Our Purpose
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Title and Summary
Senior Vulnerability Analyst
Who is Mastercard?
Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.
Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.
Overview
The Vulnerability Management team is looking for a Senior Vulnerability Analyst to drive our customer experience strategy forward by consistently innovating and problem-solving. The ideal candidate is passionate about cyber security, highly motivated, intellectually curious, analytical, and possesses an innovative spirit.
Role
• This role is specifically targeted to the Vulnerability Management Audit and Compliance team (VMAC) within Vulnerability Management, which ensures that all audits, standards, and compliance to those standards are addressed and maintained appropriately
• Maintain a high-level understanding of all Vulnerability Management practices within Mastercard (Network scanning, penetration testing, static code analysis, CI/CD pipeline testing, etc.)
• Audit/regulatory review evidence gathering and presentation
• PCI DSS and ISO 27001- specifically for vulnerability management
• Policy Exception Management
• Compliance tracking and reporting
• Proactively seek out industry best practices to ensure that VM policies and procedures are aligned. What does the future look like and how do we ensure coverage?
All About You
The ideal candidate for this position should:
• Have experience working across timezones and diverse corporate organizations
• Have previous experience working in cyber security, specifically in the vulnerability management field
• Possesses a good understanding of PCI DSS, ISO 27001, and/or other regulatory and compliance mandates specifically geared towards Vulnerability Management
• Demonstrate intermediate expertise working in vulnerability management systems such as network security testing, vulnerability scanners, penetration testing, static code analysis and governance risk and compliance (GRC) systems
• Demonstrated ability to explain technical problems succinctly and clearly and should feel comfortable with presenting in front of large groups
• Continually monitoring the rapidly changing landscape of threats and vulnerabilities
• Seek ways to automate manual processes through intermediate scripting skills (e.g. Python, Perl, bash) and REST or SOAP web service APIs
• A positive attitude and a willingness to learn and share ideas
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard’s security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.