Lead DevSecOps Vulnerability Analyst

MasterCard

Our Purpose

We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.

Title And Summary

Lead DevSecOps Vulnerability Analyst

Who is Mastercard?

Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.

Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.

Overview

The Vulnerability Management team is seeking a Lead DevSecOps Vulnerability Analyst with strong experience in static application security testing (SAST) and software composition analysis (SCA). The ideal candidate will have experience in performing application security code review and vulnerability management. Experience with black box, grey box, and white box penetration testing is desired. In this role, you will:

• Lead the integration of static application security testing and shift left vulnerability management initiatives across acquired entities.
• Lead the development, evaluation and implementation of static application security testing, libraries, secure container, Infrastructure as code, orchestration, vulnerability management process and tools
• Research and keep up to date with application security threats, techniques, tools, trends and threat mitigation strategies
• Assist in setting the strategic direction for application security and vulnerability management programs across the firm
• Cultivate and maintain working relationships with variety of internal stakeholders, including business owners, end-users, customers, project managers, engineers, and senior leadership

All About You

The ideal candidate for this position should have:

• Hands-on experience in secure source code review, software composition analysis and vulnerability management for web, mobile and network systems
• Hands-on experience in artifact build and management, software composition analysis and vulnerability management for container, cloud and web applications
• Prior experience in Programming & Scripting such as Java, .Net, Groovy, Python and PowerShell is preferred
• Knowledge of secure software development life cycle (SSDLC), DevSecOps, Cloud, CI/CD pipeline and SSDLC process Automation is desired
• Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies
• Experience with application threat modeling or other risk identification techniques
• Familiarity with laws, regulations, and industry standards such as PCI DSS, GDPR, CCPA, GLBA, NIST SP800-53 and Cybersecurity Framework, and International Organization for Standardization (ISO) series 27001/2, 27005, 31000.

National Initiative for Cybersecurity Education (NICE) competency proficiency levels of advanced in leadership, operational, and professional, to advanced and expert in technical. This Mastercard role shares KSAs with related NICE work roles

• SP-SRP-001, OPM641, Systems Requirements Planner
• OM-SPP-002, OPM752, Cyber Policy and Strategy Planner
• PR-CDA-001, OPM511, Cyber Defense Analyst
• PR-VAM-001, OPM541, Vulnerability Assessment Analyst
• SP-SYS-001, OPM631, Information Systems Security Developer

In the US, Mastercard is an inclusive Equal Employment Opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. If you require accommodations or assistance to complete the online application process, please contact reasonable_accommodation@mastercard.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.

Corporate Security Responsibility

Responsibilities

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

Pay Ranges

New York City, New York: $136,000 - $223,000 USD

Arlington, Virginia: $130,000 - $214,000 USD

Atlanta, Georgia: $113,000 - $186,000 USD

Miami, Florida: $113,000 - $186,000 USD

O'Fallon, Missouri: $113,000 - $186,000 USD

Purchase, New York: $130,000 - $214,000 USD

064a41ff078bb0b4d9bbe7676deef13a