Information Security Engineer

We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.Title and SummaryInformation Security Engineer IDS 1261We are seeking a skilled and experienced Security Engineer. You will play a crucial role to ensure products integrate security requirements during design and throughout the product’s lifecycle. You will work closely with various security teams to provide product engineers with security capabilities and recommendations. You'll mentor and guide technology, product and software development teams, ensuring high-quality outcomes, and play a vital role in shaping our technology and security landscape.What You'll Do:Collaborate with software developers, system engineers, and other stakeholders to integrate security controls into the development lifecycleProvide input to designs and architectures that include business and regulatory requirementsProvide guidance on best practices for secure designsGuide developers through proper application development during various design phasesConduct risk assessments and perform threat modeling to identify potential security vulnerabilities and design weaknessesIdentify security controls that will address security gapsEvaluate and recommend security technologies, tools, and servicesPerform security reviews and audits of system designs and implementationsStay updated on industry trends, emerging threats, and best practices in security designsWhat you bring:Strong communication skills with the ability to collaborate with technical and non-technical stakeholdersExperience as a Security Design Engineer or in a similar roleExperience with secure software development methodologies (e.g. OWASP Top 10, CWE/SANS Tops 25, etc.)Knowledge of encryption algorithms, authentication protocols, and secure communication protocolsStrong understanding of network security best practices, security principles and standards, and frameworks (e.g., ISO 27001, NIST Cybersecurity Framework, etc.)Understanding of network protocols, architecture, and topology for cloud and on-premises implementationsFamiliarity with cloud security principles and best practices (AWS, GCP, Azure)Ability to perform risk assessments and threat modeling to identify security risks and mitigationsEffective communication and interpersonal skills, with the ability to work collaboratively in a team environmentAdditional nice to have:Technical experience with scripting/programming languagesCISSP, CCSP or industry-recognized / vendor-specific security certification(s)Previous experience in an audited environment complying with common regulation standardsExperience with DevSecOpsRelevant previous experience:Security EngineeringSecurity ArchitectureSecurity ConsultantApplication DevelopmentIncident ManagementSecurity ResearchVulnerability ManagementThreat IntelligenceMastercard is an inclusive equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact [email protected] and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.Corporate Security ResponsibilityAll activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:Abide by Mastercard’s security policies and practices;Ensure the confidentiality and integrity of the information being accessed;Report any suspected information security violation or breach;Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines. #J-18808-Ljbffr