7 Cwe Jobs

As a Lead Software Engineer at the Loyalty Rewards and Segments Organization within Mastercard, you will play a crucial role in designing, developing, testing, and delivering software frameworks for use in large-scale distributed systems. In this position, you will lead the technical direction, architecture, design, and engineering practices to create cutting-edge solutions in event-driven architecture and zero trust. Your responsibilities will include prototyping new technologies, designing and developing software frameworks using best practices, writing efficient code, debugging and troubleshooting to improve performance, and collaborating with cross-functional teams to deliver high-quality services. You will balance competing interests with judgment and experience, identify synergies across teams, and drive process improvements and efficiency gains. To excel in this role, you must have deep hands-on experience in software engineering, particularly in architecture, design, and implementation of large-scale distributed systems. Expertise in event-driven architecture and knowledge of zero trust architecture are essential. Proficiency in Java, Scala, SQL, and building pipelines is required, along with experience in the Hadoop ecosystem, including tools like Hive, Pig, Spark, and cloud platforms. Your technical skills should also include expertise in web applications, web services, and tools such as Springboot, Angular, REST, OAuth, Sonar, Splunk, and Dynatrace. Familiarity with XP, TDD, BDD, secure coding standards, and vulnerability management is important. You should demonstrate strong problem-solving skills, experience in Agile environments, and excellent verbal and written communication. As a Lead Software Engineer, you will have the opportunity to mentor junior team members, demo features to product owners, and take development work from inception to implementation. Your passion for technology, continuous learning, and proactive approach to challenges will drive the team towards success. You will also be responsible for upholding Mastercard's security policies, ensuring information security, and reporting any violations or breaches. If you are a motivated, intellectually curious individual with a strong background in software design and development, this role offers a platform to work on innovative technologies and deliver solutions that meet the needs of Mastercard's customers. Join us in shaping the future of loyalty management solutions for banks, merchants, and Fintechs.,

Skills SIEM tools (Splunk), SentinalOne, CASB tool (NetSkope), DLP OWASP, CWE, SANS, NISTGoogle, Microsoft, AWS scripting languages like Python, PowerShell security certifications (Security+, CEH, ECIH, GCIH Wireshark and packet sniffing tools (Java, Shell, JavaScript, Python threat analysis python cloud security software siem tools information security event log analysis adaptability siem planning scripting securitypeople management skill system java team work gcp leadership splunk logging aws programming communication skills architecture Education BE/B.Tech/MCA/M.Sc./M.Tech in Computer Science or related discipline Year of Experience: Minimum7 to 10 years of experience in the security domain with exposure to Security Products About the Team & Role: Position Overview: We are seeking a highly experienced and proactive Information Security Manager to lead our security initiatives. This role requires deep expertise in threat analysis, SIEM tools (Splunk, SentinelOne), and major security frameworks (OWASP, NIST). The ideal candidate will be responsible for identifying and mitigating technical risks, enhancing security tools, preparing intelligence reports, and providing technical leadership to a team. Candidates should have a minimum of 10 years in the security domain, strong experience with cloud security (Google, Microsoft, AWS), scripting (Python, PowerShell), and security event log analysis. Excellent communication and problem-solving skills are essential. Preferred qualifications include SIEM and vulnerability management experience, relevant security certifications (Security+, CEH, GCIH), and a Bachelor's degree in a related field. What will you get to do here? Initial point of contact for client requirements and operational escalation Proactively identify technical and architectural risks, and work effectively to mitigate them Research, plan, and implement new tool features to make security tools more effective and add value Prepare and present Security Intelligence Reports Provide technical direction to Associates and Analysts within the team Assist in investigations of high-level, complex violations of information security policies Report security performance against established security metrics Provide deep subject matter expertise in architecture, policy, and operational processes for threat analysis and client escalation Provide guidance and support to 3rd-level technical support, including architecture review, rules and policy review/tuning Establish and communicate extent of threats, business impacts, and advise on containment and remediation Collaborate with other BUs on security gaps and educate teams on cybersecurity importance Manage platforms and vendors What qualities are we looking for? Minimum 10 years of experience in the security domain with exposure to Security Products Experience with methodologies and tools for threat analysis of complex systems, such as threat modeling SME knowledge of SIEM tools (Splunk), SentinalOne, CASB tool (NetSkope), DLP, etc. Understanding of major security frameworks (OWASP, CWE, SANS, NIST, etc.) SME-level knowledge of the current threat landscape Experience securing applications deployed on cloud platforms (Google, Microsoft, AWS) Knowledge and experience with scripting languages like Python, PowerShell Experience with security operations program development Proficiency with security event log analysis and various event logging systems Excellent verbal and written communication skills Ability to learn and retain new skills in a changing technical environment Willingness to learn new technology platforms SIEM experience and Vulnerability Management Recognized network and security certifications (Security+, CEH, ECIH, GCIH, etc.) Experience with Wireshark and packet sniffing tools Python development experience Bachelor's degree in Computer Science, Engineering, or a related field Strong proficiency in programming languages (Java, Shell, JavaScript, Python) Excellent problem-solving skills and attention to detail Strong communication and teamwork abilities Expertise with privacy software

