The Job logo

What

Where

Sign in

Senior Vulnerability Analyst

ApplyJoin for More Updates

You must Sign In before continuing to the company website to apply.

Our Purpose

 

We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.

 

Title and Summary

Senior Vulnerability Analyst

Overview
· Web Security Testing team is responsible for identifying security gaps and vulnerabilities through different tools and techniques used by hackers on MasterCard applications.
· This position is for penetration testing (ethical hacking) doing network and web application vulnerability assessments.
· This position requires vast experience in web application and web service penetration testing where you are able to mentor junior members of the team
· What is your experience in web application security?
· What is your experience in Information Security?
· What skills do you bring to the table that would make you a fit for this position?

Role
· Responsible for completing assigned application scans against web applications or web services
· Responsible to update status and escalate to management as necessary.

All About You
· Intermediate web application security & penetration testing experience on web applications and web services through manual testing
· Beginner Information Security experience
· Beginner compliance background (PCI, GLBA, SOX, etc…)
· Beginner Windows and Unix skills
· Intermediate communication skills
· Intermediate written documentation skills
· Beginner leadership qualities

 

Corporate Security Responsibility


All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

Abide by Mastercard’s security policies and practices;

Ensure the confidentiality and integrity of the information being accessed;

Report any suspected information security violation or breach, and

Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

Set alert for similar jobsSenior Vulnerability Analyst role in Pune, India
Mastercard Logo

Company

Mastercard

Job Posted

a year ago

Job Type

Full-time

WorkMode

On-site

Experience Level

3-7 years

Category

Cyber Security

Locations

Pune, Maharashtra, India

Qualification

Bachelor

Applicants

Be an early applicant

Related Jobs

Mastercard Logo

Vulnerability Analyst II

Mastercard

Pune, Maharashtra, India

Posted: a year ago

We are looking for a Vulnerability Analyst II to join our Web Security Testing team. You will be responsible for identifying security gaps and vulnerabilities in MasterCard applications through ethical hacking and penetration testing. We value your experience in web application and information security, as well as your skills in communication, documentation, and leadership. Come join us in our inclusive and innovative culture and contribute to making transactions safe and accessible for everyone.

Mastercard Logo

Senior Technology Risk Analyst - Privacy

Mastercard

Pune, Maharashtra, India

Posted: a year ago

Our Purpose   We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.   Title and Summary Senior Technology Risk Analyst - Privacy Overview The Mastercard Technology Risk Team is looking for a Senior Technology Risk Analyst to support and lead an assurance and controls program supporting various privacy and security requirements to meet customer and regulatory obligations for Mastercard. Focus will be on providing compliance support, the implementation of design (up-to-date standard operating procedures) and operational (testing the validity of procedures periodically) effectiveness, monitoring, and reporting of the ongoing operating effectiveness of the internal control environment and working closely with application/product owners to document the flow of data at the application level. This role is a pivotal part of the Mastercard technology risk function and supports Mastercard's commitment to balancing innovation while protecting the internal control posture. The team assesses internal controls to proactively identify risks, define remediation actions and track remediation efforts. We are looking for someone to join our team and help us meet these compliance goals. The ideal candidate will have the ability to think and act both strategically and tactically while ensuring that the corporation remains compliant with required security, technology, and financial standards, as well as industry best practices. Responsibilities • Supports assurance program, engages with internal partners to help build control frameworks to ensure needs and expectations over services are met for various certifications (e.g., SOC2) • Engages with Mastercard Privacy team to ensure privacy principles are adequately addressed • Engages with product and application owners to document data flows using Data Flow Diagrams •Engages with the auditors to test the control framework to ensure objectives are met and risk is managed effectively •Executes control assessments of various operational and business areas to assess potential risks or control gaps • Takes actions to address risk issues according to established policies; monitors the implementation of action plans to reduce risk • Tracks remediation internally and externally through to resolution to help improve design and operational effectiveness of controls • Assists with the implementation of cross-functional initiatives to deliver on risk goals, policies and procedures • Supports special projects as requested; provides ad-hoc support to management • Reports formally on the results of assurance/certification objectives, controls, and risk assessments • Helps develop and maintain reports, metrics and presentations of progress and results for meetings with customers and regulators Experiences • Demonstrated ability to operate with independence and autonomy • Experience with control frameworks (e.g., SOC2, ISAE3402/3000, ISO27001 and GDPR) • Bachelor’s degree or equivalent combination of education and experience/Bachelor’s degree in computer science, information technology or related field preferred • Strong interpersonal, communication and presentation skills necessary for interaction with business leaders and teams across all levels of the organization • Professional certification like CISSP/CISA/CRISC/CIPP or similar, a plus • Contribute to work environment that encourages knowledge of, respect for, and the development of skills to engage with those of other cultures and backgrounds • Familiarity with the financial services industry and payment processing industry, a plus • Experience collaborating cross-functionally to identify and implement best practice risk processes • Exposure to security, including network and internet systems security • Demonstrates basic knowledge of Risk analysis; begins to develop relationships with risk managers, business and technology partners   Corporate Security Responsibility All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must: Abide by Mastercard’s security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach, and Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

