MasterCard Senior DevSecOps Vulnerability Analyst in Kansas City, Missouri
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion (https://www.mastercard.us/en-us/vision/who-we-are/diversity-inclusion.html) for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Senior DevSecOps Vulnerability Analyst
• MasterCard is seeking a Senior DevSecOps Vulnerability Analyst with strong experience in static application security testing (SAST) and software composition analysis (SCA). Candidate must have experience in performing application security code review and vulnerability management. Experience with black box, grey box, and white box penetration testing is desired.
• Whether through traditional retail, mobile, or e-commerce, MasterCard innovation is leading the digital convergence of traditional and emerging payments technologies across a wide variety of new devices and services for billions of users world-wide.
• Are you passionate about application security? Do you like to tinker with things in order to figure out how to build them better, stronger, and more resilient? Are you a people person who values partnership, teamwork, and building solutions with cross-functional disciplines and teams? Are you curious? Do you follow trends, research, and best practices as part of your insatiable desire to learn and teach others? Do you want to have a true impact on the security of how the world transacts? This may be the role for you.
• Conducting application security assessments, secure source code review, secure software composition analysis of applications (web, mobile, web service, etc.). These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools.
• Assist in the development, evaluation, implementation of application security testing, secure Container/Kubernetes infrastructure, orchestration, vulnerability management process and tools
• Research and keep up to date with application security threats, techniques, tools, trends and threat mitigation strategies
• Responsible for all project documentation, including maintaining technical documents and business requirements
• Takes lead on medium size projects
• Creates business and technical requirements on projects that defines getting to implementation
• Strong communication skills and technical skills with the ability to communicate between business and techncial teams
• Responsible for understanding security policies and industry best practices & compliance
• Hands-on experience in secure source code review, software composition analysis and vulnerability management for web, mobile and network systems
• Hands-on experience in artifact build and management, software composition analysis and vulnerability management for container, cloud and web applications
• Prior experience in Programming & Scripting such as Java, Groovy, Python and PowerShell is preferred
• Knowledge of secure software development life cycle (SSDLC), DevSecOps, Cloud, CI/CD pipeline and SSDLC process Automation is desired
• Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies
• Current knowledge of application security best practices, common exploits and threat landscape
• Experience with application threat modeling or other risk identification techniques
• Strong relationship building skills and collaborative style to enable success across multiple partners desired
• The candidate should be familiar with laws, regulations, and industry standards such as PCI DSS, GDPR, CCPA, GLBA, NIST SP800-53 and Cybersecurity Framework, and International Organization for Standardization (ISO) series 27001/2, 27005, 31000.
Due to COVID-19, most of our employees are working from home. We’ve implemented a virtual hiring process and continue to interview candidates by phone or video and are onboarding new hires remotely. We value the safety of each member of our community because we know we’re all in this together.
Mastercard is an inclusive Equal Employment Opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law.
If you require accommodations or assistance to complete the online application process, please contact firstname.lastname@example.org and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.
Corporate Security Responsibility
Every person working for, or on behalf of, Mastercard is responsible for information security. All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and therefore, it is expected that the successful candidate for this position must:
• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
Requisition ID: R-143330