Security Response Analyst II (Insider Threat)

Our PurposeMastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible.

Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title And

Summary

Security Response Analyst II (Insider Threat)Mission First, People AlwaysAs Corporate Security, we are responsible for keeping Mastercard safe and secure from cyber and physical threats, and it is our people on the front who make this happen every day.

By taking care of our people, their well-being, and their career development, we provide them with the necessary tools and environment to ensure the success of our mission.

Overview

The Security Event Management group is looking for a highly motivated team member to join our technical security investigative team as an Insider Threat Security Monitoring and Response Analyst II. As an Insider Threat analyst, you will work with a global team of like-minded specialists to flex your cybersecurity skills and talents to protect Mastercard’s data, networks, and systems from potential insider threats.

Requirements

• As an Insider Threat analyst on our team, you will be involved in analysing anomalous behaviour to identify suspected Insider Threats detected by our cyber security tools, such as Data Loss Prevention (DLP), User Activity Monitoring (UAM) and User Behaviour Analytics (UBA). Your day-to-day role will include triaging of alerts and incident escalations from the Security Operations Centre (SOC), conducting in-depth log analysis, generating incident reports, and documenting incidents in our case management system.
• You will also play a key role in maintaining and enhancing Corporate Security and Insider Threat security policies and work with key stakeholders to balance security initiatives with business, privacy and legal requirements.
• Additionally, you will support other members of the team and work with the team to enhance Insider Threat processes, documentation, and capability, and develop new ways of protecting the organisation against changing Insider Threat ‘Tactics, Techniques, and Procedures’ (TTPs). In this role, you will be: Responding to Insider Threat incidents and alerts by analysing security event logs and user activities, providing findings to stakeholders for escalation, and documenting incident activities in the case management system.
• Utilising our monitoring tools to gather data to identify insider threat trends and anomalies and using these findings to enhance our insider threat capability.
• Creating and implementing countermeasures to specific weaknesses against known insider threat tactics, techniques, and procedures (TTPs) Assisting with reviewing Data Loss Prevention (DLP) controls and assisting internal users impacted by our tools.
• Establishing and maintaining Chain of Custody for any electronic data and evidence handled by the Insider Threat team.
• Documenting and improving existing processes, aligning to industry standards and frameworks where appropriate (ISO, NIST, MITRE etc). Reporting and providing metrics to leadership on key performance indicators as needed.
• Interfacing with key internal stakeholders from other areas of the business such as HR, legal, and privacy teams to ensure customer needs are documented and met.
• Working with other investigative teams, such as the SOC, to resolve high priority incidents.
• Conducting risk assessments on insider threat security gaps and present findings to senior management and key stakeholders.
• Collaborating with engineering teams to deliver capability improvements to Insider Threat tool set.
• All

About You

The ideal candidate for this position should:  Experience with investigative or technical report writing. Familiarity with Security event log analysis and data analytics tools used for Insider Threat such as User Activity Monitoring (UAM) and User Behaviour Analytics (UBA). Familiarity with Microsoft products such as O365 Purview, Microsoft Defender, Sentinel or DLP for Endpoint.

Experience with Data Loss Prevention (DLP) tools. Experience in Incident Response and Digital Forensics. Strong understanding of OSI Model, TCP/IP, MITRE ATT&CK, Kill Chain, Vulnerability Management and Networking principles. Familiarity with the key high-level differences between Mac and Windows operating systems.

Experience with Security Incident and Event Management (SIEM) tools such as Splunk, ArcSight, Rapid7 InsightIDR etc. Understanding of web proxies and ability to analyse web proxy logs. Familiarity with OSINT techniques and threat hunting methodologies. Excellent written and verbal communication skills to be able to communicate effectively to a wide variety of stakeholders.

Relevant industry certifications such as Security+, GCIA, GCIH, or CISSP are a plus. Familiarity or training with local privacy laws (GDPR) is beneficial.

Corporate Security Responsibility All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

Abide by Mastercard’s security policies and practices;Ensure the confidentiality and integrity of the information being accessed;Report any suspected information security violation or breach, andComplete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.