The Security Response Analyst II works on insider threat detection by analyzing security events and incidents, coordinating responses, and enhancing security capabilities. Involves collaboration with various stakeholders and continuous process improvement.
Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Security Response Analyst II (Insider Threat)
Mission First, People Always
As Corporate Security, we are responsible for keeping Mastercard safe and secure from cyber and physical threats, and it is our people on the front who make this happen every day.
By taking care of our people, their well-being, and their career development, we provide them with the necessary tools and environment to ensure the success of our mission.
Overview
The Security Event Management group is looking for a highly motivated team member to join our technical security investigative team as an Insider Threat Security Monitoring and Response Analyst II. As an Insider Threat analyst, you will work with a global team of like-minded specialists to flex your cybersecurity skills and talents to protect Mastercard's data, networks, and systems from potential insider threats.
As an Insider Threat analyst on our team, you will be involved in analysing anomalous behaviour to identify suspected Insider Threats detected by our cyber security tools, such as Data Loss Prevention (DLP), User Activity Monitoring (UAM) and User Behaviour Analytics (UBA). Your day-to-day role will include triaging of alerts and incident escalations from the Security Operations Centre (SOC), conducting in-depth log analysis, generating incident reports, and documenting incidents in our case management system. You will also play a key role in maintaining and enhancing Corporate Security and Insider Threat security policies and work with key stakeholders to balance security initiatives with business, privacy and legal requirements. Additionally, you will support other members of the team and work with the team to enhance Insider Threat processes, documentation, and capability, and develop new ways of protecting the organisation against changing Insider Threat 'Tactics, Techniques, and Procedures' (TTPs). In this role, you will be:
• Responding to Insider Threat incidents and alerts by analysing security event logs and user activities, providing findings to stakeholders for escalation, and documenting incident activities in the case management system.• Utilising our monitoring tools to gather data to identify insider threat trends and anomalies and using these findings to enhance our insider threat capability.• Creating and implementing countermeasures to specific weaknesses against known insider threat tactics, techniques, and procedures (TTPs)• Assisting with reviewing Data Loss Prevention (DLP) controls and assisting internal users impacted by our tools.• Establishing and maintaining Chain of Custody for any electronic data and evidence handled by the Insider Threat team.• Documenting and improving existing processes, aligning to industry standards and frameworks where appropriate (ISO, NIST, MITRE etc).• Reporting and providing metrics to leadership on key performance indicators as needed.• Interfacing with key internal stakeholders from other areas of the business such as HR, legal, and privacy teams to ensure customer needs are documented and met.• Working with other investigative teams, such as the SOC, to resolve high priority incidents.• Conducting risk assessments on insider threat security gaps and present findings to senior management and key stakeholders.• Collaborating with engineering teams to deliver capability improvements to Insider Threat tool set.
All About You
The ideal candidate for this position should: • Experience with investigative or technical report writing.• Familiarity with Security event log analysis and data analytics tools used for Insider Threat such as User Activity Monitoring (UAM) and User Behaviour Analytics (UBA).• Familiarity with Microsoft products such as O365 Purview, Microsoft Defender, Sentinel or DLP for Endpoint.• Experience with Data Loss Prevention (DLP) tools.• Experience in Incident Response and Digital Forensics.• Strong understanding of OSI Model, TCP/IP, MITRE ATT&CK, Kill Chain, Vulnerability Management and Networking principles. • Familiarity with the key high-level differences between Mac and Windows operating systems.• Experience with Security Incident and Event Management (SIEM) tools such as Splunk, ArcSight, Rapid7 InsightIDR etc.• Understanding of web proxies and ability to analyse web proxy logs.• Familiarity with OSINT techniques and threat hunting methodologies.• Excellent written and verbal communication skills to be able to communicate effectively to a wide variety of stakeholders. • Relevant industry certifications such as Security+, GCIA, GCIH, or CISSP are a plus. • Familiarity or training with local privacy laws (GDPR) is beneficial.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Security Response Analyst II (Insider Threat)
Mission First, People Always
As Corporate Security, we are responsible for keeping Mastercard safe and secure from cyber and physical threats, and it is our people on the front who make this happen every day.
By taking care of our people, their well-being, and their career development, we provide them with the necessary tools and environment to ensure the success of our mission.
Overview
The Security Event Management group is looking for a highly motivated team member to join our technical security investigative team as an Insider Threat Security Monitoring and Response Analyst II. As an Insider Threat analyst, you will work with a global team of like-minded specialists to flex your cybersecurity skills and talents to protect Mastercard's data, networks, and systems from potential insider threats.
