Security Operations Center Incident Response (SOCIR) Lead Analyst

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Security Operations Center Incident Response (SOCIR) Lead Analyst

Overview

The Security Operations Center Incident Response (SOCIR) is a high-performance team responsible for responding to security incidents using digital forensics and incident response (DFIR) expertise. The team closely collaborates with the monitoring team to effectively detect and mitigate incidents. The Lead Incident Response Analyst is an member of the Incident Management function, responsible for handling escalated, high priority incidents as well as preparing capability and process improvement.

• Do you want to be part of the team handling complex technical monitoring and response functions during a security incident?
• Have you provided technical leadership or oversight to junior analysts?
• Do you want to improve security operations through technical projects and data analysis?

Role

• Takes ownership of Incidents reported to the Incident Response Team end to end, including assuming the role of Incident Commander for high priority incidents.
• Regularly reviews lessons learned and IR team issues to inform capability and process improvement efforts.
• Performs forensic analysis for security Incidents, including for cases of malware, web attacks, lateral movement, and other ad hoc issues as they arise.
• Represents the SOC in the European Cyber Resiliency Center (ECRC) through outreach, presentations, and participating in ECRC led initiatives.
• Engages in Threat Hunting and Detection Engineering initiatives to better prepare the organization for emerging threats.
• Maintain on-call availability to handle escalated events as assigned.
• Mentor and coach SOC and junior SOCIR staff members to assist with improving operations and increasing their capabilities.

All About You

• Hold or able to gain one or more recognized security industry certifications like Security+, CEH, CISSP, CISM, SANS GSEC/GCIA/GCIH etc.
• Three years of technical security experience, with exposure to Digital Forensics/Incident Response (DFIR) functions.
• Experience with a SIEM tool and/or security orchestration applications
• Strong understanding of ATT&CK Framework, Common Web Attacks, NIST or ISO Incident Handling Procedures, Knowledge of Windows and Unix Based Operating Systems, and Networking Principles.
• Experience with PowerShell, bash, python, or other scripting languages desired.
• Demonstrated ability to work effectively in ambiguous and/or high-pressure situations.
• Experienced with root cause analysis and proven ability to communicate security findings clearly to technical and non-technical teams.
• Availability for on-call rotations for escalations during weekends and holidays in a follow the sun model.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;

• Ensure the confidentiality and integrity of the information being accessed;

• Report any suspected information security violation or breach, and

• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.