Lead Information Security Engineer (Cloud)




Toronto, Canada

Why you should apply for a job to Mastercard:

  • 4.7/5 in supportive management
  • 69% say women are treated fairly and equally to men
  • 100% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.


    Position summary

    nts industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.

    Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.

    To support our continued growth and success, we are seeking an Information Security Engineer to design and implement security solutions in support of Ethoca's cloud security strategy. This position will focus on evaluating security posture maturity and ensuring that assets are verifiably protected in alignment with Mastercard control frameworks and technical standards. assist in all operational aspects of our security program with a focus on Cloud. The ideal candidate will also drive several important components of our Information Security Program: vulnerability assessment and penetration testing, SDLC initiatives and application security, software security controls deployment and operation (WAF, vulnerability scanners, container scanners, static code analysis engines).

    If you are looking for a challenge that will allow you to collaborate within dynamic teams and work in a fast-paced environment, this position is for you.


    • Can you demonstrate a strong working level of knowledge in information security and secure development disciplines?
    • Can you assess security controls for cloud native and multi cloud applications and infrastructure?
    • Can you perform security analysis of application architectures and cloud services; identifying methods to mitigate threats, attacks and risks to payment applications?


    • Validate and analyze the risk of security configurations and management practices for cloud environments
    • Develop and implement security solutions to assess the implementation of security controls and assist with compliance activities
    • Collaborate with development and operational teams on process improvements and automation opportunities to gain efficiencies across security domains


    • Advanced knowledge of security capabilities and constraints related to Microsoft Azure services, including relevant practical experience
    • Advanced knowledge of information security, risk management, and data privacy practices
    • Experience identifying and remediating cloud related risks with Cloud Security Posture Management (CSPM) technologies or equivalent solutions
    • Understanding of automation tooling, scripting languages, and continuous delivery/continuous integration processes
    • Demonstrated technical competency in cloud security engineering based on hands-on experience or relevant qualifications
    • Demonstrated effectiveness working in a global environment
    • Ability to communicate effectively and develop solid working relationships across multiple levels and organizational boundaries

    Preference will be given to candidates with working experience in the following areas:

    • Microsoft Azure secure configuration, hardening and monitoring
    • Extensive Linux and Windows administration and troubleshooting experience.
    • Strong familiarity with networking protocols and an ability to dig deep into the stack to identify and troubleshoot common issues.
    • Extensive understanding of PKI infrastructure. An ability to guide and mentor cross-team members regarding best practice to ensure our systems meet the most stringent guidelines.
    • HSM for example Luna 7 or related appliances.
    • Experience building and maintaining vulnerability management systems solutions across development and image publication systems. For example, Github, Bitbucket, Artifactory, Jenkins or related tools.
    • Splunk and Rsyslog filtering.
    • Hashicorp Vault as it pertains to secret and PKI management.
    • SIEMs like QRadar/Splunk or related technologies

    What you bring:

    • Expertise with administration and guidance of the above and related technologies.
    • Bachelor's Degree or equivalent experience/certification
    • Windows and Linux/UNIX administration experience

    Mastercard is an inclusive equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact [email protected] and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.

    Corporate Security Responsibility

    All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

    • Abide by Mastercard's security policies and practices;
    • Ensure the confidentiality and integrity of the information being accessed;
    • Report any suspected information security violation or breach, and
    • Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.

    Why you should apply for a job to Mastercard:

  • 4.7/5 in supportive management
  • 69% say women are treated fairly and equally to men
  • 100% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.