Senior Vulnerability Analyst – Penetration Tester

Mastercard

Vue: 160

Jour de mise à jour: 16-11-2025

Localisation: Waterloo Walloon Brabant

Catégorie: Ventes

Industrie: IT Services IT Consulting Internet Publishing Financial Services

Niveau: Associate

Type d’emploi: Full-time

Loading ...

le contenu du travail

Our Purpose

We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.

Job Title

Senior Vulnerability Analyst – Penetration Tester

Overview

The Vulnerability Management team is looking for a Senior Vulnerability Analyst – Penetration Tester to identify, test, and report security weaknesses in networks, systems and applications. The ideal candidate is passionate about cyber security, highly motivated, intellectually curious, analytical, and possesses an innovative spirit.

Role
  • Assess an organizations risk posture based on the resident vulnerabilities and prioritize courses of action to reduce risk.
  • Document and formally report testing initiatives, along with remediation recommendations and validation.
  • Conduct tactical assessments that require expertise in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products.
  • Work closely with the Mastercard Intelligence Center to leverage intelligence sources, identify new threats in the wild and verify the organization’s security posture against them.
  • Develop and maintain tools and scripts used in penetration-testing.
  • Support purple team exercises designed to build strength across disparate teams.
  • Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary.
  • Partner with teams across the organization to drive the identification and remediation of vulnerabilities globally

All About You

The ideal candidate for this position should:
  • At least 3-5 years’ experience in information security administration, offensive tactics, monitoring and IR.
  • Proficient in scripting languages such as Python, PowerShell, Bash and Ruby.
  • Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit.
  • Experience conducting penetration-testing/red team engagements as a consultant or within a previous role in a professional organization.
  • Strong operating system knowledge across *nix, Windows and Mac; proficient with networking protocols.
  • Ability to obtain and maintain persistence within corporate systems, while avoiding detection.
  • Familiarity with defensive and monitoring technologies such intrusion prevention/detection systems (IPS/IDS), security information and event management systems (SIEMs), firewalls, endpoint protection (EPP) and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).
  • Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC)

COVID-19 Considerations

We value the safety of each member of our community because we know we’re all in this together. In many locations, which may change over time, we’ve implemented a virtual hiring process and continue to interview candidates by video or phone. In addition, in some locations, only individuals who have been fully vaccinated will be permitted inside Mastercard offices until further notice.

In the US, Mastercard is a government contractor, which may legally require most Mastercard employees to be vaccinated unless a verified approved medical or religious exemption is granted. Further, we are currently making every effort towards having employees return to work in the office 2 days per week, if that makes sense for their team. Everyone must be vaccinated to enter Mastercard offices at this time. Therefore, we expect all candidates to be vaccinated or to be approved for a medical or religious accommodation prior to commencing work at Mastercard.

Corporate Security Responsibility

Responsibilities

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must
  • Abide by Mastercard’s security policies and practices;
  • Ensure the confidentiality and integrity of the information being accessed;
  • Report any suspected information security violation or breach, and
  • Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
Loading ...
Loading ...

Date limite: 31-12-2025

Cliquez pour postuler pour un candidat gratuit

Postuler

Signaler des emplois
Loading ...

MÊMES EMPLOIS

Loading ...
Loading ...