The Security Response Analyst II works on insider threat detection by analyzing security events and incidents, coordinating responses, and enhancing security capabilities. Involves collaboration with various stakeholders and continuous process improvement.
Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Security Response Analyst II (Insider Threat)
Mission First, People Always
As Corporate Security, we are responsible for keeping Mastercard safe and secure from cyber and physical threats, and it is our people on the front who make this happen every day.
By taking care of our people, their well-being, and their career development, we provide them with the necessary tools and environment to ensure the success of our mission.
Overview
The Security Event Management group is looking for a highly motivated team member to join our technical security investigative team as an Insider Threat Security Monitoring and Response Analyst II. As an Insider Threat analyst, you will work with a global team of like-minded specialists to flex your cybersecurity skills and talents to protect Mastercard's data, networks, and systems from potential insider threats.
As an Insider Threat analyst on our team, you will be involved in analysing anomalous behaviour to identify suspected Insider Threats detected by our cyber security tools, such as Data Loss Prevention (DLP), User Activity Monitoring (UAM) and User Behaviour Analytics (UBA). Your day-to-day role will include triaging of alerts and incident escalations from the Security Operations Centre (SOC), conducting in-depth log analysis, generating incident reports, and documenting incidents in our case management system. You will also play a key role in maintaining and enhancing Corporate Security and Insider Threat security policies and work with key stakeholders to balance security initiatives with business, privacy and legal requirements. Additionally, you will support other members of the team and work with the team to enhance Insider Threat processes, documentation, and capability, and develop new ways of protecting the organisation against changing Insider Threat 'Tactics, Techniques, and Procedures' (TTPs). In this role, you will be:
• Responding to Insider Threat incidents and alerts by analysing security event logs and user activities, providing findings to stakeholders for escalation, and documenting incident activities in the case management system.• Utilising our monitoring tools to gather data to identify insider threat trends and anomalies and using these findings to enhance our insider threat capability.• Creating and implementing countermeasures to specific weaknesses against known insider threat tactics, techniques, and procedures (TTPs)• Assisting with reviewing Data Loss Prevention (DLP) controls and assisting internal users impacted by our tools.• Establishing and maintaining Chain of Custody for any electronic data and evidence handled by the Insider Threat team.• Documenting and improving existing processes, aligning to industry standards and frameworks where appropriate (ISO, NIST, MITRE etc).• Reporting and providing metrics to leadership on key performance indicators as needed.• Interfacing with key internal stakeholders from other areas of the business such as HR, legal, and privacy teams to ensure customer needs are documented and met.• Working with other investigative teams, such as the SOC, to resolve high priority incidents.• Conducting risk assessments on insider threat security gaps and present findings to senior management and key stakeholders.• Collaborating with engineering teams to deliver capability improvements to Insider Threat tool set.
All About You
The ideal candidate for this position should: • Experience with investigative or technical report writing.• Familiarity with Security event log analysis and data analytics tools used for Insider Threat such as User Activity Monitoring (UAM) and User Behaviour Analytics (UBA).• Familiarity with Microsoft products such as O365 Purview, Microsoft Defender, Sentinel or DLP for Endpoint.• Experience with Data Loss Prevention (DLP) tools.• Experience in Incident Response and Digital Forensics.• Strong understanding of OSI Model, TCP/IP, MITRE ATT&CK, Kill Chain, Vulnerability Management and Networking principles. • Familiarity with the key high-level differences between Mac and Windows operating systems.• Experience with Security Incident and Event Management (SIEM) tools such as Splunk, ArcSight, Rapid7 InsightIDR etc.• Understanding of web proxies and ability to analyse web proxy logs.• Familiarity with OSINT techniques and threat hunting methodologies.• Excellent written and verbal communication skills to be able to communicate effectively to a wide variety of stakeholders. • Relevant industry certifications such as Security+, GCIA, GCIH, or CISSP are a plus. • Familiarity or training with local privacy laws (GDPR) is beneficial.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Security Response Analyst II (Insider Threat)
Mission First, People Always
As Corporate Security, we are responsible for keeping Mastercard safe and secure from cyber and physical threats, and it is our people on the front who make this happen every day.
By taking care of our people, their well-being, and their career development, we provide them with the necessary tools and environment to ensure the success of our mission.
Overview
The Security Event Management group is looking for a highly motivated team member to join our technical security investigative team as an Insider Threat Security Monitoring and Response Analyst II. As an Insider Threat analyst, you will work with a global team of like-minded specialists to flex your cybersecurity skills and talents to protect Mastercard's data, networks, and systems from potential insider threats.
