Senior Vulnerability Analyst in London

The Senior Vulnerability Analyst is accountable for supporting the vulnerability scanning capability within the Vulnerability Management function. This includes scanning platforms, ensuring timely and accurate vulnerability identification, and driving improvements to coverage, automation, reporting, and overall scan effectiveness. You will act as a subject‑matter expert for vulnerability scanning – ensuring vulnerabilities are accurately detected, communicated to stakeholders, and aligned with Mastercard's broader security strategy. You will also contribute to continuous improvement across the vulnerability management lifecycle.

Operations

• Support the Vulnerability Scanning team.
• Oversee daily scanning operations, ensuring accuracy, completeness and adherence to SLAs.
• Ensure timely delivery of scan results, reporting, and escalations.

Technology Ownership

• Maintain the vulnerability scanning toolsets across infrastructure, applications, cloud and network environments.
• Ensure scanning coverage remains complete and up to date across all assets.
• Monitor scan performance, tune configurations, and optimise scanning processes.
• Champion automation and integration with asset management tools.

Governance, Controls & Standards

• Maintain policies, standards and processes related to vulnerability scanning.
• Ensure alignment with Mastercard security policies, regulatory requirements, and industry best practices.
• Support audits, compliance reviews and evidence requests relating to scanning.

Analysis, Reporting & Continuous Improvement

• Provide expert interpretation of scan results, threat alerts and vulnerability intelligence.
• Deliver high‑quality management information, dashboards and reporting to senior leaders.
• Identify and drive continuous improvements in scanning effectiveness, coverage and process efficiency.
• Propose enhancements to technology, workflows or methodologies based on metrics and stakeholder feedback.

Collaboration & Stakeholder Engagement

• Act as a point of contact for scanning‑related queries.
• Partner closely with remediation teams, threat intelligence, engineering, and application teams.
• Contribute to incident response and investigations where vulnerabilities are involved.
• Represent the scanning function in cross‑functional projects and working groups.

Corporate Security Responsibility

• Every colleague working for or on behalf of Mastercard is responsible for protecting our information assets.
• Abide by Mastercard's security policies and practices.
• Ensure confidentiality, integrity and appropriate use of information.
• Report any suspected security incidents or breaches.
• Complete required security training as mandated.

Qualifications

• Demonstrable experience leading a vulnerability scanning or vulnerability management team.
• Strong technical expertise with enterprise vulnerability scanning technologies (e.g., Tenable, Qualys, Rapid7, Prisma, or equivalent).
• Strong understanding of network, cloud, application and container security principles.
• Experience implementing vulnerability management strategies, tools and process improvements.
• Solid understanding of malware behaviours, attack vectors, and exploit methodologies.
• Excellent knowledge of security standards, frameworks and regulatory expectations.
• Strong analytical and problem‑solving skills.
• Ability to interpret vulnerability data and communicate in business‑friendly language.
• Strong understanding of network design, traffic flows, and firewall architecture.
• Excellent communication and presentation abilities.
• Ability to prioritise and manage competing demands in a fast‑paced environment.
• Strong business acumen and ability to influence across technical and non‑technical teams.