MUFG
Join Mitsubishi UFJ Financial Group
Do you want your voice heard and your actions to count? Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world. With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas, and collaborate toward greater innovation, speed, and agility. This means investing in talent, technologies, and tools that empower you to own your career. Join MUFG, where being inspired is expected and making a meaningful impact is rewarded. The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details. Job Overview
Searching an Sr. Information Security Engineer with the ability to perform technical risk assessments and synthesize observations at a macro level, identifying indicators of changing risk and/or symptoms of process or control deficiencies, ability to identify and propose process and technology controls in dynamic environments, and with in-depth knowledge of applying network switching, TCP/IP, IP Addressing and Routing, WAN Technologies, Operating and Configuring Networked Devices, and Managing Network Environments. Requirements
Must have expertise in AD security features like Group Policy, access control lists (ACLs), and security groups. Must have specialized knowledge of Active Directory monitoring including user account activity, authentication events, and security configuration changes. Must have expertise level knowledge into AD Federation Services (AD FS), Windows Server Active Directory Certificate Services (AD CS), and Azure Active Directory (Azure AD). 5 years' experience in cybersecurity assessment activities or IT audit, penetration testing, and/or vulnerability management. 5 years prior information technology (IT) experience in mid or large-scale companies. Experience with one or more of the following control areas: Active Directory Vulnerability Management Configuration Management Cloud services Experience in performing information security assessments; provide information security guidance to business stakeholders; interpreting and applying information security policy and standards. Technical knowledge and hands-on experience with security and networking architecture, network security design, routers, wireless security, intrusion prevention/detection, firewall architecture, SIEM, DLP, and encryption. Knowledge and prior experience with operating systems internals (Linux, Windows), network protocols and technologies, web services, databases, scripting, and programming languages (C/C++, Java, Perl, Python, Assembly). Proficient working knowledge within the following risk domains/technologies: Database and application security Firewall technologies Network Architecture Database/Application/Network Layer Secure Protocols Change Management Vulnerability Management System Configuration Management Cloud Configuration Management Responsibilities
Co-Develop guidelines for the usage, control, maintenance, and audit-readiness of information and computer resources that are used in the distributed processing environment. Analyze and address security gaps for technologies within the Banks infrastructure. Identify distributed systems security issues as they arise and coordinate with the technology owners to ensure that issues are addressed and resolved in a timely basis. Execute technical risk assessment activities for scoped environments. Perform reporting of findings, issue resolution, and management of findings. Support FLOD/SLOD assessments, audits, and external exams. Provide effective, accurate, and timely reporting. Perform Information Security remote/table-top assessments. Identify high-risk findings and lead risk findings to resolution. Identify control deficiencies by analyzing and identify underlying root causes. Designing, implementing, and collaborating on a range of information security metrics and performance reports. Assisting stakeholders in identifying, initiating, and tracking corrective actions to address anomalies. Analyzing control results in an objective and quantifiable manner. Produce detailed documentation of assessments and perform threat analysis of gaps identified. Communicate vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks. Validate evidence from vendors before remediation plans are closed. Certifications
Certified Information Systems Security Professional (CISSP) Global Information Assurance Certification (GIAC) Certified Information Systems Auditor (CISA) Certified in Risk and Information Systems Control (CRISC) Certified Information Security Manager (CISM) Information Systems Security Professional (CISSP), or other security certifications desired Education
Degree in Computer Science or related professional experience Other Qualifications
As per MUFG's work policy, must work onsite 4 days and 1 day remotely out of either Tampa, FL (Preference), Tempe, AZ, or Jersey City, NJ office. The typical base pay range for this role is between $110K - $142K depending on job-related knowledge, skills, experience, and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, paid vacation, sick days, and holidays.
Do you want your voice heard and your actions to count? Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world. With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas, and collaborate toward greater innovation, speed, and agility. This means investing in talent, technologies, and tools that empower you to own your career. Join MUFG, where being inspired is expected and making a meaningful impact is rewarded. The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details. Job Overview
Searching an Sr. Information Security Engineer with the ability to perform technical risk assessments and synthesize observations at a macro level, identifying indicators of changing risk and/or symptoms of process or control deficiencies, ability to identify and propose process and technology controls in dynamic environments, and with in-depth knowledge of applying network switching, TCP/IP, IP Addressing and Routing, WAN Technologies, Operating and Configuring Networked Devices, and Managing Network Environments. Requirements
Must have expertise in AD security features like Group Policy, access control lists (ACLs), and security groups. Must have specialized knowledge of Active Directory monitoring including user account activity, authentication events, and security configuration changes. Must have expertise level knowledge into AD Federation Services (AD FS), Windows Server Active Directory Certificate Services (AD CS), and Azure Active Directory (Azure AD). 5 years' experience in cybersecurity assessment activities or IT audit, penetration testing, and/or vulnerability management. 5 years prior information technology (IT) experience in mid or large-scale companies. Experience with one or more of the following control areas: Active Directory Vulnerability Management Configuration Management Cloud services Experience in performing information security assessments; provide information security guidance to business stakeholders; interpreting and applying information security policy and standards. Technical knowledge and hands-on experience with security and networking architecture, network security design, routers, wireless security, intrusion prevention/detection, firewall architecture, SIEM, DLP, and encryption. Knowledge and prior experience with operating systems internals (Linux, Windows), network protocols and technologies, web services, databases, scripting, and programming languages (C/C++, Java, Perl, Python, Assembly). Proficient working knowledge within the following risk domains/technologies: Database and application security Firewall technologies Network Architecture Database/Application/Network Layer Secure Protocols Change Management Vulnerability Management System Configuration Management Cloud Configuration Management Responsibilities
Co-Develop guidelines for the usage, control, maintenance, and audit-readiness of information and computer resources that are used in the distributed processing environment. Analyze and address security gaps for technologies within the Banks infrastructure. Identify distributed systems security issues as they arise and coordinate with the technology owners to ensure that issues are addressed and resolved in a timely basis. Execute technical risk assessment activities for scoped environments. Perform reporting of findings, issue resolution, and management of findings. Support FLOD/SLOD assessments, audits, and external exams. Provide effective, accurate, and timely reporting. Perform Information Security remote/table-top assessments. Identify high-risk findings and lead risk findings to resolution. Identify control deficiencies by analyzing and identify underlying root causes. Designing, implementing, and collaborating on a range of information security metrics and performance reports. Assisting stakeholders in identifying, initiating, and tracking corrective actions to address anomalies. Analyzing control results in an objective and quantifiable manner. Produce detailed documentation of assessments and perform threat analysis of gaps identified. Communicate vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks. Validate evidence from vendors before remediation plans are closed. Certifications
Certified Information Systems Security Professional (CISSP) Global Information Assurance Certification (GIAC) Certified Information Systems Auditor (CISA) Certified in Risk and Information Systems Control (CRISC) Certified Information Security Manager (CISM) Information Systems Security Professional (CISSP), or other security certifications desired Education
Degree in Computer Science or related professional experience Other Qualifications
As per MUFG's work policy, must work onsite 4 days and 1 day remotely out of either Tampa, FL (Preference), Tempe, AZ, or Jersey City, NJ office. The typical base pay range for this role is between $110K - $142K depending on job-related knowledge, skills, experience, and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, paid vacation, sick days, and holidays.