Senior Penetration Tester, Assistant Vice President

MUFG - Tempe, AZ2.8

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2018) with total assets of over $2.9 trillion (106.2 (JPY) as of March 30, 2018) and 150,000 colleagues in more than 50 countries. In the U.S., we’re 13,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that include our cash balance pension plan. Join a team that’s working to fulfill its vision to be the world’s most trusted financial group.

We are looking for someone passionate and enthusiastic about penetration testing to join our team. We are a highly focused team, delivering exceptional results utilizing cutting edge tools and techniques.

Major Responsibilities:
The Senior Penetration Tester is a key position in safeguarding the bank’s assets and reputation. Specifically, the position is responsible for:
Perform penetration testing on an ongoing and project basis
Ensure scope of security testing is accurate and complete
Document and communicate findings to stakeholders
Provide consultative service for business and development teams
Provide mentoring within penetration testing team
Contribute to application security strategy and tooling
Maintain knowledge and skillset relevant to trends in the industry
Contributing to the teams continuous improvement efforts

Required Qualifications
Expert level experience with web penetration testing
Ability to automate tasks and enhance common tools
Ability to risk rate and documenting technical issues.
Core IT engineering familiarity; system and network security, authentication and security protocols, and applied cryptography
Scripting or programming skills (Python, Powershell, Java, JS, etc.)
Strong network and web protocol knowledge
Advanced experience with application layer assessment tools, such as local proxies and fuzzers
Strong understanding of Unix, Windows and network security
Ability to work both independently and in a highly collaborative team environment
Able to clearly communicate security risks to both technicaldevelopers and business audiences
Beneficial Qualifications
Professional software development experience (1+ year)
Advanced level experience with mobile penetration testing
Financial industry experience or practical knowledge of financial and industry regulations and frameworks
OSCP, OSCE, GWAPT, GCIH, GPEN, CISSP certification is helpful, but not required
Network penetration testing (external & internal), to include vulnerability exploitation and pivoting to gain remote system access
Experience with Red Team or full scope exercises
Strong understanding of Secure Development Lifecycle and integrated security testing
Experience with source code review, wireless security, reverse engineering, static and dynamic security testing tools, or threat modeling
The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.