Global Forensic Engineer, AVP

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

EDUCATION • Degree or equivalent work experience equally preferable. • Bachelor’s degree in Information Technology, Cyber Security, Computer Science or related discipline CERTIFICATIONS • Preferred Certifications: CISSP, ISSMP, SANS, GSEC, GCFA, GNFA, GIAC and/or GCIH WORK EXPERIENCE • Experience in Information Security or other Information Technology fields • Experience working in global, complex, matrix-managed organization • Experience in threat and vulnerability management • Extensive experience working in global, complex, matrix-managed organization • Experience in vulnerability management • Experience working in global, complex, matrix-managed organization • Experience working directly in Cybersecurity Operations or Information Security • Experience working within the Financial Services Industry preferred • Experience creating trending, metrics, and management reports • Experience across the following technical concentrations: • -Network-Based Security Controls (Firewall, IPS, WAF, MDS, Proxy, VPN) • -Anomaly Detection and Investigation • -Host and Network Forensics • -Operating Systems • -Web Applications and Traffic • Experienced with EnCase, FTK, SIFT, Splunk, Redline, Volatility, Wireshark, tcpdump, and open-source forensic tools • Experience responding to cyber events in public cloud environments such as AWS, Azure, Google Cloud, etc. • Security experience in all phases of product and service development lifecycle including architecture, design, development, testing, release, and operational maintenance. • Experience with cloud computing security, network, operating system, database, application, and mobile device security. • Extensive knowledge of vulnerability management and remediation. • Experience with information security risk management, including conducting information security audits, reviews, and risk assessments. • Experience in two or more security domains including Security Governance and Oversight, Security Risk Management, Network Security, Threat and Vulnerability Management, and Incident Response and Forensics FUNCTIONAL SKILLS • Knowledge of models/frameworks such as Kill Chain and MITRE ATT&CK • Well-developed analytic, qualitative, and quantitative reasoning skills • Demonstrated creative problem-solving abilities • Security event monitoring, investigation, and overall incident response process • Planning and project management • Development of information security policies, standards, and procedures • Strong time management skills to balance multiple activities and lead junior analysts as needed • Understanding of offensive security to include common attack methods • Understanding of how to pivot across multiple datasets to correlate artifacts for a single security event • A diverse skill base in both product security and information security including organizational structure and administration practices, system development and maintenance procedures, system software and hardware security controls, access controls, computer operations, physical and environmental controls, and backup and recovery procedures. • Detailed knowledge and experience in security and regulatory frameworks (ISO 27001, NIST 800 series, FFIEC, SOC2, FedRAMP, STAR, etc.) • In-depth knowledge in one or more security domains including Security Governance and Oversight, Security Risk Management, Network Security, Threat and Vulnerability Management, and Incident Response and Forensics FOUNDATIONAL SKILLS • Communicates effectively • Identifies multiple paths to success using analytical and critical thinking as well as decision-making skills • Exercises sound judgement, prioritizes effectively, and strives for continuous improvement • Effectively collaborates with colleagues • Leverages available technology to drive efficiency and results • Understands and applies industry trends and best practices • Exhibits optimism, resilience, flexibility, and openness to others' ideas • Values learning as a lifelong professional objective • Engages inclusively and with intent • Always acts with integrity • Iterative problem-solving • Serving as a trusted advisor RESPONSIBILITIES High Level Responsibilities: • Examine computers, related hardware, network traffic, related applications, and operating systems to identify potential threats, anomalous or malicious activities to network resources; conduct strategic assessments on systems and networks; provides tactical analyses and suggestions; generate detailed reports for management; take effective measures to prevent and reduce cyber security incidents. • Apply forensic methods and techniques to test hardware/software equipment, operating systems, and memory for electronic data trails detection, and device records tracing; collect and analyze investigative information and data to identify signs or sources of compromise, poor security practices, and unauthorized activities; conduct a range of data forensic investigations of information security incidents • Collect, document, assess, and analyze cyber threat information from various data sets; present reports and findings to management; recommend proactive practices to reduce computer crime. • Execute first-level incident responses for reported and detected incidents; provide technical assistance to other incident response and security operation teams. • Perform security audit on regular basis to ensure compliance with cyber security policies and standards; provide reports and documents regarding network security incidents details and outcome; assist in troubleshooting problems and recommend vulnerability corrections. • Reconstruct damaged computer systems and recover damaged or destroyed data; review forensic images; determine solutions for recovery of potentially relevant information. Details • Perform security investigations, provide forensic services to support the team, assist in the maintenance of forensic and investigative plans and procedures. • Collaborate