Security Assessment & Remediation (Red Team), Vice President

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 7th largest financial group in the world. Across the globe, we’re 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.

Job Summary:

Being part of the Red Team provides you with the opportunity to work on the cutting edge of cybersecurity and help drive the improvement of detection capabilities as well as strengthening of defenses to improve our overall security posture. As the senior member of the team, you will lead junior team members and provide guidance on complex projects.

Major Responsibilities

With your deep expertise and proven success using analytical thinking and iterative problem-solving, you have what it takes to strategically and tactically manage programs and processes. Whether balancing the needs of multiple stakeholders or making sound decisions using data, analysis, past experience, and a risk mindset, you will serve as a trusted advisor who routinely solves complex business problems and delivers against milestones. In the process, you will have exciting opportunities to develop your skills, expand your network, and build your career.

Details:

• Conduct Red Team assessments that require expertise in social engineering, application security (web and mobile), physical intrusion methods, lateral movement, threat analysis, and all other Red Team capabilities.
• Recommend fixes and mitigation for identified vulnerabilities and create comprehensive and accurate reports and presentations for both technical and executive audiences.
• Mentor and manage team members.
• Develop and maintain tools and scripts used in penetration-testing and Red Team processes.
• Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary.
• Review and analyze cyber threats and provide SME support and training to junior level security analysts and engineers.
• When necessary, assist in incident response tabletop exercises as well as postmortem drills with a focus on measurable improvements and benchmarking to show progress.
• Develop, publish, and maintain team procedures and documents.  
• Assess the efficiency, relevance, and integrity of collected data.
• Design, implement, and collaborate on a range of information security metrics and performance reports.
• Maintain familiarity with industry trends and security best practices.

Qualifications

• Bachelor's Degree in Computer Science or related fields; applicable specialized training; OR equivalent work experience - equally preferable.
• OSCP, OSCE, CRTO, GPEN/GWAPT or other offensive security certifications desired.
• A combined minimum 6-8 years’ experience in technology and executing CyberSecurity Assessments, providing guidance to business stakeholders, and interpreting and applying policies and standards, penetration testing, vulnerability management, Red Teaming.
• Demonstrated operational experience in leading, hiring, training, retaining, and mentoring other members of the Red Team.
• Experience in planning and executing advanced attacks that evade network and endpoint security controls to demonstrate the potential adverse impact caused by a threat actor.
• Experience in developing, extending, or modifying exploits and offensive security tools (shellcode, implants, reflective loaders, etc.), as well as operational experience in exploitation, lateral movement, and persistence on Windows and Linux systems, bypassing preventative and detective endpoint and network security controls, C2 frameworks, using common offensive security tools (nmap, CrackMapExec, Impacket, Responder, etc.)
• Experience with cybersecurity standards (NIST CSF, NIST SP 800-53, ISO 27001, MITRE ATT&CK) and translating their relevance and applicability during post assessment reporting.
• Proficient in scripting languages such as .NET/C#, Python, PowerShell, Bash, and Ruby.
• Proficient in utilizing Red Teaming tools such as Mythic, Havoc, Cobalt Strike, and Sliver, and other open-source and commercial offensive security frameworks.
• Demonstrated knowledge of tactics related to malicious insider activity, organized crime/fraud groups, and threat actors, both state and non-state sponsored.
• Previous experience in the financial industry is a plus.
• Additional contributions to the community through open-source projects, conference presentations, or public disclosures are a plus.
• A commitment to learning

The typical base pay range for this role is between $130K - $155K depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below.

MUFG Benefits Summary

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual’s associates or relatives that is protected under applicable federal, state, or local law.