As an Insider Threat analyst on our team, you will be involved in analysing anomalous behaviour to identify suspected Insider Threats detected by our cyber security tools, such as Data Loss Prevention (DLP), User Activity Monitoring (UAM) and User Behaviour Analytics (UBA). Your day-to-day role will include triaging of alerts and incident escalations from the Security Operations Centre (SOC), conducting in-depth log analysis, generating incident reports, and documenting incidents in our case management system. You will also play a key role in maintaining and enhancing Corporate Security and Insider Threat security policies and work with key stakeholders to balance security initiatives with business, privacy and legal requirements. Additionally, you will support other members of the team and work with the team to enhance Insider Threat processes, documentation, and capability, and develop new ways of protecting the organisation against changing Insider Threat 'Tactics, Techniques, and Procedures' (TTPs). In this role, you will be:
• Responding to Insider Threat incidents and alerts by analysing security event logs and user activities, providing findings to stakeholders for escalation, and documenting incident activities in the case management system.• Utilising our monitoring tools to gather data to identify insider threat trends and anomalies and using these findings to enhance our insider threat capability.• Creating and implementing countermeasures to specific weaknesses against known insider threat tactics, techniques, and procedures (TTPs)• Assisting with reviewing Data Loss Prevention (DLP) controls and assisting internal users impacted by our tools.• Establishing and maintaining Chain of Custody for any electronic data and evidence handled by the Insider Threat team.• Documenting and improving existing processes, aligning to industry standards and frameworks where appropriate (ISO, NIST, MITRE etc).• Reporting and providing metrics to leadership on key performance indicators as needed.• Interfacing with key internal stakeholders from other areas of the business such as HR, legal, and privacy teams to ensure customer needs are documented and met.• Working with other investigative teams, such as the SOC, to resolve high priority incidents.• Conducting risk assessments on insider threat security gaps and present findings to senior management and key stakeholders.• Collaborating with engineering teams to deliver capability improvements to Insider Threat tool set.
All About You
The ideal candidate for this position should: • Experience with investigative or technical report writing.• Familiarity with Security event log analysis and data analytics tools used for Insider Threat such as User Activity Monitoring (UAM) and User Behaviour Analytics (UBA).• Familiarity with Microsoft products such as O365 Purview, Microsoft Defender, Sentinel or DLP for Endpoint.• Experience with Data Loss Prevention (DLP) tools.• Experience in Incident Response and Digital Forensics.• Strong understanding of OSI Model, TCP/IP, MITRE ATT&CK, Kill Chain, Vulnerability Management and Networking principles. • Familiarity with the key high-level differences between Mac and Windows operating systems.• Experience with Security Incident and Event Management (SIEM) tools such as Splunk, ArcSight, Rapid7 InsightIDR etc.• Understanding of web proxies and ability to analyse web proxy logs.• Familiarity with OSINT techniques and threat hunting methodologies.• Excellent written and verbal communication skills to be able to communicate effectively to a wide variety of stakeholders. • Relevant industry certifications such as Security+, GCIA, GCIH, or CISSP are a plus. • Familiarity or training with local privacy laws (GDPR) is beneficial.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
- Abide by Mastercard's security policies and practices;
- Ensure the confidentiality and integrity of the information being accessed;
- Report any suspected information security violation or breach, and
- Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.
Top Skills
Arcsight
Data Loss Prevention
Microsoft Defender
Microsoft O365 Purview
Rapid7 Insightidr
Sentinel
Splunk
User Activity Monitoring
User Behaviour Analytics
Mastercard Saint Leonards, Victoria, AUS Office
72 Christie St, Saint Leonards, St Leonards, Australia, NSW 2065
Similar Jobs at Mastercard
Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
Lead day-to-day operational management and delivery of key client Loyalty programs. Use data and dashboards to identify performance issues, define business requirements, recommend actions, and drive revenue growth while partnering with cross-functional teams and stakeholders.
Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
Provide commercial legal support to Mastercard Services across Asia Pacific: draft, structure and negotiate complex services and SaaS agreements; advise on IP, data privacy, indemnities, liability and regulatory issues; partner with regional and global teams and business stakeholders; maintain templates and playbooks; manage outside counsel; use AI to drive efficiencies; and support regional initiatives and colleagues.
Top Skills:
AISaaS
Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
Lead analytics workstreams for clients by designing and implementing data-driven solutions, analyzing large datasets, synthesizing findings into recommendations, developing client presentations, managing stakeholders, mentoring junior consultants, and contributing to solution development and project management.
Top Skills:
HadoopHiveImpalaExcelMicrosoft PowerpointMicrosoft WordPower BIPysparkPythonRSASSQLTableau
What you need to know about the Melbourne Tech Scene
Home to 650 biotech companies, 10 major research institutes and nine universities, Melbourne is among one of the top cities for biotech. In fact, some of the greatest medical advancements were conceptualized and developed here, including Symex Lab's "lab-on-a-chip" solution that monitors hormones to predict ovulation for conception, and Denteric's vaccine for periodontal gum disease. Yet, the thousands of people working in the city's healthtech sector are just getting started, to say nothing of the tech advancements across all other sectors.