As an Insider Threat analyst on our team, you will be involved in analysing anomalous behaviour to identify suspected Insider Threats detected by our cyber security tools, such as Data Loss Prevention (DLP), User Activity Monitoring (UAM) and User Behaviour Analytics (UBA). Your day-to-day role will include triaging of alerts and incident escalations from the Security Operations Centre (SOC), conducting in-depth log analysis, generating incident reports, and documenting incidents in our case management system. You will also play a key role in maintaining and enhancing Corporate Security and Insider Threat security policies and work with key stakeholders to balance security initiatives with business, privacy and legal requirements. Additionally, you will support other members of the team and work with the team to enhance Insider Threat processes, documentation, and capability, and develop new ways of protecting the organisation against changing Insider Threat 'Tactics, Techniques, and Procedures' (TTPs). In this role, you will be:
• Responding to Insider Threat incidents and alerts by analysing security event logs and user activities, providing findings to stakeholders for escalation, and documenting incident activities in the case management system.• Utilising our monitoring tools to gather data to identify insider threat trends and anomalies and using these findings to enhance our insider threat capability.• Creating and implementing countermeasures to specific weaknesses against known insider threat tactics, techniques, and procedures (TTPs)• Assisting with reviewing Data Loss Prevention (DLP) controls and assisting internal users impacted by our tools.• Establishing and maintaining Chain of Custody for any electronic data and evidence handled by the Insider Threat team.• Documenting and improving existing processes, aligning to industry standards and frameworks where appropriate (ISO, NIST, MITRE etc).• Reporting and providing metrics to leadership on key performance indicators as needed.• Interfacing with key internal stakeholders from other areas of the business such as HR, legal, and privacy teams to ensure customer needs are documented and met.• Working with other investigative teams, such as the SOC, to resolve high priority incidents.• Conducting risk assessments on insider threat security gaps and present findings to senior management and key stakeholders.• Collaborating with engineering teams to deliver capability improvements to Insider Threat tool set.
All About You
The ideal candidate for this position should: • Experience with investigative or technical report writing.• Familiarity with Security event log analysis and data analytics tools used for Insider Threat such as User Activity Monitoring (UAM) and User Behaviour Analytics (UBA).• Familiarity with Microsoft products such as O365 Purview, Microsoft Defender, Sentinel or DLP for Endpoint.• Experience with Data Loss Prevention (DLP) tools.• Experience in Incident Response and Digital Forensics.• Strong understanding of OSI Model, TCP/IP, MITRE ATT&CK, Kill Chain, Vulnerability Management and Networking principles. • Familiarity with the key high-level differences between Mac and Windows operating systems.• Experience with Security Incident and Event Management (SIEM) tools such as Splunk, ArcSight, Rapid7 InsightIDR etc.• Understanding of web proxies and ability to analyse web proxy logs.• Familiarity with OSINT techniques and threat hunting methodologies.• Excellent written and verbal communication skills to be able to communicate effectively to a wide variety of stakeholders. • Relevant industry certifications such as Security+, GCIA, GCIH, or CISSP are a plus. • Familiarity or training with local privacy laws (GDPR) is beneficial.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
- Abide by Mastercard's security policies and practices;
- Ensure the confidentiality and integrity of the information being accessed;
- Report any suspected information security violation or breach, and
- Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.
Top Skills
Arcsight
Data Loss Prevention
Microsoft Defender
Microsoft O365 Purview
Rapid7 Insightidr
Sentinel
Splunk
User Activity Monitoring
User Behaviour Analytics
Similar Jobs at Mastercard
Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
Lead client engagements, develop marketing strategies, manage vendor relationships, mentor junior consultants, and communicate effectively with stakeholders in a fast-paced environment.
Top Skills:
ExcelPower BIPowerPointTableauWord
Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
Lead analytics workstreams for clients by designing and implementing data-driven solutions, analyzing large datasets, synthesizing findings into recommendations, developing client presentations, managing stakeholders, mentoring junior consultants, and contributing to solution development and project management.
Top Skills:
HadoopHiveImpalaExcelMicrosoft PowerpointMicrosoft WordPower BIPysparkPythonRSASSQLTableau
Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
The Debit Portfolio Senior Specialist is responsible for driving growth in Mastercard's debit portfolio, identifying new business opportunities, and building strong customer relationships to deliver tailored debit solutions.
Top Skills:
ExcelPowerPoint
What you need to know about the Sydney Tech Scene
From opera to comedy shows, the Sydney Opera House hosts more than 1,600 performances a year, yet its entertainment sector isn't the only one taking center stage. The city's tech sector has earned a reputation as one of the fastest-growing in the region. More specifically, its IT sector stands out as the country's third-largest, growing at twice the rate of overall employment in the past decade as businesses continue to digitize their operations to stay competitive.
