Description
Our Purpose
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Title and Summary
Senior Information Security Engineer OverviewMastercard's Vocalink Security Monitoring Engineering (SME) team is looking for a Senior Information Security Engineer to manage SIEM content, to monitor and detect cyber security threats & incidents. The ideal candidate is highly motivated, intellectually curious and analytical. The role requires a blend of cybersecurity experience and highly developed communication skills. The purpose of this role is to enhance security monitoring tooling, detections and incident response capabilities using SIEM solutions to provide a single view of the environment. A good working knowledge of Splunk SPL is essential for this role.
In this role, you will:
• Work closely with the Security Operations Center (SOC), Security Engineering, Application and Cloud support teams to improve existing security monitoring and deliver resilient and comprehensive security solutions
• Onboard data to the required standards, maintain and tune log sources, data contents, and use cases
• Provide evidence of compliance for our audited environments (including PCI, ISO27001, & ISAE3000)
• Define how logs should be parsed and ingested for best practice
• Engage with other teams to ensure that the SIEM is performing to standard with all necessary logging sources monitored
• Analyse, design and deliver solutions to detect and stop adversaries
• Propose additional Security Monitoring Use Cases
• Define thresholds and baselines to aggregate similar events then write correlation rules
• Ensure SIEM technologies are integrated & utilised to protect cyber related assets
• Support the operation of the comprehensive SIEM platform
• Analyse SOC alerts statistics and workflows to reduce false positives and increase fidelity.
• Manage and improve SIEM infrastructure to improve detection flexibility and reliability.
• Build pipelines to enrich logs and alert results to provide a comprehensive view for SOC analysts.
• Research new security technologies and their applications to SIEM, SOAR, and cloud environments
• Work with project teams to scope and deliver security related solutions
• Support relationships with 3rd party vendors to enhance monitoring
• Contribute to requirements for other security (and allied) technologies such as Endpoint/Network Detection & Response, Intrusion Detection/Prevention, Web Proxies etc
All About You
• Senior level experience within a logging and monitoring function, with functional knowledge of a Security Operations Centre, preferably within a Regulated Financial Services business
• Familiar with different log onboarding techniques in Splunk including syslog, HTTP event, Universal Forwarder, DB Connect and API queries
• Has ability to write SPL and use and populate data models
• Previous experience in an audited environment complying with common regulation standards
• Experience with other common Security Monitoring technologies
• Ability to understand technical analysis that demonstrates the effectiveness of
security enforcing technologies
• Knowledge of global security and reporting standards such as NIST and MITRE
• Common Cloud based platform technology experience is beneficial
• Delivery mind-set supported by ability to execute in a complex technical environment
• Experience collaborating cross-functionally to identify and implement best practice security, logging and monitoring processes
• Strong interpersonal skills, including good communication with the ability to articulate ideas in a precise and concise manner
• CISSP, GIAC certifications or equivalent
• Familiarity with Indicators of Compromise (IoCs), Indicators of Attack (IoAs), ATT&CK Tools, Techniques and Procedures (TTPs)
• The Ideal candidate is a technically inclined and experienced security specialist who enjoys working in a fast-paced collaborative team environment
• Strong interpersonal skills, including good communication with the ability to articulate ideas in a precise and concise manner
• The ideal candidate is a technically inclined and experienced security specialist who enjoys working in a fast-paced collaborative team environment
• Flexible to provide on-call support 24/7 in the future if required
• Ability to obtain SC clearance
• Able to visit the office regularly (Dunstable or London)
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard's security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.
Apply on company website
Find Connections via Linkedin
