Cyber Security Researcher
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Title and SummarySenior Specialist, Product ManagementCyber Security Researcher:
The Product Cyber Security Researcher role offers the chance to work with the best and brightest cybersecurity minds in our Data & Services organization to build a cyber risk management product.
Our flagship product equips business leaders to decipher the cyber risks their businesses face in business and financial terms. The platform comprehensively assesses an organization’s cyber posture through various internal and external indicators. Through our platform, this helps the organization’s leaders understand their cyber risk profile and prioritize their cyber investments, considering their ability to handle the most pressing threats their organization faces.
As a Product Cyber Security Researcher, you will join the cyber research team, where you will be responsible for identifying, analyzing, and integrating information security standards and regulations, security technologies, and cyber intelligence into the product and maintaining the product’s risk methodology.
We seek a professional who can learn quickly, take the lead, and be accountable. The candidate should be passionate about research and cybersecurity, be a team player with a creative mindset, and have a can-do attitude to solving problems.
• Identify, analyze, and integrate information security standards and regulations into the product
• Identify, analyze, and integrate cybersecurity technologies into the product and define how the indicators for these technologies can be gathered automatically and scored
• Maintain and update the product’s methodology (e.g., attack methods. threat actors, controls, etc.)
• Identify and design product features
• Collaborate with R&D team to build and integrate these capabilities
• Act as the subject matter expert and provide support to clients with the product's capabilities and methodology
• Five plus years of solid experience conducting risk and security assessments, including cloud security assessments.
• A knowledge of security frameworks such as NIST, ISO 2700X, CRI, FFIEC, Cloud Security Alliance, and other frameworks. Experience in conducting assessments based on standards - advantage.
• A deep knowledge of cyber security technologies. Hands-on experience - advantage
• A deep Knowledge of cyber threat frameworks such as CAPEC, Cyber Kill Chain, and MITRE ATT&CK
• Experience in gathering and analyzing cyber threat intelligence - advantage
• Experience in conducting IoT and OT risk assessments - advantage
• Must have strong analytical and critical-thinking skills
• High attention to detail and a self-starter and learner who can work independently, multi-task, and adjust to shifting priorities.
• Ability to work as part of a global team with global management.
• Experience adhering to rigorous and detailed instructions while also thinking creatively and solving problems
• Great communication skills
• Good teamwork and time management skills
• Strong oral and written communication skills
• Fluent in English
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard’s security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.