• Design, build, and deploy agentic harnesses and LLM-integrated workflows from prototype through production within existing platforms • Define and own performance benchmarks to evaluate reliability, accuracy, and continuous improvement of agentic pipelines • Evaluate and recommend emerging AI tools, models, and platforms for adoption • Identify, develop, and maintain AI-powered automations and tools that improve efficiency across service delivery, operations, and sales functions throughout the Northeast region • Lead workflow assessments to identify opportunities for agentic automation and design repeatable, scalable delivery frameworks • Own documentation, testing, and iteration on productized AI components and proof-of-concept builds for internal and client audiences • Design and deliver enablement programs that build regional teams' capability to independently operate, maintain, and extend agentic harnesses • Develop training materials and lead workshops that build agentic AI literacy across functional teams, including handoff documentation and runbooks • Other duties as assigned

Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential. Title and Summary Information Security Engineer Job Description Summary Mission First, People Always As Corporate Security, we are responsible for keeping Mastercard safe and secure from cyber and physical threats, and it is our people on the frontlines who make this happen every day. By taking care of our people, their wellbeing, and career development, we provide them the necessary tools and environment to ensure the success of our mission. Overview The Cloud Security team is looking for an Information Security Engineer II to join our team to support the design and implementation of cloud native and cloud agnostic security solutions in support of Mastercard's cloud security strategy. This position will focus on enabling business opportunities by ensuring the secure deployment of Mastercard applications and services. The ideal candidate is passionate about cybersecurity policies and governance, highly motivated, intellectually curious, and analytical. Key Responsibilities In this role, you will:• Perform technology evaluations, supporting business case development, test case definition, and vendor selection based on industry standard criteria.• Support the design, test, and implementation of security solutions to meet security and regulatory requirements for cloud environments.• Support senior cloud security engineers and development and operational teams to securely design applications and services following industry best practices.• Cultivate and maintain working relationships with variety of internal stakeholders, including business owners, end-users, customers, project managers, engineers, and leaders.• Demonstrate a working knowledge of information security principles, theories, and concepts.• Support security analysis of application architectures and cloud services. All about you:• 1-3 years of experience, ideally with exposure to AWS and/or Azure environments.• Strong understanding of information security (cybersecurity) fundamentals, risk management, and data privacy - especially in fintech.• Familiarity with both the capabilities and limitations of cybersecurity as it relates to cloud-native and multi-cloud applications and infrastructure.• In-depth knowledge of networking, firewalls, and application security principles.• Strong understanding of identity management, user authentication, and authorization.• Ability to work independently, showing initiative and autonomy in managing projects and tasks. NICE Framework References Mastercard Corporate Security Roles have been aligned with the NICE framework (National Initiative for Cybersecurity Education). For this role the NICE Work Roles most closely aligned are:• Cybersecurity Architecture• Secure Systems Development• Security Control Assessment• Systems Authorization• Systems Security Management Corporate Security Responsibility Every person working for, or on behalf of, Mastercard is responsible for information security. All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and therefore, it is expected that the successful candidate for this position must: • Abide by Mastercard's security policies and practices.• Ensure the confidentiality and integrity of the information being accessed.• Report any suspected information security violation or breach, and• Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines. Corporate Security Responsibility All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must: - Abide by Mastercard's security policies and practices; - Ensure the confidentiality and integrity of the information being accessed; - Report any suspected information security violation or breach, and - Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.

