In this role you'll be responsible for triaging alerts and responding to security incidents. When not actively engaged in ongoing incidents, the team works on the improvement and streamlining of the detection and response function.

Role Responsibilities

Providing monitoring coverage, triage and investigation of escalated alerts (T3) from various sources.

Responding to cybersecurity incidents through critical thinking, defining, and applying playbook responses

Applying root cause analysis and lessons learned to improve security posture and processes

Working closely with security engineering, threat intelligence, insider threat and a managed SOC service, providing critical feedback to improve and automate monitoring and response

Strong collaboration with the team to develop knowledge base, playbook and use cases.

Proactive initiatives and project-related support by providing subject matter expertise

Ability to work independently as well as collaborate with different teams to assess impact, mitigate risk, and resolve security incidents.

Qualifications

Required Experience:

Direct experience in a Security Operations Center (SOC).

Experience working in an incident response or digital forensics role.

Demonstrated experience with cybersecurity related disciplines, not limited to:

e.g. vulnerability research, network traffic analysis, static and dynamic malware analysis, digital forensics, memory analysis, web-security and threat hunting.

Preferred Experience:

Experience in creating queries and alerts in a SIEM, preferably in SPL.

Experience with Windows/Unix OS forensics.

Experience with Cloud Security (Azure, AWS, GCP).

Experience working with NDR/EDR solutions

Familiarity with Indicators of Compromise (IoCs), Indicators of Attack (IoAs), ATT&CK Tools, Techniques and Procedures (TTPs).

Strong interpersonal skills, including good communication with the ability to articulate ideas in a precise and concise manner.

CISSP, GIAC certifications or equivalent.

The Ideal candidate is a technically inclined and experienced security specialist who enjoys working in a fast-paced collaborative team environment.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard's security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.