DescriptionOur PurposeWe work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate aculture of inclusionfor all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team one that makes better decisions, drives innovation and delivers better business results.Job TitleLead DevSecOps Vulnerability AnalystOverviewSeeking Lead DevSecOps Vulnerability Analyst with strong experience in static application security testing (SAST) and software composition analysis (SCA). Candidate must have experience in performing application security code review and vulnerability management. Experience with black box, grey box, and white box penetration testing is desired.Role Lead secure source code review, secure software composition analysis of applications (web, mobile, web service, etc.). These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools. Lead the development, evaluation and implementation of static application security testing, libraries, secure container, Infrastructure as code, orchestration, vulnerability management process and tools Research and keep up to date with application security threats, techniques, tools, trends and threat mitigation strategies Able to assist in setting the strategic direction for application security and vulnerability management programs across the firm Responsible for all project documentation, including maintaining technical documents and business requirements Takes lead on medium size projects. Ability to Create business and technical requirements on projects and implementation plan Strong communication skills and technical skills with the ability to communicate between business and technical teams Responsible for understanding security policies and industry best practices and complianceAll About You Hands-on experience in secure source code review, software composition analysis and vulnerability management for web, mobile and network systems Hands-on experience in artifact build and management, software composition analysis and vulnerability management for container, cloud and web applications Prior experience in Programming and Scripting such as Java, .Net, Groovy, Python and PowerShell is preferred Knowledge of secure software development life cycle (SSDLC), DevSecOps, Cloud, CI/CD pipeline and SSDLC process Automation is desired Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies Current knowledge of application security best practices, common exploits and threat landscape Experience with application threat modeling or other risk identification techniques Strong relationship building skills and collaborative style to enable success across multiple partners desired The candidate should be familiar with laws, regulations, and industry standards such as PCI DSS, GDPR, CCPA, GLBA, NIST SP800-53 and Cybersecurity Framework, and International Organization for Standardization (ISO) series 27001/2, 27005, 31000.COVID-19 ConsiderationsWe value the safety of each member of our community because we know were all in this together.In many locations, which may change over time, weve implemented a virtual hiring process and continue to interview candidates by video or phone. In addition, in some locations, only individuals who have been fully vaccinated will be permitted inside Mastercard offices until further notice.In the US, Mastercard is a government contractor, which may legally require most Mastercard employees t
