Lead Vulnerability Analyst
Who is Mastercard?
We are the global technology company behind the world's fastest payments processing network. We are a vehicle for commerce, a connection to financial systems for the previously excluded, a technology innovation lab, and the home of Priceless ®. We ensure every employee has the opportunity to be a part of something bigger and to change lives. We believe as our company grows, so should you. We believe in connecting everyone to endless, priceless possibilities. Job Title
Lead Vulnerability Analyst
•MasterCard is seeking a Security consultant with strong experience in web and mobile application security assessments. Candidate must have strong experience in performing penetration testing and vulnerability management services for applications, network systems, operating systems and database. Candidates should have experience with black box, grey box, and white box testing.
•Whether through traditional retail, mobile, or e-commerce, MasterCard innovation is leading the digital convergence of traditional and emerging payments technologies across a wide variety of new devices and services for billions of users world-wide.
•Are you passionate about security? Do you like to tinker with things in order to figure out how to build them better, stronger, and more resilient? Are you a people person who values partnership, teamwork, and building solutions with cross-functional disciplines and teams? Are you curious? Do you follow trends, research, and best practices as part of your insatiable desire to learn and teach others? Do you want to have a true impact on the security of how the world transacts? This may be the role for you.
•Conducting application security assessments and penetration tests (web, mobile, web service, etc.). These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools such as Burp Suite Professional and/or code review tools such as Checkmarx.
•Assist in the development, evaluation, and implementation of application penetration testing processes and tools
•Research and keep up to date of application security emerging threats, techniques, tools, and trends
•Able to assist in setting the strategic direction for Application Security program across the firm
•Creates organizational knowledge about key technologies, tools and methodologies
•Hands-on experience of penetration testing or web, mobile, web services and network
•Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies
•Current knowledge of security best practices, common exploits and threat landscape
•Experience with application threat modeling or other risk identification techniques
•Good understanding of Software Development especially related to secure coding best practices. Prior experience in Programming/Scripting such as Java, VB, Python, Powershell is a plus
•Knowledge of secure software development life cycle (SSDLC), DevSecOps, Cloud, CI/CD pipeline preferred
•Strong relationship building skills and collaborative style to enable success across multiple partners desired
•The candidate should be familiar with laws, regulations, and industry standards such as PCI DSS GDPR, CCPA, GLBA, NIST SP800-53 and Cybersecurity Framework, and International Organization for Standardization (ISO) series 27001/2, 27005, 31000.
Mastercard is an inclusive Equal Employment Opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law.
If you require accommodations or assistance to complete the online application process, please contact firstname.lastname@example.org and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.