with eDiscovery and Forensic stakeholders, requesters, internal IT resources, and others to ascertain the appropriate solution. • Utilize our technology platforms and security controls to conduct large-scale investigations and collect and examine endpoint and network-based evidence and artifacts. • Coordinate and drive efforts among multiple business units during response activities and post-mortem. • Produce and communicate executive and detailed level reports of work efforts. • Identify and understand problems or issues through analysis of multiple data sources to draw effective conclusions and choose the most effective course of action considering the broad business impacts. • Thoroughly investigate instances of malicious code to determine attack vector and payload. • Develop and enhance cyber incident response processes and procedures leveraging relationships with front line operations teams and available tools and systems. • Build scripts, tools, or methodologies to enhance incident investigation processes. • Mentor, train, and provide feedback to other analysts to advance their skills and enable new ways of monitoring and detecting threats. • Identify Indicators of Compromise (IOCs) and recommend use cases into sensors and/or SIEMs. • Work with our threat intelligence team to leverage actionable threat information. • Assist in the identification of security gaps based on incident analysis. • Produce threat intelligence reports (FS-ISAC, DHS, etc.) which identify relevant upcoming and ongoing threats to the enterprise • Use the reports to make decisions and changes to the risk and threat posture and control environment • Identify new threats and vulnerabilities using sources such as threats identified by institution staff and known threats identified by information sharing and analysis organizations and other non-profit and commercial organizations • Perform detailed threat modeling to identify where the business and relevant IT systems are vulnerable and models those threats according to type, severity, and target • Monitor and analyzes industry and privately obtained vulnerability data • Build a process to support SLA’s for different types of risk • Research evolving threats, techniques, and tools in support of threat intelligence efforts • Manage the vulnerability scanning process and document a prioritized list of the most critical vulnerabilities along with the risk scores. • Subscribe to a vulnerability intelligence service to stay aware of emerging exposures, and use the information gained from this subscription to update the organization's vulnerability scanning activities • Perform TSS Policy compliance scanning to identify when IT assets violate security requirements and policy • Update the scanner regularly to enable the identification of new security vulnerabilities • Establishe a dedicated account for authenticated vulnerability scans and grant access to a limited number of employees • Perform vulnerability analysis and generates reports for stakeholders to remediate, and brief senior management on critical vulnerabilities • Perform periodic asset discovery and gap analysis to report rogue devices • Research evolving threats, techniques, and tools in support of vulnerability management efforts • Stay current with information security program developments, industry frameworks, and changes in the company that may impact reporting • Risk-rate vulnerabilities based on the exploitability and potential impact of the vulnerability, and segmented by appropriate groups of assets • Perform TSS Policy compliance scanning to identify when IT assets violate security requirements and policy • Establish expected patching timelines based on the risk rating level • Measure the delay in patching new vulnerabilities and ensure compliance with Service Level Agreements (SLAs) • Review critical patches in the test environment prior to pushing them into production on enterprise systems • Assist system owners in the remediation of IT assets which violate Technology Security Standards • Monitor logs associated with scanning activity and associated administrator accounts to ensure that all scanning activity is limited to the timeframes of legitimate scans • Tracsk and report vulnerability remediation progress • Research evolving vulnerabilities, techniques, and tools in support of patch management efforts • Investigate advanced alerts used to detect security violations • Review Tier I analysis to determine if an incident is in-process or has already occurred. Provide additional analysis before escalating to Tier III if required • Correlate event logs with information from detection events and earlier vulnerability scanning results to determine whether the given exploit was used against a target known to be vulnerable • Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs) • Serve as a first responder for forensics analysis and investigation capabilities • Communicate directly with data asset owners and business response plan owners during high severity incidents • Determine event and incident thresholds and when to invoke the Computer Incident Response Team (CIRT) • Tune technologies such as IDS, proxy servers, and in-line malware tools based on threat feeds, trust and reputation data, incidents, or vulnerabilities and exploits of downstream systems • Coordinate with Managed Service Security Providers (MSSPs) to document roles and responsibilities and determine SLAs to respond to incidents • Coordinate with Information Sharing associations to share threat and event intelligence and build into monitoring tools and Intrusion Detection/Prevention systems • Mentor Tier I analysts • Maintain knowledge of industry trends and current security best practices

Mitsubishi UFJ Financial Group (MUFG) is an equal opportunity employer. We view our employees as our key assets as they are fundamental to our long-term growth and success. MUFG is committed to hiring based on merit and organsational fit, regardless of race, religion or gender.