Sr. Information Security Engineer, Assistant Vice President
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2018) with total assets of over $2.9 trillion (106.2 (JPY) as of March 30, 2018) and 150,000 colleagues in more than 50 countries. In the U.S., we're 13,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that include our cash balance pension plan. Join a team that's working to fulfill its vision to be the world's most trusted financial group.
Information security is an integral part of the MUB corporate culture. It is essential to maintain our position as an industry leader in retail banking and it is the responsibility of each and every employee to safeguard information, protect it from unauthorized access, and ensure regulatory compliance. Information security has a significant effect on privacy, consumer confidence, external reputation, and the bottom line, and it is a priority on everyone's agenda.
The successful candidate for this Sr. Information Security Engineer position will be an experienced professional who will be responsible for analyzing, designing, implementing, deploying and maintaining the bank's SSL Visibility, Web Application Firewalls and other key security controls.
Support the SSLV and WAF program by reviewing, analyzing, developing and deploying security policies. Review threats and ensure that blocking efficacy is high. Assist with project efforts to design security controls and processes that solve business problems both on-prem and in the cloud. Provide input into new security strategies and trends as well as measure and report on the processes that affect the integrity, functionality, and reliability of the bank's security control framework. Prior experience with Network Access Controls, MFA or Remote Access Controls is also desired.
The Sr. Information Security Engineer is a key position supporting various project efforts to deploy security controls across the enterprise while maintaining existing controls as well. Develop control policies and alerting as well as reports to safeguard the bank's information assets.
- Analyzing and developing policies and solutions to support SSLV and WAF security on an enterprise scale both on-prem and in the cloud
- If qualified, provide secondary support for NAC, MFA or Remote Access as needed
- Leading enterprise scale projects from design through completion
- Interfacing with senior management both verbally and written
- Design, implement and collaborate on a range of information security metrics and performance reports
- Design, review and improve process flows
- Identify control deficiencies by analyzing and identifying underlying root causes
- Assisting stakeholders in identifying, initiating, and tracking corrective actions to address anomalies
- Effective use of Splunk security app/dashboard
- Research and prototype emerging technologies and techniques
- Must have a minimum of 5 years' experience in information security, 10 years' experience in the other fields and or be able to thoroughly demonstrate the necessary skill set.
- Experience managing SSLV and WAF controls and policies
- Financial services experience in a Top 10 Banking environment is preferred
- Work experience in the areas of information security, IS auditing, data processing operations, systems development and/or computer programming
- Demonstrated ability to effectively apply information security theories and concepts to specific circumstances.
- Ability to gain the cooperation from users to create a level of security awareness throughout the Bank for accountability and responsibility.
- Current knowledge of operating system changes and evaluate the impact to existing security systems.
- Ability to understand and determine security risks and appropriate controls, analyze various methods of controlling information security problems, to identify weak links in information security products, and determine how to mitigate the control deficiencies.
- The capability to program or script in one or more languages of the following languages (Python, Java, or Visual Basic).
- Be able to create native productivity aids and command scripts. Have a thorough understanding of personal computers and software productivity packages like MS Office, Access, Excel, and terminal emulation software.
- Must be familiar with Regular Expressions and Splunk
- Must have the skills required to evaluate business process and application software, which effect the integrity, functionality, and reliability of the bank's network and systems.
- Leads pro-active reviews and self-assessments of the policies, procedures and systems, including but not limited distributed computer systems, Internet, Intranet, and Extranet networks.
- Understanding of conceptual processes and system characteristics in the security space
- Common OS operation
- Application transaction
- Access control conformance
- Experience with:
- Lean Six sigma
- IT risk management
- Certifications desired:
- Excellent communication (written and verbal) and interpersonal skills
- Results driven, with a strong sense of accountability
- A pro-active, motivated approach to work while utilising creativity and innovation
- The ability to operate with urgency and prioritize work accordingly
- Strong problem solving skills
- The ability to manage large workloads and tight deadlines
- Excellent attention to detail and accuracy
The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.
We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.
A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it's the bank's policy to only inquire into a candidate's criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.
Back to top