AddressOur Purpose
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Title and Summary
Lead Network Security EngineerOverviewAs a Lead Network Security Engineer, you would be focused on build, implementation, and support of Mastercard ONE (RTP & Applications) platforms.
The role requires a focus primarily with the administering and handling for all compliance process, audit, and vulnerability management across the Mastercard ONE (RTP & Applications) environments.
The role also requires thought leadership and an ability to drive IT initiatives that continually improve our efficiency, agility, performance, availability, and operational excellence.
Responsibilities
• Hands on Switching, Routing, Firewalls, Load balancing and Security Networking experience on Cisco, Palo Alto and F5.
• Complete, deliver, and maintain security/regulatory compliance for build standards, configuration templates and internal and external audit responsibilities i.e., PCI DSS, ISO, ISAE.
• Solicit and action regular product announcements from vendors (Cisco, Palo Alto, F5).
• Responsible for version control and performing upgrades / updates across all network devices.
• Handle all internal and external vulnerability notifications and providing consultancy for compliance actions.
• Ensure our asset inventory is maintained, and all network assets are included in automated reporting across the toolsets.
• Develop and maintain documentation / reporting related to security processes, systems, procedures, and events.
• Identify process improvement needs related to design practices, secure coding guidelines, supplier / component security, vulnerability intake and management, threat mitigation and testing.
• Strong communication and technical skills with the ability to manage customer expectations and communicate between business and technical teams.
• Ability to prioritise workloads, when required, schedule and oversee preventative and remedial action whilst adhering to strict change management policies and procedures in an ITIL environment.
• Research new methodologies to improve security and development practices.
• Applies technical capabilities and guidance within own discipline to mentor and develop employees.
All About You/Experience
In this role you will need to be able to do, and have experience of, the following:
• Experience in using and administering Skybox.
• SIEM technology experience - desirable.
• Must have a good working knowledge of the following protocols and technologies – IPSec, VPN, TCP/IP, SSL, TLS, IDS / IPS, SSH, SNMP, NTP.
• Must have a good working knowledge of the following routing and switching protocols - RIP, OSPF, BGP, EIGRP, all STP variants, HSRP or equivalent.
• Forensic analysis experience using SNMP, Syslog, Packet based analysis tools.
• Practical knowledge of threat detection, intrusion prevention / detection techniques and attack vectors.
• Strong written & verbal skills required to produce & present risk assessment and regulatory reporting.
• Strong Routing, Switching and Firewall skills are essential.
• Hold a current industry related security certification (CISSP, CISA, CISM) – desirable.
• Previous experience working as part of Network or IT Security team within a high availability financial services or web facing environment.
• Working knowledge of PKI, Certificate Management processes.
• Willing to travel between our sites as required.
Desirable Experience
Relevant security certifications (CISSP, CISM, CSSLP, CISA).
• Proven experience working in an environment that is certified and compliant with globally recognised Security Framework / Information Security Management System (PCI, ISO, ISAE).
• Experience of Privileged Access Management, Secrets Management, PKI, Cryptography or Security Logging.
• Experience in using and administering CMDB and Archer Management systems.
• Experienced in the use of JIRA/Confluence and Remedy.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard’s security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