Job Description: Participate in team prioritization discussions with Product/Business stakeholders Estimate and own delivery tasks (design, dev, test, deployment, configuration, documentation) to meet the business requirements • Automate build, operate, and run aspects of software • Drive code/design/process trade-off discussions within their team when required Report status and manage risks within their primary application/service • Drive integration of services focusing on customer journey and experience Understands operational and engineering experience, actively works to improve experience and metrics in ownership area Develop complete understanding of end-to-end technical architecture and dependency systems Drive adoption of technology standards and opinionated frameworks, and review coding, test, and automation work of team members Identify opportunities to improve an overall process and trim waste. Skills: Net core, API Development, SQL Server DB, Windows Services.

As a Software Engineer II - Java Backend at Mastercard, you will be responsible for driving development in Java 8 and above using Object Oriented SOLID principles and patterns to create reusable and scalable microservices. You will leverage technologies such as Spring Boot Framework, Cloud Native Technologies, and Event Driven Architecture to build mission-critical software capabilities. Your role will involve implementing different application patterns to support various business processes, ensuring alignment with enterprise architecture and delivering high-quality services into test and production environments. Your responsibilities will include writing Junit test cases, utilizing tools like Maven/Ant/Gradle and GIT, and applying best development practices to produce well-designed, maintainable, testable, scalable, and secure code. You will implement standard branching and peer review practices, while also using tools like Sonar and Checkmarx to scan and measure code quality. Building test code at unit, service, and integration levels will be essential to ensure code and functional coverage. Additionally, you will develop and implement business requirements in accordance with defined quality and coding standards, agreed design, and architecture. To be successful in this role, you should have 3-5 years of career experience in Java Development, with expertise in Core Java, J2EE, Spring Boot, and Spring Batch. Experience in Web Services, Microservices, and APIs is crucial, and familiarity with Event Driven Architecture and Cloud Native technologies is advantageous. Knowledge of Middle-tier and Backend development is desirable, along with experience in Wrappers and Angular. Effective communication skills, strong expertise in application development, and an understanding of working with Cloud platforms, performance, and scalability are important. You should also be familiar with secure coding standards, advanced design patterns, and standard branching and peer review practices. If you are a proactive Software Engineer with a passion for Java Development and a strong foundation in Object Oriented SOLID principles, this role offers an exciting opportunity to contribute to the development of innovative solutions at Mastercard.,

