Our Purpose

We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.

Title and Summary

Lead Vulnerability Analyst

Who is Mastercard?
Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.

Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.
Mission First, People Always
As Corporate Security, we are responsible for keeping Mastercard safe and secure from cyber and physical threats, and it is our people on the frontlines who make this happen every day.
By taking care of our people, their wellbeing, and career development, we provide them the necessary tools and environment to ensure the success of our mission.
Overview
The Vulnerability Management team is looking for a Lead Vulnerability Analyst to join our vulnerability assessment team. The ideal candidate is passionate about vulnerability management, governance, and compliance, highly motivated, intellectually curious, and analytical. The role requires a blend of cybersecurity knowledge and communication skills to assist the security liaison and engineer for the acquired entity. In this role you will:
• Identify, test, and report security weaknesses in networks, systems and applications
• Test and evaluate new technologies, report possible threats or software issues to management.
• Assess an organizations risk posture based on the resident vulnerabilities and prioritize courses of action to reduce risk.
• Oversee governance and compliance of vulnerability remediation enterprise wide.
• Support security measures and operate software to protect information and systems, and monitor computer networks for security issues.
• Develop an understanding for security policies, regulatory compliance, and technical aptitude on complex technologies and strategies.
• Analyze security systems and seek improvements on a continuous basis.
• Create and revise technical documentation, procedures, and analytics.
All About You
The ideal candidate for this position should have:
• Have experience working across timezones and diverse corporate organizations
• Have significant experience working in cyber security, specifically in the vulnerability management field
• Possesses a strong understanding of TCP/IP, Mitre ATT&CK, Kill Chain, Vulnerability Management and Networking Principles
• Demonstrate intermediate expertise working in vulnerability management systems, including network security testing, vulnerability scanners, governance risk and compliance (GRC) systems and threat vulnerability management (TVM) solutions including Kenna, Brinqa and Skybox Vulnerability Control.
• Experience with common Vulnerability Assessment tools (Tenable, Rapid7, Qualys, etc.)
• Experience performing penetration tests on systems and network
• Demonstrated ability to explain technical problems succinctly and clearly
• Continually monitoring the rapidly changing landscape of threats and vulnerabilities
• Seek ways to automate manual processes through intermediate scripting skills (e.g. Python, Perl, bash) and REST or SOAP web service APIs
• Never happy with the status quo and always looking for a way to make things betterExposure to security, including network and internet systems security.
• Excellent written and oral communication skills.
• Ability to identify and understand security terminology, concepts, and practices.
• Ability to prioritize projects and tasks
• Critical thinking skills and the ability to solve problems as they arise.
NICE Framework References
National Initiative for Cybersecurity Education (NICE) competency proficiency levels of proficient to advanced in leadership, operational, and professional, and technical.
This Mastercard role shares KSAs with related NICE work roles:
• PR-CDA-001, OPM511, Cyber Defense Analyst
• PR-VAM-001, OPM541, Vulnerability Assessment Analyst
Corporate Security Responsibility
Every person working for, or on behalf of, Mastercard is responsible for information security. All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and therefore, it is expected that the successful candidate for this position must:
• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;

• Ensure the confidentiality and integrity of the information being accessed;

• Report any suspected information security violation or breach, and

• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.