Threat Detection and Response, Analyst

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

EDUCATION • Degree or equivalent work experience equally preferable. • Bachelor’s degree in Information Technology, Cyber Security, Computer Science or related discipline CERTIFICATIONS • Relevant technical and industry certifications preferred such as CISSP,ISSMP, SANS, GCIA, CISM, EnCE, CEH, GCFA, GCFE, GCIH, or GSEC WORK EXPERIENCE • Experience working in global, complex, matrix-managed organization • Experience working directly in Cybersecurity Operations or Information Security • Experience in Incident Response and Forensic Investigations work • Experience in threat and vulnerability management • Experience working within the Financial Services Industry preferred • Experience in one or more security domains including Security Governance and Oversight, Security Risk Management, Network Security, Threat and Vulnerability Management, and Incident Response and Forensics preferred • Experience with information security risk management, including conducting information security audits, reviews, and risk assessments. FUNCTIONAL SKILLS • Knowledge in one or more security domains including Security Governance and Oversight, Security Risk Management, Network Security, Threat and Vulnerability Management, and Incident Response and Forensics • Knowledge of the following areas: IT security, incident handling and response, exploit analysis, intelligence gathering, digital forensics methods and procedures. • Familiar with forensic security tools. • Ability to document and explain technical details in a concise, understandable manner. • Knowledge of Information Assurance concepts and technologies. • Knowledge of cloud computing security, network, operating system, database, application, and mobile device security. • Knowledge of vulnerability management and remediation. • A diverse skill base in both product security and information security including organizational structure and administration practices, system development and maintenance procedures, system software and hardware security controls, access controls, computer operations, physical and environmental controls, and backup and recovery procedures. FOUNDATIONAL SKILLS • Communicates effectively • Identifies multiple paths to success through the development of analytical, critical thinking, and decision-making skills • Exercises sound judgement and strives for continuous improvement • Demonstrates optimism, resilience, flexibility, and openness to others' ideas • Learns while doing • Actively listens and asks thoughtful questions • Leverages available technology to achieve efficiency and results • Engages inclusively and with intent • Always acts with integrity • Analytical thinking • Iterative problem-solving • Serving as a trusted advisor RESPONSIBILITIES • High Level Responsibilities: • Examine computers, related hardware, network traffic, related applications, and operating systems to identify potential threats, anomalous or malicious activities to network resources; conduct strategic assessments on systems and networks; provide tactical analyses and suggestions; generate detailed reports for management; take effective measures to prevent and reduce cyber security incidents. • Apply forensic methods and techniques to test hardware/software equipment, operating systems, and memory for electronic data trails detection, and device records tracing; collect and analyze investigative information and data to identify signs or sources of compromise, poor security practices, and unauthorized activities; conduct a range of data forensic investigations of information security incidents • Collect, document, assess, and analyze cyber threat information from various data sets; present reports and findings to management; recommend proactive practices to reduce computer crime. • Execute first-level incident responses for reported and detected incidents; provide technical assistance to other incident response and security operation teams. • Perform security audit on regular basis to ensure compliance with cyber security policies and standards; provide reports and documents regarding network security incidents details and outcome; assist in troubleshooting problems and recommend vulnerability corrections. • Reconstruct damaged computer systems and recover damaged or destroyed data; review forensic images; determine solutions for recovery of potentially relevant information. • Details: • Review internal logs and alerts to detect potential cybersecurity events. Triage cases based on output from automated alerts, and determine when to escalate to Tier 2/3 resources • Monitor external service provider(s) activity to detect potential cybersecurity events • Assist with investigations by consolidating logs across multiple internal/external environments and performing correlation analysis • Identify and block known bad signatures or behavior of attacks • Help manage the process to create tickets when potential incidents are identified • Develop common tools and templates and workflow to standardized event and incident reporting • Review log coverage and determine whether appropriate logs are maintained and available to support incident detection and response efforts • Evaluate potential security products, technical solutions, and capacity requirements to meet business needs and recommend changes to mitigate risk • Maintain knowledge of industry trends and current security practices • Document incident response (IR) procedures that include a definition of personnel roles for handling incidents • Establish alert thresholds to determine when to convene the CIRT and investigate incidents • Analyze security data from all systems in real time to spot and thwart potential threats, attacks, and other violations • Conduct periodic incident scenario sessions for personnel associated with the incident response team to ensure that they understand current threats and risks, as well as their responsibilities in supporting the IR process • Analyze compromised systems and remediate to a clean state • Identify when protected data such as PHI or PII was compromised • Perform breach indicator assessment to investigate network traffic for malicious activity • Perform malware analysis to determine the different components, its behavior, and locations throughout the network • Assist with internal or third-party employee investigations • Provide technical support for eDiscovery investigations, breach lawsuits, and other legal cases • Use data indexing and search capabilities to provide accurate information when eDiscovery requests are received • Scrub and redact sensitive data, including employee and client data, prior to delivery to outside parties • Researched evolving IR and Forensic techniques and tools in support of incident response efforts • Assist in the production of threat intelligence reports (FS-ISAC, DHS, etc.) which identify relevant upcoming and ongoing threats to the enterprise • Identify new threats and vulnerabilities using sources such as threats identified by institution staff and known threats identified by information sharing and analysis organizations and other non-profit and commercial organizations • Support SMEs in performing detailed threat modeling to identify where the business and relevant IT systems are vulnerable and model those threats according to type, severity, and target • Monitor and analyze industry and privately obtained vulnerability data • Research evolving threats, techniques, and tools in support of threat intelligence efforts • Stay current with information security program developments, industry frameworks, and changes in the company that may impact reporting • Assist in supporting the vulnerability scanning process • Document a prioritized list of the most critical vulnerabilities along with the risk scores • Support in performing TSS Policy compliance scanning to identify when IT assets violate security requirements and policy • Update the scanner regularly to enable the identification of new security vulnerabilities • Establish a dedicated account for authenticated vulnerability scans and grant access to a limited number of employees • Perform vulnerability analysis and assists in generating reports for stakeholders to remediate • Perform periodic asset discovery and gap analysis to report rogue devices • Subscribe to a vulnerability intelligence service to stay aware of emerging exposures, and use the information gained from this subscription to update the organization's vulnerability scanning activities • Risk-rate vulnerabilities based on the exploitability and potential impact of the vulnerability, and segmented by appropriate groups of assets • Perform TSS Policy compliance scanning to identify when IT assets violate security requirements and policy • Establish expected patching timelines based on the risk rating level • Measure the delay in patching new vulnerabilities and ensure compliance with Service Level Agreements (SLAs) • Review critical patches in the test environment prior to pushing them into production on enterprise systems • Assist system owners in the remediation of IT assets which violate Technology Security Standards • Monitor logs associated with scanning activity and associated administrator accounts to ensure that all scanning activity is limited to the timeframes of legitimate scans • Track and report vulnerability remediation progress

Mitsubishi UFJ Financial Group (MUFG) is an equal opportunity employer. We view our employees as our key assets as they are fundamental to our long-term growth and success. MUFG is committed to hiring based on merit and organsational fit, regardless of race, religion or gender.