Company Description

Founded by experienced entrepreneurs and engineers in 2016, Pismo is a technology company that provides a comprehensive processing platform for banking, card issuing and financial market infrastructure and helps customers innovate and build the next generation of banking and payment solutions. Pismo joined Visa in 2024.

Leveraging Visa’s solutions, our core platform, and an expanding suite of capabilities, Pismo addresses the technological challenges that large banks, marketplaces, and fintech companies face in migrating from legacy systems to more advanced technology in the market. Pismo’s cloud-based platform empowers firms to build and launch financial products rapidly, scaling as they grow to have a broader audience while keeping high security and availability standards.

Pismo’s 500+ employees are located in more than 10 countries around the world.

Job Description

Working in the Red Team (offensive security), the role supports the identification and management of security risks and vulnerabilities across multiple domains. It involves close collaboration with development teams and cybersecurity squads, contributing to secure application and product development lifecycles. The position also ensures the overall health of the corporate environment by adhering to regulatory and compliance requirements, including ISO 27001 and PCI DSS, and by developing and maintaining security documentation and procedures.

A solid understanding of the OWASP Top 10 and NIST SP 800‑115 standards is required. Familiarity with the PCI DSS framework and basic knowledge of AWS services are considered strong assets.

What You'll Do

• Assess API and web application vulnerability
• Collaborate with Blue Team (Purple Team exercises)
• Engage in internal Red Team activities
• Test cloud and infrastructure with penetration testing
• Configure and automate offensive security development
• Execute vulnerability scanning activities
• Support for Governance, Risk, and Compliance (GRC) initiatives
• Collaborate with peer cybersecurity teams

This is a remote position. A remote position does not require job duties be performed within proximity of a Visa office location. Remote positions may be required to be present at a Visa office with scheduled notice.

Qualifications

Basic Qualifications

• Be based in Brazil
• B2 English proficiency
• Experience working in offensive security / Red Team, penetration testing, or vulnerability assessment roles.
• Strong understanding of application security risks across APIs, microservices, and distributed systems.
• Knowledge of OWASP Top 10 and NIST SP 800‑115 security testing standards.
• Experience collaborating with development teams and cybersecurity squads to identify, communicate, and remediate security findings.
• Ability to support secure application and product development lifecycles.
• Strong documentation skills, including the ability to create and maintain security reports, procedures, and technical documentation.
• Basic knowledge of AWS services and cloud environments.

Preferred Qualifications

• Basic knowledge of PCI DSS requirements and working in regulated environments.
• Familiarity with ISO 27001 security controls and audit requirements.

Additional Information

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.