Penetration Testing Team Lead - AVP

Do you want your voice heard and your actions to count? Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world. With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career. Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

Main Purpose of the Role: To ensure effective management and control of information security, IT and information risk for MUSI by ensuring all appropriate Security, IT and common-sense controls are in place, that these controls are being followed and that this is evidenced across the whole business and IT department. The role will involve liaising with the other information security functions within the MUS international business and MUFG group to ensure a consistent approach to all controls, standards and policies is adopted across the organisation. To ensure all necessary Information Security controls are in place and that an appropriate strategy to protect the firm from all Cyber, external and internal threats is defined and being implemented. To develop, implement and manage compliance with appropriate IS and IT Security policies, standards and procedures. To support the relationship and associated reporting requirements between Technology and internal and external bodies e.g. auditors, management committees, Tokyo head office, regulators (via Compliance), Operational Risk.

Key Responsibilities:

• In this role, you will be responsible for information/cyber security across MUFG’s banking arm and securities business under a dual-hat arrangement.
• Develop and maintain governance structure of red team operations and train, and mentor other members of the Red Team.
• Develop and execute penetration testing plans, including network, web application, and social engineering assessments.
• Collaborate with SOC team and selected vendor to plan and execute annual purple team testing.
• Identify security risks and vulnerabilities through simulated attacks, and help the organization understand the potential impact.
• Manage Red Team tools and the Security Testing & Validation Platform.
• Lead and manage a team of security professionals and vendor resources to conduct regular risk assessments to identify and exploit vulnerabilities, mis-configurations within EMEA internal & external infrastructure.
• Implement and maintain governance of any assessments finding remediation progress and create regular reporting for tech and executives.
• Collaborate with other technology teams (i.e. infra, app etc.) to develop and improve defensive strategies and security measures to prevent real-world attacks.
• Stay up-to-date with the latest cybersecurity threats, trends, and technologies to ensure the team’s methods and tools are current and effective.
• Strong understanding of blue team detection use cases.
• Create executive report from technical assessment report.
• Maintain an up to date, working knowledge of current laws, regulations and best practices relating to information security.
• Support Information Security incidents where requested.
• Support Operational Security duties where requested.
• Manage grey and black box testing solution including identified threats and vulnerabilities.
• Availability for out-of-hours support when necessary.

Skills and Experience:

• Minimum of 3 years’ experience as a pen tester.
• Skilled in developing implants and able to obtain and maintain persistence within corporate systems, while avoiding detection from common security tools.
• Demonstrated knowledge of tactics related to malicious insider activity, organized crime/fraud groups, and threat actors, both state and non-state sponsored.
• Solid understanding of offensive and pentest technologies.
• Ability to provide remediations recommendation based on test and automated security testing result.
• Deep understanding of how an advance persistent threat and their tactics, procedure and techniques.
• Solid understanding of Enterprise Backend to Frontend system architecture.
• Familiarity with defender techniques, security monitoring and SIEM tools.
• Strong ability to analyse and distil complex issues and present succinct updates to management and associated committees.
• The ability to create clear documentation relating to Operational Processes and Procedures.

Please note MUFG operate a hybrid work policy with 3 days per week in the office. MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count.