Dynamic Yield, a Mastercard company, is seeking a Principal Engineer, File Transfer Services to join our team. This is a hands-on technical leadership role for a recognized authority and technical expert. You will drive innovation and organizational growth through significant code contributions (70% coding focus) and by coaching engineers (30% coaching focus). We are looking for someone passionate about software craftsmanship, who thrives in an IDE, champions modern engineering practices, and is dedicated to building highly resilient and scalable distributed systems. The Role As a Principal Engineer, File Transfer Services, you will: Hands-on Technical Leadership: Spend the majority of your time coding, writing interfaces, unit/acceptance tests, and defining architecture fitness functions. Architectural Excellence: Drive the architectural design for complex enterprise-wide initiatives, including dependent services, interactions, and policies. Modern Engineering Practices: Implement and evangelize cutting-edge engineering practices such as Domain-Driven Design (DDD), consumer-driven contracts, feature flags, and fitness functions. Code Quality & Security: Implement, monitor, and maintain compliance and security within CI/CD pipelines, upholding the Code is Design and Design is Code principle. Polyglot Expertise: Bring advanced engineering practices to life across multiple evolving frameworks, ensuring reduced cost and increased lifecycle value. Technical Debt & Refactoring: Proactively identify and resolve technical debt, refactoring code for improved SDLC, performance, and availability. Problem Resolution: Own and drive the resolution of complex enterprise-wide initiatives spanning multiple services/programs. Product Partnership: Collaborate with business/product owners to architect and deliver new services and product bundles. Agile Contribution: Actively participate and contribute to the team's agile process, understanding and driving prioritization decisions and trade-offs. Customer Experience: Take ownership of improving the customer experience across entire sets of services/applications. Mentorship & Guild Leadership: Contribute to and lead Guild initiatives, mentoring engineers at all levels to enhance software engineering craftsmanship. Strategic Impact: Simplify and improve the cost/benefit of functions, services, and architecture strategies. Thought Leadership: Engage in organization-wide and public speaking, and publish white papers/blogs on relevant and emerging technical topics. Cross-Organizational Influence: Consult across teams and organizational lines to identify synergies and reuse opportunities. Hiring & Culture: Conduct technical interviews to raise the performance bar for engineering staff and identify/address siloed behaviors. All About You Systems Expertise: Expert in building highly resilient and scalable distributed systems, with deep exposure to various database, messaging, and caching technologies. Polyglot Development: Proven design and development experience in multiple languages ( e.g., Java, .NET, JavaScript, SQL ), adhering to secure coding standards ( e.g., OWASP, CWE, SEI CERT ). DevOps & Cloud: Expert understanding and experience of DevOps best practices, with a strong preference for Infrastructure as Code and cloud-first software development (e.g., A/B testing, canary releases, blue-green deployment, feature flags). CI/CD: Experienced in Continuous Integration (CI) and Delivery (CD) concepts, automation, pipelines, virtualization, and containerization. Operating Systems: Understands internals of operating systems (Windows, Linux, Mainframe) to write interoperable and performant code. Architectural Principles: Skills to develop and evangelize reference architecture and run principles (e.g., poison pill, active/active/active, auto-scaling, self-healing). Design Patterns: Understands use cases for advanced design patterns (e.g., service-to-worker, MVC, API gateway, dependency injection). API Standards: Implements Application Programming Interface (API) standards and cataloging to drive API/service adoption and commercialization. Full Stack & Ownership: Skills to promote and coach teams on full-stack development and end-to-end service ownership. Mentorship & Estimation: Experience in leading and coaching teams in software planning and estimation for complex programs, and driving trade-off discussions. Automation & Performance: Experience in designing and executing automation across business areas, with strong performance engineering skills. SDLC Optimization: Skills to evaluate practices, metrics, and roles to continually optimize SDLC methodologies and automate processes. Cloud Cost Analysis: Skills to perform architecture and cost analysis for internal, hybrid, and public cloud environments. Communication: Skills to succinctly articulate complex system architecture patterns and their business implications to executive and customer stakeholders. Operational Resilience: Skills to define and drive advanced chaos and other operational testing practices to test points of failure. Modern SDLC: Experienced in Agile and modern SDLC practices (Scrum/Kanban/Continuous Delivery/DevOps/Quality engineering). Dynamic Yield is an Equal Opportunity Employer.

Roles and Responsibilities: Perform SAST/SCA/DAST scans using industry vulnerability scanner SAST/SCA Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWE s as we'll as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file. DAST Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution. During testing process, tester MUST ensure application is not degraded and/or taken out of service due to scanning activities Tester must ensure results from scanner are present in VM reporting platforms and visible to approved app users Validation - Supplier will perform manual validation and false-positive analysis on the automated scan results. Remediation Support: The remediation support will analyze the top-rated vulnerabilities along with provide support to application teams on remediation strategies from identified risks. Scan Retest: Supplier will perform revalidation tests of previously identified critical and high severity vulnerabilities as requested by the client application teams. Complex application testing and remediation/mitigation recommendation author Technical leadership of group of less experienced testers. Adversary based approach to test plan development Attempt to access unauthorized data Attempt to make unauthorized changes Bypass business logic, authentication, user privileges, etc. Hijack accounts (Does not include social engineering methods) Attempt to exploit OWASP Top 10 vulnerabilities EcoSystem Testing All forms of application security testing, attempt to exploit All forms of device security testing, attempt to exploit All forms of database security testing, attempt to exploit Full Stack review, weakness enumer

Roles and Responsibilities: Perform SAST/SCA/DAST scans using industry vulnerability scanner SAST/SCA Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWE s as we'll as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file. DAST Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution. During testing process, tester MUST ensure application is not degraded and/or taken out of service due to scanning activities Tester must ensure results from scanner are present in VM reporting platforms and visible to approved app users Validation - Supplier will perform manual validation and false-positive analysis on the automated scan results. Remediation Support: The remediation support will analyze the top-rated vulnerabilities along with provide support to application teams on remediation strategies from identified risks. Scan Retest: Supplier will perform revalidation tests of previously identified critical and high severity vulnerabilities as requested by the client application teams. Complex application testing and remediation/mitigation recommendation author Technical leadership of group of less experienced testers. Adversary based approach to test plan development Attempt to access unauthorized data Attempt to make unauthorized changes Bypass business logic, authentication, user privileges, etc. Hijack accounts (Does not include social engineering methods) Attempt to exploit OWASP Top 10 vulnerabilities EcoSystem Testing All forms of application security testing, attempt to exploit All forms of device security testing, attempt to exploit All forms of database security testing, attempt to exploit Full Stack review, weakness enumer