We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Title and Summary
Information Security Engineer IDS 1261
We are seeking a skilled and experienced Security Engineer. You will play a crucial role to ensure products integrate security requirements during design and throughout the product’s lifecycle. You will work closely with various security teams to provide product engineers with security capabilities and recommendations. You'll mentor and guide technology, product and software development teams, ensuring high-quality outcomes, and play a vital role in shaping our technology and security landscape.
What You'll Do:
- Collaborate with software developers, system engineers, and other stakeholders to integrate security controls into the development lifecycle
- Provide input to designs and architectures that include business and regulatory requirements
- Provide guidance on best practices for secure designs
- Guide developers through proper application development during various design phases
- Conduct risk assessments and perform threat modeling to identify potential security vulnerabilities and design weaknesses
- Identify security controls that will address security gaps
- Evaluate and recommend security technologies, tools, and services
- Perform security reviews and audits of system designs and implementations
- Stay updated on industry trends, emerging threats, and best practices in security designs
What you bring:
- Strong communication skills with the ability to collaborate with technical and non-technical stakeholders
- Experience as a Security Design Engineer or in a similar role
- Experience with secure software development methodologies (e.g. OWASP Top 10, CWE/SANS Tops 25, etc.)
- Knowledge of encryption algorithms, authentication protocols, and secure communication protocols
- Strong understanding of network security best practices, security principles and standards, and frameworks (e.g., ISO 27001, NIST Cybersecurity Framework, etc.)
- Understanding of network protocols, architecture, and topology for cloud and on-premises implementations
- Familiarity with cloud security principles and best practices (AWS, GCP, Azure)
- Ability to perform risk assessments and threat modeling to identify security risks and mitigations
- Effective communication and interpersonal skills, with the ability to work collaboratively in a team environment
Additional nice to have:
- Technical experience with scripting/programming languages
- CISSP, CCSP or industry-recognized / vendor-specific security certification(s)
- Previous experience in an audited environment complying with common regulation standards
- Experience with DevSecOps
Relevant previous experience:
- Security Engineering
- Security Architecture
- Security Consultant
- Application Development
- Incident Management
- Security Research
- Vulnerability Management
- Threat Intelligence
Mastercard is an inclusive equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact reasonable_accommodation@mastercard.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
- Abide by Mastercard’s security policies and practices;
- Ensure the confidentiality and integrity of the information being accessed;
- Report any suspected information security violation or breach;
- Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.