Insider Threat Security Engineer - Associate Vice President
Tampa - 4050 West Boy Scout Blvd.
Full Time Mid-level / Intermediate USD 121K - 142K
Do you want your voice heard and your actions to count?
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 7th largest financial group in the world. Across the globe, we’re 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.Responsibilities:
As a Cybersecurity specialist, you will be responsible to assess and enhance the MUFG working environment by establishing a system of governance, evaluating existing and future risk, and validating compliance to Information Security standards and policies
Develop and perform processes for the Insider Threat program, including triage anomalous events, evaluate reports, respond/analyze threats, and leverage response playbooks with key stakeholders
Crosswalks security governance leveraging multiple security compliance frameworks and regulations to ensure holistic governance strategy
Provides Incident Response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary
Build, implement, and maintain processes, workflows, and technologies to detect and respond to high-risk insider activities
Evaluate existing behavioral constructs of detecting potential insider threats for applicability and effectiveness
Develop security and security-related governance (e.g., policies, standards, and processes) as required
Periodically reviews and updates MUFG Information security governance documents and training materials to ensure they remain current and relevant
Conducts comprehensive risk assessments, security-related control assessments, and compliance audits to identify technology and security program risks
Work closely with key stakeholders and security awareness teams to help identify top risks and identify new threat tactics, techniques and procedures used by cyber threat actors related to employees that may lead to compromise and exfiltration of sensitive information
Write clear, concise, and timely intelligence products that identify, analyze, and collate disparate pieces of information to develop baseline of normal user and network device behavior
Experience
5-6 years of overall technical experience in either reverse engineering/malware analysis, insider threat, threat intelligence, incident response, security operations, or related information security field
5-6 years experience in information security operation, working knowledge of regulatory or legal requirements, and security standards that may impact information security
Previous experience with Insider Risk and/or Risk Management data analysis
2+ years of experience in application design/engineering, including but not limited to programming/scripting, Windows/Linux system administration, relational database management system (RDBMS)/NoSQL database administration, etc.
Understanding core concepts, including asset inventory, privileged accounts, identity and system access, separation of duties, and least privilege whenever possible
Experience in the banking or finance industries preferred
Must effectively deal with rapid technological and business changes while maintaining enthusiasm, displaying sound judgement, and being a complex problem solver
Direct experience of analyzing malware, must have a solid understanding of dynamic/static analysis of malware
Experience in encryption/obfuscation and how to reverse it is desired, but not required
Experience in building data analytic processes and procedure
Skills & Competencies
Experience designing, implementing, and executing IT Risk Management projects, Information Security, governance, tools, and technologies across complex, large-scale environments
Experience writing IT risk assessments and controls, and developing Information Security policies, procedures including Exception Management Processes
Assist the Insider Threat team to develop data classification policies, standards, and guidelines
Ability to build and maintain strong relationships across departments/teams and effectively communicate solution designs to stakeholders and leadership
Strong knowledge of cyber risk and cybersecurity principles, including familiarity with relevant laws, regulations, and standards such as FISMA, CIS and NIST
Experience consulting with business and technology partners on general security requirements, network controls and best practices
Experience with Governance, Risk & Compliance (GRC) tools
Experience with MS Office 365 (Word, Excel, PowerPoint, Outlook), Teams, SharePoint, Visio, QuickBase, Confluence and IBM Watson
Strong technical writing, research, analysis, and analytical/problem solving skills
Strong organizational skills, including the ability to drive adherence to cybersecurity processes and tools and to keep focus on multiple tracks of work and open issues in parallel
A balance of technical understanding of threat detection technology and service delivery skills
Security and IT metrics experience a plus; report creation abilities strongly desired
Excellent communication skills and ability to adapt to technical and non-technical audiences
Education & Certifications
Bachelor's degree in Information Security or a closely related discipline, or equivalent related experience
Nice to have: Carnegie Mellon University Certified Insider Threat Program Manager (ITPM), CISSP, CISA, CISM, CRISC or related SANS certification
The typical base pay range for this role is between $121K - $142K depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below.
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual’s associates or relatives that is protected under applicable federal, state, or local law.Tags: Audits Banking CISA CISM CISSP Compliance Confluence CRISC Encryption Finance FISMA Forensics Governance Incident response Linux Malware NIST NoSQL RDBMS Reverse engineering Risk assessment Risk management SANS Scripting SharePoint Strategy Threat detection Threat intelligence Windows
Perks/benefits: Competitive pay Health care Medical leave Parental leave Salary bonus Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs