The Security Response Analyst II works on insider threat detection by analyzing security events and incidents, coordinating responses, and enhancing security capabilities. Involves collaboration with various stakeholders and continuous process improvement.
Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Security Response Analyst II (Insider Threat)
Mission First, People Always
As Corporate Security, we are responsible for keeping Mastercard safe and secure from cyber and physical threats, and it is our people on the front who make this happen every day.
By taking care of our people, their well-being, and their career development, we provide them with the necessary tools and environment to ensure the success of our mission.
Overview
The Security Event Management group is looking for a highly motivated team member to join our technical security investigative team as an Insider Threat Security Monitoring and Response Analyst II. As an Insider Threat analyst, you will work with a global team of like-minded specialists to flex your cybersecurity skills and talents to protect Mastercard's data, networks, and systems from potential insider threats.
As an Insider Threat analyst on our team, you will be involved in analysing anomalous behaviour to identify suspected Insider Threats detected by our cyber security tools, such as Data Loss Prevention (DLP), User Activity Monitoring (UAM) and User Behaviour Analytics (UBA). Your day-to-day role will include triaging of alerts and incident escalations from the Security Operations Centre (SOC), conducting in-depth log analysis, generating incident reports, and documenting incidents in our case management system. You will also play a key role in maintaining and enhancing Corporate Security and Insider Threat security policies and work with key stakeholders to balance security initiatives with business, privacy and legal requirements. Additionally, you will support other members of the team and work with the team to enhance Insider Threat processes, documentation, and capability, and develop new ways of protecting the organisation against changing Insider Threat 'Tactics, Techniques, and Procedures' (TTPs). In this role, you will be:
• Responding to Insider Threat incidents and alerts by analysing security event logs and user activities, providing findings to stakeholders for escalation, and documenting incident activities in the case management system.• Utilising our monitoring tools to gather data to identify insider threat trends and anomalies and using these findings to enhance our insider threat capability.• Creating and implementing countermeasures to specific weaknesses against known insider threat tactics, techniques, and procedures (TTPs)• Assisting with reviewing Data Loss Prevention (DLP) controls and assisting internal users impacted by our tools.• Establishing and maintaining Chain of Custody for any electronic data and evidence handled by the Insider Threat team.• Documenting and improving existing processes, aligning to industry standards and frameworks where appropriate (ISO, NIST, MITRE etc).• Reporting and providing metrics to leadership on key performance indicators as needed.• Interfacing with key internal stakeholders from other areas of the business such as HR, legal, and privacy teams to ensure customer needs are documented and met.• Working with other investigative teams, such as the SOC, to resolve high priority incidents.• Conducting risk assessments on insider threat security gaps and present findings to senior management and key stakeholders.• Collaborating with engineering teams to deliver capability improvements to Insider Threat tool set.
All About You
The ideal candidate for this position should: • Experience with investigative or technical report writing.• Familiarity with Security event log analysis and data analytics tools used for Insider Threat such as User Activity Monitoring (UAM) and User Behaviour Analytics (UBA).• Familiarity with Microsoft products such as O365 Purview, Microsoft Defender, Sentinel or DLP for Endpoint.• Experience with Data Loss Prevention (DLP) tools.• Experience in Incident Response and Digital Forensics.• Strong understanding of OSI Model, TCP/IP, MITRE ATT&CK, Kill Chain, Vulnerability Management and Networking principles. • Familiarity with the key high-level differences between Mac and Windows operating systems.• Experience with Security Incident and Event Management (SIEM) tools such as Splunk, ArcSight, Rapid7 InsightIDR etc.• Understanding of web proxies and ability to analyse web proxy logs.• Familiarity with OSINT techniques and threat hunting methodologies.• Excellent written and verbal communication skills to be able to communicate effectively to a wide variety of stakeholders. • Relevant industry certifications such as Security+, GCIA, GCIH, or CISSP are a plus. • Familiarity or training with local privacy laws (GDPR) is beneficial.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Security Response Analyst II (Insider Threat)
Mission First, People Always
As Corporate Security, we are responsible for keeping Mastercard safe and secure from cyber and physical threats, and it is our people on the front who make this happen every day.
By taking care of our people, their well-being, and their career development, we provide them with the necessary tools and environment to ensure the success of our mission.
Overview
The Security Event Management group is looking for a highly motivated team member to join our technical security investigative team as an Insider Threat Security Monitoring and Response Analyst II. As an Insider Threat analyst, you will work with a global team of like-minded specialists to flex your cybersecurity skills and talents to protect Mastercard's data, networks, and systems from potential insider threats.
As an Insider Threat analyst on our team, you will be involved in analysing anomalous behaviour to identify suspected Insider Threats detected by our cyber security tools, such as Data Loss Prevention (DLP), User Activity Monitoring (UAM) and User Behaviour Analytics (UBA). Your day-to-day role will include triaging of alerts and incident escalations from the Security Operations Centre (SOC), conducting in-depth log analysis, generating incident reports, and documenting incidents in our case management system. You will also play a key role in maintaining and enhancing Corporate Security and Insider Threat security policies and work with key stakeholders to balance security initiatives with business, privacy and legal requirements. Additionally, you will support other members of the team and work with the team to enhance Insider Threat processes, documentation, and capability, and develop new ways of protecting the organisation against changing Insider Threat 'Tactics, Techniques, and Procedures' (TTPs). In this role, you will be:
• Responding to Insider Threat incidents and alerts by analysing security event logs and user activities, providing findings to stakeholders for escalation, and documenting incident activities in the case management system.• Utilising our monitoring tools to gather data to identify insider threat trends and anomalies and using these findings to enhance our insider threat capability.• Creating and implementing countermeasures to specific weaknesses against known insider threat tactics, techniques, and procedures (TTPs)• Assisting with reviewing Data Loss Prevention (DLP) controls and assisting internal users impacted by our tools.• Establishing and maintaining Chain of Custody for any electronic data and evidence handled by the Insider Threat team.• Documenting and improving existing processes, aligning to industry standards and frameworks where appropriate (ISO, NIST, MITRE etc).• Reporting and providing metrics to leadership on key performance indicators as needed.• Interfacing with key internal stakeholders from other areas of the business such as HR, legal, and privacy teams to ensure customer needs are documented and met.• Working with other investigative teams, such as the SOC, to resolve high priority incidents.• Conducting risk assessments on insider threat security gaps and present findings to senior management and key stakeholders.• Collaborating with engineering teams to deliver capability improvements to Insider Threat tool set.
All About You
The ideal candidate for this position should: • Experience with investigative or technical report writing.• Familiarity with Security event log analysis and data analytics tools used for Insider Threat such as User Activity Monitoring (UAM) and User Behaviour Analytics (UBA).• Familiarity with Microsoft products such as O365 Purview, Microsoft Defender, Sentinel or DLP for Endpoint.• Experience with Data Loss Prevention (DLP) tools.• Experience in Incident Response and Digital Forensics.• Strong understanding of OSI Model, TCP/IP, MITRE ATT&CK, Kill Chain, Vulnerability Management and Networking principles. • Familiarity with the key high-level differences between Mac and Windows operating systems.• Experience with Security Incident and Event Management (SIEM) tools such as Splunk, ArcSight, Rapid7 InsightIDR etc.• Understanding of web proxies and ability to analyse web proxy logs.• Familiarity with OSINT techniques and threat hunting methodologies.• Excellent written and verbal communication skills to be able to communicate effectively to a wide variety of stakeholders. • Relevant industry certifications such as Security+, GCIA, GCIH, or CISSP are a plus. • Familiarity or training with local privacy laws (GDPR) is beneficial.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
- Abide by Mastercard's security policies and practices;
- Ensure the confidentiality and integrity of the information being accessed;
- Report any suspected information security violation or breach, and
- Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.
Mastercard Saint Leonards, Victoria, AUS Office
72 Christie St, Saint Leonards, St Leonards, Australia, NSW 2065
Similar Jobs at Mastercard
Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
As a Software Engineer I in the Mastercard Launch Graduate Program, you will write high-quality code, contribute to software development phases, and collaborate globally to build secure and maintainable software solutions.
Top Skills:
C#JavaJavaScriptPython
3 Hours Ago
Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
As an Associate Analyst, you will analyze market data, engage with clients, collaborate across teams, and receive mentorship to impact business strategies positively.
Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
The Senior Security Monitoring and Response Analyst handles security incidents, performs technical analysis, leads investigations, and improves SOC operations through mentorship and technology projects.
Top Skills:
CisCloud MonitoringDigital ForensicsIdentity And Access ManagementIso/IecMalware AnalysisNistSansSoc Toolsets
What you need to know about the Melbourne Tech Scene
Home to 650 biotech companies, 10 major research institutes and nine universities, Melbourne is among one of the top cities for biotech. In fact, some of the greatest medical advancements were conceptualized and developed here, including Symex Lab's "lab-on-a-chip" solution that monitors hormones to predict ovulation for conception, and Denteric's vaccine for periodontal gum disease. Yet, the thousands of people working in the city's healthtech sector are just getting started, to say nothing of the tech advancements across all other sectors.
