We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Title and Summary Information Security Engineer IDS 1261
We are seeking a skilled and experienced Security Engineer. You will play a crucial role to ensure products integrate security requirements during design and throughout the product’s lifecycle. You will work closely with various security teams to provide product engineers with security capabilities and recommendations. You'll mentor and guide technology, product and software development teams, ensuring high-quality outcomes, and play a vital role in shaping our technology and security landscape.
What You'll Do: Collaborate with software developers, system engineers, and other stakeholders to integrate security controls into the development lifecycle
Provide input to designs and architectures that include business and regulatory requirements
Provide guidance on best practices for secure designs
Guide developers through proper application development during various design phases
Conduct risk assessments and perform threat modeling to identify potential security vulnerabilities and design weaknesses
Identify security controls that will address security gaps
Evaluate and recommend security technologies, tools, and services
Perform security reviews and audits of system designs and implementations
Stay updated on industry trends, emerging threats, and best practices in security designs
What you bring: Strong communication skills with the ability to collaborate with technical and non-technical stakeholders
Experience as a Security Design Engineer or in a similar role
Experience with secure software development methodologies (e.g. OWASP Top 10, CWE/SANS Tops 25, etc.)
Knowledge of encryption algorithms, authentication protocols, and secure communication protocols
Strong understanding of network security best practices, security principles and standards, and frameworks (e.g., ISO 27001, NIST Cybersecurity Framework, etc.)
Understanding of network protocols, architecture, and topology for cloud and on-premises implementations
Familiarity with cloud security principles and best practices (AWS, GCP, Azure)
Ability to perform risk assessments and threat modeling to identify security risks and mitigations
Effective communication and interpersonal skills, with the ability to work collaboratively in a team environment
Additional nice to have: Technical experience with scripting/programming languages
CISSP, CCSP or industry-recognized / vendor-specific security certification(s)
Previous experience in an audited environment complying with common regulation standards
Experience with DevSecOps
Relevant previous experience: Security Engineering
Security Architecture
Security Consultant
Application Development
Incident Management
Security Research
Vulnerability Management
Threat Intelligence
Mastercard is an inclusive equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.
Corporate Security Responsibility All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard’s security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach;
Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
#J-18808-Ljbffr