Role Description As an Information Security Engineer III, you will work on securing applications across InComm Payments by integrating security tools into CI/CD pipelines, conducting threat modeling, and supporting incident response. The role involves: - Integrating SAST tooling into CI/CD pipelines, ensuring compatibility and efficient scanning within development workflows. - Providing tailored SAST integration support for development teams at varying maturity levels with diverse toolsets and security requirements. - Analyzing application logs for anomalous patterns, communicating findings to leadership, and persuading them to take appropriate action. - Participating in on-call rotation in support of WAF incidents. - Validating security vulnerabilities identified by automated tools and fine-tuning configurations to minimize false positives and reduce noise. - Developing threat models with development teams to help expose risks in their deliverables. - Conducting regular assessments of security configurations and controls within Azure, AWS, and OCI environments. - Assisting in investigating security incidents with CSOC and implementing corrective actions. - Participating in application design and architectural reviews. - Facilitating activities such as blue/red team events and bug bounty programs. - Leading prioritization discussions to gain traction on important security issues. - Acting as a liaison with 3rd parties performing vulnerability scans and penetration testing to validate findings and inform priorities and strategies for remediation. - Drafting, evaluating, and monitoring compliance with application and development security standards. - Ensuring development teams are validating for OWASP Top 10 and performing industry-leading application security practices. Qualifications - 5+ years of application security experience. - Strong background with CI/CD processes and associated tooling, such as Jenkins, GitHub Actions, Azure Pipelines, or similar. - Strong scripting experience – PowerShell, Python, etc. - Extensive experience with SAST & DAST application scanning tools and knowledge of OWASP methodologies. - Application security experience with high-level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP). - Experience with Container technologies – Docker, Docker Swarm, Kubernetes. - Experience in cloud security, specifically with Azure, AWS, and OCI, preferably in the Fintech or related sectors and multi-cloud environments. - Knowledge of Web Application Firewalls (WAF). - Experience with Identity and Access Management security solutions and protocols (e.g., SAML, OpenID, and OAuth). - Experience with performing web, API, and mobile manual penetration testing; preparing reports to document findings; and presenting the report to development teams. - Familiarity with regulatory controls and industry best practices such as HIPAA, PCI, HiTrust, NIST etc. - Communication skills to create documentation, videos, and conduct training classes. - Ability to manage multiple tasks simultaneously and meet established deadlines. - Ability to collaborate with IT teams on security-related tasks and projects. - Ability to work productively while remote and communicate effectively in a virtual team environment. - Ability to stay current with new technology. Company Description InComm Payments is a pioneer in the payment (FinTech) industry, founded over 30 years ago. We have grown to a team of over 3,000 employees in 35 countries, owning over 400 global technical patents and a network that includes over 525,000 points of retail distribution. We work with the most recognized and valued brands in the world and are highly focused on our people and their growth, valuing innovation, quality, passion, integrity, and responsibility.

• Lead and deliver complex security engagements centered on Azure Security, Identity & Access Management (IAM), and Microsoft Purview / AI Governance. • Serve as a principal-level architect, thought leader, and trusted advisor who shapes secure cloud, data, and AI governance strategies for enterprise clients while remaining deeply engaged in delivery. • Provide senior technical leadership across multiple strategic client engagements. Lead executive and architectural design sessions, define target-state security architectures, and guide delivery teams through implementation with a strong focus on quality, scalability, and measurable business outcomes. • Act as a trusted advisor to client stakeholders, including security, infrastructure, data, and executive leaders. Shape security roadmaps, advise on operating models and governance, and bring forward innovative perspectives on Azure security, identity modernization, data protection, and AI governance. • Remain hands-on in delivery while overseeing complex programs from strategy through implementation. Partner with delivery leadership to align milestones, manage technical risk, remove blockers, and ensure successful outcomes across architecture, implementation, and adoption phases. • Design and lead implementation of enterprise security architectures across Azure and hybrid environments, including Microsoft Entra ID, Conditional Access, Identity Protection, Privileged Identity Management (PIM), role-based access control, Zero Trust controls, workload protection, and security monitoring patterns aligned to least privilege and strong governance. • Lead engagements focused on Microsoft Purview, information protection, data security posture management, data loss prevention, compliance, and governance for Copilot, AI applications, and AI agents. Help clients establish secure and compliant approaches for data access, policy enforcement, monitoring, lifecycle management, and responsible AI enablement. • Contribute approximately 25-30% of role capacity to sales enablement and solution development activities. Partner with account teams and solution leaders to shape opportunities, lead discovery conversations, develop solution approaches, support estimates and statements of work, contribute to proposals, and articulate differentiated value in client pursuits. • Help scale the security practice through reusable assets, reference architectures, accelerators, and delivery standards. Mentor architects and engineers, coach teams on emerging Microsoft security capabilities, and strengthen organizational readiness across Azure security, identity, data governance, and AI security disciplines.