4 - 8 Yrs
java,.net,python,powershell,devsecops,cloud,ci/cd pipeline and ssdlc process automation
Senior DevSecOps Vulnerability Analyst
• MasterCard is seeking a Senior DevSecOps Vulnerability Analyst with strong experience in static application security testing (SAST) and software composition analysis (SCA). Candidate must have experience in performing application security code review and vulnerability management. Experience with black box, grey box, and white box penetration testing is desired.
• Whether through traditional retail, mobile, or e-commerce, MasterCard innovation is leading the digital convergence of traditional and emerging payments technologies across a wide variety of new devices and services for billions of users world-wide.
• Are you passionate about application security? Do you like to tinker with things in order to figure out how to build them better, stronger, and more resilient? Are you a people person who values partnership, teamwork, and building solutions with cross-functional disciplines and teams? Are you curious? Do you follow trends, research, and best practices as part of your insatiable desire to learn and teach others? Do you want to have a true impact on the security of how the world transacts? This may be the role for you.
• Conducting application security assessments, secure source code review, secure software composition analysis of applications (web, mobile, web service, etc.). These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools.
• Assist in the development, evaluation, implementation of application security testing, orchestration, vulnerability management process and tools
• Research and keep up to date with application security threats, techniques, tools, trends and threat mitigation strategies
• Able to assist in setting the strategic direction for application security and vulnerability management programs across the firm
• Responsible for all project documentation, including maintaining technical documents and business requirements
• Takes lead on medium size projects
• Creates business and technical requirements on projects that defines getting to implementation
• Strong communication skills and technical skills with the ability to communicate between business and techncial teams
• Responsible for understanding security policies and industry best practices & compliance
• Hands-on experience in secure source code review, software composition analysis and vulnerability management for web, mobile and network systems
• Prior experience in Programming & Scripting such as Java, .net, Python, PowerShell is preferred
• Knowledge of secure software development life cycle (SSDLC), DevSecOps, Cloud, CI/CD pipeline and SSDLC process Automation is desired
• Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies
• Current knowledge of application security best practices, common exploits and threat landscape
• Experience with application threat modeling or other risk identification techniques
• Strong relationship building skills and collaborative style to enable success across multiple partners desired
• The candidate should be familiar with laws, regulations, and industry standards such as PCI DSS GDPR, CCPA, GLBA, NIST SP800-53 and Cybersecurity Framework, and International Organization for Standardization (ISO) series 27001/2, 27005, 31000.