MasterCard Lead DevSecOps Vulnerability Analyst in O'Fallon, Missouri
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion (https://www.mastercard.us/en-us/vision/who-we-are/diversity-inclusion.html) for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Lead DevSecOps Vulnerability Analyst
Seeking Lead DevSecOps Vulnerability Analyst with strong experience in static application security testing (SAST) and software composition analysis (SCA). Candidate must have experience in performing application security code review and vulnerability management. Experience with black box, grey box, and white box penetration testing is desired.
• Lead secure source code review, secure software composition analysis of applications (web, mobile, web service, etc.). These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools.
• Lead the development, evaluation and implementation of static application security testing, libraries, secure container, Infrastructure as code, orchestration, vulnerability management process and tools
• Research and keep up to date with application security threats, techniques, tools, trends and threat mitigation strategies
• Able to assist in setting the strategic direction for application security and vulnerability management programs across the firm
• Responsible for all project documentation, including maintaining technical documents and business requirements
• Takes lead on medium size projects. Ability to Create business and technical requirements on projects and implementation plan
• Strong communication skills and technical skills with the ability to communicate between business and technical teams
• Responsible for understanding security policies and industry best practices & compliance
• Hands-on experience in secure source code review, software composition analysis and vulnerability management for web, mobile and network systems
• Hands-on experience in artifact build and management, software composition analysis and vulnerability management for container, cloud and web applications
• Prior experience in Programming & Scripting such as Java, .Net, Groovy, Python and PowerShell is preferred
• Knowledge of secure software development life cycle (SSDLC), DevSecOps, Cloud, CI/CD pipeline and SSDLC process Automation is desired
• Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies
• Current knowledge of application security best practices, common exploits and threat landscape
• Experience with application threat modeling or other risk identification techniques
• Strong relationship building skills and collaborative style to enable success across multiple partners desired
• The candidate should be familiar with laws, regulations, and industry standards such as PCI DSS, GDPR, CCPA, GLBA, NIST SP800-53 and Cybersecurity Framework, and International Organization for Standardization (ISO) series 27001/2, 27005, 31000.
Due to COVID-19, most of our employees are working from home. We’ve implemented a virtual hiring process and continue to interview candidates by phone or video and are onboarding new hires remotely. We value the safety of each member of our community because we know we’re all in this together.
Mastercard is an inclusive Equal Employment Opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law.
If you require accommodations or assistance to complete the online application process, please contact email@example.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.
Requisition ID: R-123017