Mastercard Jobs

Job Information

MasterCard Principal, Security Architect in London, United Kingdom

Our Purpose

We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion (https://www.mastercard.us/en-us/vision/who-we-are/diversity-inclusion.html) for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.

Job Title

Principal, Security Architect

Who is Mastercard?

Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.

Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.

Overview

The security team is looking for a Security Architect to drive our customer experience strategy forward by consistently innovating and problem-solving. We are looking for talented Security Architects with a good understanding of web server technology, mobile application security, PKI and cryptography to join our team. At Mastercard we take a unique approach, balancing human-centered design with an agile technology capability to tackle complex problems in original ways. With a great variety of potential projects in the portfolio, there are many different areas to investigate. We are a proactive group of engineers looking for candidates who are willing to do more than just respond to issues. We thrive on working collaboratively with the wider business, and always look for opportunities to automate as much of our operations as possible. We identify risk and provide mitigation. Operationally we analyse alerts, find anomalies, fix issues and ask why things happen.

Role

In this security position, you will:

• Work with Product Management and Development teams to ensure that Mastercard products are architected to be secure by design and protect privacy

• Design, architect and build secure components that can be reused throughout the organisation

• Maintain and enhance security reference architecture

• Document and deliver recommendations for secure deployment of products

• Engineer the DevSecOps pipelines to support Continuous Integraton

• Ensure that security architecture guidelines are followed by development teams

• Liaise with Senior Security Architect on strategy, requirements and architecture best practice

• Ensure we are compliant with industry standards

• Liaise with pre-sales/services/customers on security architecture issues

• Assist development team in evaluation of security-related technologies

• Work with other Security-related teams in the wider Mastercard organisation to have a coordinated security approach

All About You

Essential experience

• Software development background

• Expertise in a mainstream language such as Java/golang/c/c++/python

• Web application security, especially OWASP

• Understand the Secure Software Development Lifecycle

• Practical knowledge of OAuth 2.0, OpenID Connect, SCIM and XACML.

• Understand RBAC and ABAC

• Understand non-functional security requirements.

• Mobile application security

• Security design patterns

• Experience of identity and access management solutions

• JIRA/Confluence

Desirable Experience

• Security testing/vulnerability assessment/code scanning/manual source code inspection

• Static security code scanning tools such as Checkmarx, Nexus IQ

• Relevant security certification (CISSP, CISM, CSSLP, CISA)

• Experience of threat modelling and security risk assessment.

• Cloud computing platforms (AWS, Azure, Google Cloud Platform)

• Java application servers, such as Tomcat, JBoss, WebSphere, or Weblogic

• Microservice APIs: REST, GraphQL, GRC

COVID-19 Considerations

We value the safety of each member of our community because we know we’re all in this together. In many locations, which may change over time, we’ve implemented a virtual hiring process and continue to interview candidates by video or phone. In addition, in some locations, only individuals who have been fully vaccinated will be permitted inside Mastercard offices until further notice.

In the US, Mastercard is a government contractor, which may legally require most Mastercard employees to be vaccinated unless a verified approved medical or religious exemption is granted. Further, we are currently making every effort towards having employees return to work in the office 2 days per week, if that makes sense for their team. Everyone must be vaccinated to enter Mastercard offices at this time. Therefore, we expect all candidates to be vaccinated or to be approved for a medical or religious accommodation prior to commencing work at Mastercard.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

  • Abide by Mastercard’s security policies and practices;

  • Ensure the confidentiality and integrity of the information being accessed;

  • Report any suspected information security violation or breach, and

  • Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

Requisition ID: R-163101

DirectEmployers