Vice President, Security Content Detection Logic Engineer

Technology is responsible for the operation, development and support of all technology across all areas of the local and international business. We ensure the IT strategy, architecture solutions, and service delivery are firmly aligned to business requirements and long‑term strategy of the group.

Technology Functions

• Architecture and Development team – provision of shared services including architecture, middleware, new systems development, quality assurance and release management.
• Middle, Risk and Back Office Team – applications used by these areas including the main trading system, Murex.
• Front Office Solutions – business‑oriented focus to all technological developments that affect the trading floor.
• Infrastructure team – supports the operation of all production services, voice and data networks, other voice systems and desktop systems.
• Programme Office and Purchasing – definition, prioritisation and delivery of the annual investment portfolio as well as procurement and software licence management.
• IT Risk and Control – implements and manages all technology related controls over IT and information risk and business continuity, supports the provision of disaster recovery solutions, performs risk assessments, and manages business recovery plans. Information Security is also the responsibility of this function.

Main Purpose of the Role

To ensure effective management and control of information security, IT and information risk for MUSI by ensuring all appropriate Security, IT and common sense controls are in place, that these controls are being followed and that this is evidenced across the whole business and IT department. The role will involve liaising with the other information security functions within the MUS international business and MUFG group to ensure a consistent approach to all controls, standards and policies is adopted across the organisation. To ensure all necessary Information Security controls are in place and that an appropriate strategy to protect the firm from all Cyber, external and internal threats is defined and being implemented. To develop, implement and manage compliance with appropriate IS and IT Security policies, standards and procedures. To support the relationship and associated reporting requirements between Technology and internal and external bodies e.g. auditors, management committees, Tokyo head office, regulators (via Compliance), Operational Risk.

Key Responsibilities

• Operate under the SOC function reporting to the SOC Manager, serve as the strategic lead and subject matter expert for SOC Detection Logic Management.
• Collaborate actively with the Global Security Content and Response Automation Team (SCRAT) to enhance detection logic and response automation.
• Drive integration strategies across security platforms to enable automation, orchestration, and advanced analytics for SOC workflows and reporting.
• Oversee the architecture, administration, and lifecycle management of SOC‑managed platforms, including Splunk SIEM, SOAR, UBA, and other critical security technologies.
• Lead collaboration with Splunk Admins and engineering teams to ensure platform health, ingestion reliability, and data fidelity, proactively resolving gaps and performance issues.
• Define and enforce data retention and access control policies aligned with regulatory, legal, and operational requirements.
• Keep oversight on SOC Data & Platform Management, driving platform resilience, data integrity, and operational excellence across the security operations function.
• Oversee the creation and maintenance of platform documentation.
• Mentor junior platform management staff on maintaining other SOC platform including Network Anomaly Detection (e.g., Darktrace), Threat & Attack Surface Management, and Forensic Investigation platforms.
• Oversee & govern the upgrade, patching, and enhancement roadmap for key Splunk Platform and other detection engines.
• Ensure robust role‑based access controls (RBAC) and secure authentication mechanisms across all SOC platforms.
• Lead the development and delivery of SOC metrics, KRI/KPI dashboards, and executive‑level reporting to support governance and strategic decision‑making.
• Act as a key stakeholder in audit, compliance, and regulatory engagements, ensuring timely, accurate, and defensible responses.
• Provide executive oversight and escalation support for critical platform issues, including out‑of‑hours availability when required.
• Champion innovation and continuous improvement, identifying opportunities to enhance SOC capabilities through emerging technologies, automation, and data‑driven insights.

Skills and Experience

• Minimum of 5 years’ dedicated experience in Security Content & Detection Logic management and security engineering roles.
• Advanced proficiency in analysing security events across both Linux and Windows environments, including log source normalization and enrichment.
• Deep understanding of attacker tactics, techniques, and procedures (TTPs) across varied infrastructures, aligned with frameworks like MITRE ATT&CK.
• Strong command of SIEM query languages (e.g., Splunk SPL, KQL, CrowdStrike Query Language), with the ability to write complex queries for threat detection, hunting, and anomaly identification.
• Demonstrated expertise in building and maintaining detection content, including correlation searches and risk‑based alerting.
• Hands‑on experience with the Splunk ecosystem, including Enterprise Security (ES), User Behaviour Analytics (UBA), SOAR, and apps like TrackMe.
• Proficiency in scripting languages such as Python and PowerShell, with experience automating detection logic and integrating with orchestration workflows.
• Strong foundational knowledge of cybersecurity principles, threat landscapes, and incident response methodologies.
• Excellent communication and collaboration skills, with the ability to work effectively across SOC, IR, and global engineering teams.
• Strong analytical and problem‑solving abilities.

Personal Requirements

• Excellent written and verbal communication skills, with the ability to engage effectively across technical and business teams.
• Highly results‑driven, with a strong sense of ownership and accountability.
• Proactive and self‑motivated, with a commitment to continuous improvement and learning.
• Ability to prioritise tasks and operate with urgency in high‑pressure environments.
• Strong decision‑making skills and sound judgement in complex and time‑sensitive scenarios.
• Structured and logical approach to problem‑solving and incident analysis.
• Creative and innovative mindset, capable of adapting to evolving threats and technologies.
• Excellent interpersonal skills, fostering collaboration across teams and departments.
• Capable of managing large workloads and tight deadlines without compromising quality.
• Exceptional attention to detail and accuracy, especially in high‑stakes investigations.
• Calm and composed under pressure, with the ability to perform effectively during critical incidents.
• Relevant certifications such as Splunk Architect, or equivalent are highly desirable.

Equal Opportunity Employer

MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership. We make our recruitment decisions in a non‑discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.