Our Purpose
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team - one that makes better decisions, drives innovation and delivers better business results.
Want more jobs like this?
Get jobs in O'Fallon, MO delivered to your inbox every week.
Title and Summary
Lead Software Engineer
Overview
• The Cryptographic Security Team is a dedicated collection of self-organizing, high-performing, interdependent individuals representing different functional roles with all the necessary skills to create the foundational capabilities that application teams develop on top of it.
• This position serves as a technical leader within a team tasked with guiding the design, development, and delivery of significant cross-departmental initiatives that have a wide scope and long-term business impact.
• Candidates must be able to obtain a deep technical understanding of the applications/systems that they are working on and must be willing to dig in and ask challenging questions to make sure that plans are executed efficiently.
• Candidates should have a strong interest in Corporate Security Engineering.
• Candidates must demonstrate strong engineering and technical leadership and the ability to engage in out-of-the-box problem-solving.
• Candidate will be responsible for researching alternative technical solutions for changing business needs.
Role
• Provide technical design and architecture advice to internal teams on securely developing and building applications and supporting systems pertaining to HSM.
• Create and execute automated processes for configuring, deploying, and upgrading HSM devices.
• Define secure mechanisms for critical business functions for both on-premises and in-cloud environments
• Work closely with Hardware Security Module vendors to follow up on product lifecycle, roadmap, new functionalities, and issues.
• Assist in the strategy, standards, and architecture for the cryptography, PKI, and key management aspects of the SDLC, including application, mobile, web service, DevOps, cloud, and CI/CD efforts
• Execute and own the baseline architecture implementations and design activities, collaborating with other engineers and engineering teams.
• Regularly communicate with management about risk analysis and design trade-offs.
• Work on Pre SDLC or Discovery activities, owning and contributing to assigned activities related to technical feasibility & assessment and providing responses.
• Provide guidance to teams on development standards, automation, and tools.
• Identify performance bottlenecks and come up with novel ways to solve them.
• Work to define feature requirements and deliver the product that materially impacts the business and improves the consumer experience.
All about you
• Demonstrate a profound mastery of software engineering concepts and practices across all phases of the software development lifecycle, showcasing an exceptional breadth of knowledge and insight.
• Knowledge of cryptography, including several of the following: encryption, hashing, key management, digital certificates, TLS, PKCS#11, and confidential computing
• Possessing over a year of extensive hands-on experience with any of the HSM such as Luna, Entrust, Utimaco, and Payshield.
• Demonstrate technical competency in security engineering based on hands-on experience or relevant qualifications
• Working knowledge and technical security experience with UNIX, Linux, FreeBSD, AIX, or Windows.
• Hand-on experience in Shell Scripting (Unix/Windows)
• Proficient in any of the following programming languages: Java, Python or Rust.
• Fundamental understanding of private or public cloud ecosystems and CI/CD practices.
• Desire to stay abreast of new development technologies and tools.
• Demonstrate the ability to articulate and communicate effectively to diverse audiences, properly translate security and risk management terminology into business terms, and recommend alternative solutions to these stakeholders.
• Excellent interpersonal skills and ability to work in a collaborative environment.
• Strong communication skills, with an ability to express design ideas to a development team.
• BS in Computer Science or related technical field or equivalent practical experience.
Nice to have
• Working experience in a continuous integration development environment, preferably Jenkins.
• Proficiency in C, along with experience in multithreading and memory management
• Experience in secure software development.
Mastercard is an inclusive equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact reasonable_accommodation@mastercard.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
- Abide by Mastercard's security policies and practices;
- Ensure the confidentiality and integrity of the information being accessed;
- Report any suspected information security violation or breach, and
- Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.