Penetration Tester, Assistant Vice President - Remote

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 6th largest financial group in the world. Across the globe, we're 160,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

• Performing formal hands-on penetration tests and vulnerability assessment of complex applications, networks, and mobile applications.
• Documenting security findings with management and producing actionable, threat-based, reports on security testing results.
• Implement a secure Systems and Software Development Lifecycle with security Controls and testing DAST and vulnerability scans with an emphasis on automating tools and process integration.
• Develop a tactical execution plan aligned with a core security strategy.
• Encourage innovation, the implementation of cutting-edge technologies, inclusion, outside-of-the-box thinking, teamwork, self-organization, and diversity.

• Bachelor's Degree in Computer Science or related fields; applicable specialized training; or equivalent experience
• Five (5) or more years of experience in cyber security including 2years of Penetration Testing or Red Teaming
• Experience in the banking or finance industries preferred
• Certified Ethical Hacker, , or CompTIA PenTest+ Certification
• Knowledge of information security standards, rules and regulations related to information security and data confidentiality, and desktop, server, application, database, network security principles for risk identification and analysis
• Experience with performing black, white and grey box penetration testing and system exploitation against applications, APIs, Web, Mobile, and Modern Infrastructure (Containers, Microservices, Serverless etc.).
• Conducting research into real-world threat actor tactics, techniques, and procedures.
• Development experience using Python, PowerShell or Java
• Experience with conducting penetration and malicious user testing in Cloud environments, including Amazon Web Services (AWS), Azure, and on-premises systems
• Solid knowledge and understanding of development life cycle (SSDLC), CI/CD pipelines and Agile methodologies
• Understanding of common software security issues and remediation techniques (OWASP Top 10, SANS 25, Mitre ATT&CK, etc.)
• Experience with analyzing vulnerabilities and delivering clear and coherent written reporting, identifying network risks and providing mitigation recommendations
• Excellent knowledge of Windows/AD/Linux systems administration and vulnerabilities
• An organized and detail-oriented cyber security professional able to perform independently as well as part of a team
• Ability to craft/deliver communication of technical information from highly technical reports to C-suite briefs and everything in-between