MasterCard Senior Information Security Engineer – SIEM in Rickmansworth, United Kingdom
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion (https://www.mastercard.us/en-us/vision/who-we-are/diversity-inclusion.html) for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Senior Information Security Engineer – SIEM
The Security Monitoring Engineering (SME) team is looking for a Senior Information Security Engineer – SIEM to manage SIEM content to monitor and detect cyber security threats & incidents. The ideal candidate is highly motivated, intellectually curious, analytical, and possesses an entrepreneurial mindset. The role requires a blend of cybersecurity experience and highly developed communication skills to be a security liaison and engineer for Mastercard/Vocalink.
Ultimately, the goal of this role is to enhance security monitoring tooling, detections and incident response capabilities using SIEM solutions to provide a single view of the environment.
Role In this highly visible position, you will:
o Work closely with the Security Operations Center (SOC), Security Engineering and Application and Cloud teams to improve existing security monitoring and deliver resilient security solutions.
o Engage with other teams to ensure that the SIEM is performing to standard with all necessary logging sources
o Analyse, design, develop, and deliver solutions to detect and stop adversaries.
o Design, test and review Security Monitoring Use Cases
o Define how logs should be parsed
o Define thresholds and baselines to aggregate similar events then write correlation rules
o Test and tune advanced correlation alerts
o Ensure SIEM technologies are integrated & utilised to protect cyber related assets
o Onboard, maintain and tune log sources, data contents and use cases
o Support the operation of the comprehensive SIEM platform
o Manage SIEM in terms of strategy and content
o Analyse SOC alerts statistics and workflows to reduce false positives and properly focus engineering efforts.
o Manage and improve SIEM infrastructure to improve detection flexibility and reliability.
o Build pipelines to enrich logs and alert results to provide a comprehensive view for SOC analysts.
o Research new security technologies and their applications to SIEM, SOAR, and cloud environments
o Assist the SOC with searches by acting as an expert in SIEM
o Work with project teams to scope and deliver security related solutions
o Support relationships with 3rd party vendors to enhance monitoring
o Define requirements for other security technologies such as Endpoint/Network Detection & Response, Intrusion Detection/Prevention, Web Proxies etc.
All about you:
Essential requirements of candidates:
o Strong working knowledge of security technologies (Intrusion Detection and Prevention Systems, Web Proxy, Antivirus, Security Information and Event Management SIEMs, Endpoint Detection agents, etc.)
o 4+ years in Cyber Security or Security Detection Engineering, SIEM experience
o Strong understanding of TCP/IP, MITRE ATT&CK, Kill Chain, Vulnerability Management and Networking principles
o Experience with operating system internals for both Linux and Windows platforms.
o Ability to work effectively in ambiguous and/or high-pressure situations
o Be skilled at explaining technical problems succinctly and clearly
o Be a strong, confident, and exacting writer and speaker, able to communicate your vision and roadmap effectively to a wide variety of stakeholders
o Proactively strive for better visibility and security
o It is expected that the successful candidate will obtain National Security vetting
We value the safety of each member of our community because we know we’re all in this together. In many locations, which may change over time, we’ve implemented a virtual hiring process and continue to interview candidates by video or phone. In addition, in some locations, only individuals who have been fully vaccinated will be permitted inside Mastercard offices until further notice.
In the US, Mastercard is a government contractor, which may legally require most Mastercard employees to be vaccinated unless a verified approved medical or religious exemption is granted. Further, we are currently making every effort towards having employees return to work in the office 2 days per week, if that makes sense for their team. Everyone must be vaccinated to enter Mastercard offices at this time. Therefore, we expect all candidates to be vaccinated or to be approved for a medical or religious accommodation prior to commencing work at Mastercard.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard’s security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
Requisition ID: R-153282