access to critical applications, and perform ethical hacking to protect Visa's products and services.

This role offers the chance to work in a dynamic, fast-paced environment that operates like a startup within our global organization. We are looking for innovators who are excited to research and apply cutting-edge AI models to solve complex cybersecurity challenges.

Some job duties may include:

• Security Architecture & Penetration Testing:

  • Act as a security champion by contributing to the security architecture, design, and implementation for web, API, mobile, and Mac applications.
  • Perform ethical penetration testing on Visa's mobile and Mac assets to simulate real-world attacks and identify vulnerabilities.
  • Conduct and facilitate security reviews, threat modeling, and deep design reviews throughout the development lifecycle.
  • Identify weaknesses in Visa's security posture and recommend controls to protect assets and services.

• Identity & Access Management (IAM):

  • Support the development, operation, and maintenance of Visa's complex IAM ecosystem, including platforms like SailPoint.
  • Analyze IAM-related incidents, document root causes, and recommend effective remediation solutions.

• Innovation, AI & Automation:

  • Innovate and research AI models and their applications to solve real-world cybersecurity problems.
  • Develop AI-driven workflows and benchmark AI use-cases for security activities.
  • Develop, maintain, and innovate on internal cybersecurity tools, scripts, and processes to optimize testing and security-in-depth.
  • Assist with building alerting and monitoring solutions, potentially leveraging GenAI.

• Collaboration & Analysis:

  • Write and optimize SQL queries for data analysis and reporting.
  • Collaborate closely with Management, Development, and Quality Assurance teams to communicate issues and propose solutions.
  • Help build foundational application security capabilities across the organization.

Basic Qualifications

• Students pursuing a Bachelor's degree in Computer Science, Computer Engineering, CIS/MIS, Cybersecurity, Business or a related field, with a graduation date in December 2026-August 2027
• Strong communications skills, specifically, the absence of repeated grammatical or typographical errors, clear and concise written and spoken communications that demonstrate professional judgment.

Preferred Qualifications

• Proficiency in at least one programming language or technology including, but not limited, to Java, C/C++, C#, .NET, Python, Javascript, HTML, SQL
• Experience with Write utilities / automation tools using Selenium, Java, REST, Python, Groovy, and more
• Development skills with experience in secure coding and application security.
• Knowledge or understanding of security architecture principles and best practices.
• Familiarity with OWASP Top 10, SANS Top 25, and threat modeling frameworks.
• Knowledge of cryptographic concepts and secure communication protocols.
• Understand the basics of a mobile application and platform security concepts; deep understanding of those platforms, and advanced concepts related to SDKs and mobile wallets preferred.
• Knowledge of penetration testing is a plus but not necessary if you're willing to learn with us and are curious. Things like application risk assessment and risk categorization skills, including but not limited to, reverse-engineering, network interception and manipulation, offensive and defensive attacks, as well as database and cross-site scripting injection attacks are all topics that are useful.
• Experience or exposure with penetration testing tools such as Burp Suite, Nmap, Nessus, and Kali.
• Proficiency in one or more scripting languages (Python, Bash, etc.).
• Experience or knowledge in PL/SQL queries
• Understanding of networking fundamentals, OSI model, and TCP/IP stack.
• Awareness of cloud security principles (AWS, Azure, or GCP security best practices).
• Operating system familiarity - Windows, Linux, macOS account management.
• Ability to use GenAI to build agents for alerting and reporting
• Understanding of web applications common architectures, basic cryptography, and web protocols.
• Understanding of thefollowing tools/technologies should apply, and would be strongly preferred: Burp Suite, IDA pro, Metasploit, APKTool, Hopper, Gindra, CheckMarx (Sast/Dast), Cycript, XPosed, Charles, dex2jar, Kali Linux, Wireshark or any mobile security and/or penetration testing tools or frameworks.
• Incident handling basics - responding to access-related tickets.
• Basic troubleshooting - resolving login errors, permissions issues.
• Strong ability to collaborate
• Highly driven, resourceful and results oriented
• Good team player and excellent interpersonal skills
• Good analytical and problem-solving skills
• Demonstrated ability to lead and navigate through ambiguity

U.S. APPLICANTS ONLY:The estimated hourly range for a new hire into this position is $35-$40/hr which may include potential sales incentive payments (if applicable). Salary may vary depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for bonus and equity. Visa has a comprehensive benefits package for which this position may be eligible that includes Medical, Dental, Vision, 401 (k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness Program.

Work Authorization:Visa will not sponsor applicants for work visas in connection with this position. Future sponsorship will not be considered.

Work Hours:Varies upon the needs of the department

Travel Requirements:This position requires travel 5-10% of the time.

Mental/Physical Requirements: This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

Visa will consider for employment qualified applicants with criminal histories in a manner consistent with applicable local law, including the requirements of Article 49 of the San Francisco Police Code