Mastercard Logo

Senior Vulnerability Analyst

Mastercard

Pune, Maharashtra, India

Posted: a year ago

Our Purpose   We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.   Title and Summary Senior Vulnerability Analyst Who is Mastercard? Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all. Overview The Vulnerability Management team is looking for a Senior Vulnerability Analyst to drive our customer experience strategy forward by consistently innovating and problem-solving. The ideal candidate is passionate about cyber security, highly motivated, intellectually curious, analytical, and possesses an innovative spirit. Role • This role is specifically targeted to the Vulnerability Management Audit and Compliance team (VMAC) within Vulnerability Management, which ensures that all audits, standards, and compliance to those standards are addressed and maintained appropriately • Maintain a high-level understanding of all Vulnerability Management practices within Mastercard (Network scanning, penetration testing, static code analysis, CI/CD pipeline testing, etc.) • Audit/regulatory review evidence gathering and presentation • PCI DSS and ISO 27001- specifically for vulnerability management • Policy Exception Management • Compliance tracking and reporting • Proactively seek out industry best practices to ensure that VM policies and procedures are aligned. What does the future look like and how do we ensure coverage? All About You The ideal candidate for this position should: • Have experience working across timezones and diverse corporate organizations • Have previous experience working in cyber security, specifically in the vulnerability management field • Possesses a good understanding of PCI DSS, ISO 27001, and/or other regulatory and compliance mandates specifically geared towards Vulnerability Management • Demonstrate intermediate expertise working in vulnerability management systems such as network security testing, vulnerability scanners, penetration testing, static code analysis and governance risk and compliance (GRC) systems • Demonstrated ability to explain technical problems succinctly and clearly and should feel comfortable with presenting in front of large groups • Continually monitoring the rapidly changing landscape of threats and vulnerabilities • Seek ways to automate manual processes through intermediate scripting skills (e.g. Python, Perl, bash) and REST or SOAP web service APIs • A positive attitude and a willingness to learn and share ideas Corporate Security Responsibility All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must: Abide by Mastercard’s security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach, and Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

Mastercard Logo

Vulnerability Analyst I

Mastercard

Pune, Maharashtra, India

Posted: a year ago

Our Purpose We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results. Title and Summary Vulnerability Analyst I Overview · Web Security Testing team is responsible for identifying security gaps and vulnerabilities through different tools and techniques used by hackers on MasterCard applications. · This position is for penetration testing (ethical hacking) doing network and web application vulnerability assessments. · This position requires vast experience in web application and web service penetration testing where you are able to mentor junior members of the team · What is your experience in web application security? · What is your experience in Information Security? · What skills do you bring to the table that would make you a fit for this position? Role · Responsible for completing assigned application scans against web applications or web services · Responsible to update status and escalate to management as necessary. All About You · Beginner web application security & penetration testing experience on web applications and web services through manual testing · Beginner Information Security experience · Beginner compliance background (PCI, GLBA, SOX, etc…) · Beginner Windows and Unix skills · Beginner communication skills · Beginner written documentation skills · Beginner leadership qualities Corporate Security Responsibility All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must: Abide by Mastercard’s security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach, and Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

Mastercard Logo

Lead Information Security Engineer

Mastercard

Pune, Maharashtra, India

+1 more

Posted: a year ago

The Information Security Engineering team is looking for a Lead Information Security Engineer for Xborder Services program. You will be responsible for monitoring system security and compliance and developing, delivering, maintaining, and monitoring IT security policies, standards, and best practices. You will also oversee compliance and the implementation of disaster recovery procedures. Apply now!

Mastercard Logo

Lead Information Security Engineer

Mastercard

Vadodara, Gujarat, India

+1 more

Posted: a year ago

Our Purpose We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results. Title and Summary Lead Information Security Engineer Who is Mastercard? Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships, and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all. Overview The Information Security Engineering team is looking for a Lead Information Security Engineer for Xborder Services program to drive application security for them. The candidate is expected to monitor system security and compliance and develop, deliver, maintain, and monitor IT security policies, standards, and best practices. The candidate also oversees compliance and the implementation of disaster recovery procedures. Role In this position, you will: • Leads complex initiatives and projects. • Influences and implements security requirements, standards, and architecture for the security aspects of small- to medium-sized projects, and participates in internal investigations. • Defines platform architecture and drives strategy execution. • Responsible for understanding security policies and industry best practices & compliance. • Responsible for reviewing and providing feedback for improvements to front-line metrics to ensure controls are being met as defined. • Responsible for reviewing all project documentation, including maintaining technical documents and business requirements. • Responsible for completing Voice of Customer surveys and communication if part of a security domain-based engineering team (i.e. identity access management) for any new technologies or governance processes. • Applies technical capabilities within own discipline to coach and develop junior employees. • Provides input into the performance appraisal process for some junior employees or team members. • Raises opportunities for improvement to senior consulting and provides technical guidance for junior resources. All About You The ideal candidate for this position should: - Experience working in cross-functional and large projects with globally dispersed development resources. - Self-manages priorities and time to ensure successful deliverables. - Experience handling difficult conversations with project stakeholders and identifying risks and tradeoffs. - Experience working with one of the public cloud providers and securing applications in it. - Led complex cross-functional projects locally or for several countries. - Demonstrated ability to multi-task and prioritize in order to meet project constraints (budget, deadlines, etc.). - Able to lead project teams, and collaborate with business partners, vendor/ consulting organizations, and peer-level professionals from other IT disciplines. - Information Security Engineering experience including risk identification with options and compensating controls to remediate. - Successful track record in identifying ways to modify the security program (i.e. identity access management) to keep up with the ever-changing technology & security landscape. - Experience initiating and managing improvement in security domain areas (i.e. identity access and authentication) by leveraging process metrics and customer feedback. - Good understanding of the Software Development process especially related to secure coding best practices. Prior experience programming in Java is a plus.   Corporate Security Responsibility All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must: Abide by Mastercard’s security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach, and Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.