Our Purpose
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Title and Summary
Vulnerability Analyst I (Application Security & Penetration Manual Testing, Web Applications, Web Services/ API, Thick Clients, SDKs, Mobile)Overview
Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.
Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.
• The Vulnerability Management team is a dedicated collection of self-organizing, interdependent, co-located individuals representing different functional roles with all the necessary skills to conduct security testing of Mastercard applications and networks.
• Team members are network and application security and penetration testing professionals with various levels of expertise and experience in security testing of web application, mobile applications, APIs, Cloud hosted application, Containers and on-prem data centers.
• The Vulnerability Analyst I is a hands-on professional in application security testing and delivers on individual assignments as well as work within a multi-location team environment.
Role
• Ensuring that all web and mobile applications security tests are conducted within the framework set at Mastercard.
• Ensure that all test cases and tools are used appropriately for testing of various application types.
• Ensuring that all help and guidance is provided to development teams on the vulnerabilities identified in their applications while performing of security testing..
• Identify improvement areas in the security testing domain and implement learnings for the Globally located team.
• Coordinate with application development teams on their demands for security testing and provide a seamless experience with testing and reporting of penetration tests.
• Ready to work with a global team spread across time-zones and geographies.
All About You
• A record of successful delivery of application security testing projects as an individual and team leader.
• Excellent communicator and collaborator
• Problem solver and solution-seeking approach
• Ability to build rapport and relationships
• Understands the full scope of S-SDLC
• Preferably a certified OSCP or SANS GMOB, ESCA or equivalent certification is a must.
• Experience in Cloud based application testing or Bug Bounty programs will be an added benefit.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard’s security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
