Apply on Employer Site

MUFG · 2 days ago

Penetration Testing, Associate Vice President

Jersey City, NJ

Full-time

Hybrid

Mid, Senior Level

$112K/yr - $146K/yr

3+ years exp

Mitsubishi UFJ Financial Group (MUFG) is one of the world’s leading financial groups, dedicated to making a difference for every client and community served. The selected candidate will conduct penetration testing and vulnerability research, create custom tools for automation, and prepare reports on identified vulnerabilities while collaborating with various teams to ensure effective remediation.

Responsibilities

Conduct black/grey/white-box penetration testing of applications and infrastructure assets to identify exploitable vulnerabilities across MUFG assets

Scope and perform penetration testing and vulnerability research on complex proprietary software and hardware for client services

Create custom tools and/or modify existing tools to aid with automation of vulnerability detection

Prepare reporting on issues found including severity calculation, steps to reproduce, and mitigation/remediation recommendations

Work closely with infrastructure and application development teams to ensure identified findings are understood and effectively mitigated or remediated in a timely manner

Continuously research new exploitation/attack techniques for current technology stacks

Ensure awareness of industry trends and security best practices

Collaborate on the development of an internal training program for all levels of penetration testers to grow and develop the technical skills needed to be proficient

Provide technical training and guidance to junior and peer team members

Qualification

Penetration testingVulnerability researchSecurity frameworksCloud securityScripting languagesAutomated security toolsAssessment reportingAnalytical thinkingContinuous improvementAttention to detailEffective communicationCollaborationIntegrityLifelong learningFlexibility

Required

3+ years of experience in application and infrastructure penetration testing, utilizing industry-standard penetration-testing methodologies and security concepts such as OWASP, and the MITRE ATT&CK framework

3+ years of experience employing testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire, AutoSploit, Ghidra, IDAPro, OllyDbg, Fiddler

3+ years of experience penetration testing in one or more of the following technology areas: network infrastructure (Routers, switches...); security products and services (FW, IDS, IPS, AV...); active directory, servers, services, desktops and mobile devices; operating systems (Windows, Unix/Linux/AIX); databases (MySQL, SQL, DB2...); cloud and container technologies like AWS, Azure, Oracle and Kubernetes

Operational experience in one or more of these areas: post exploitation, exploitation development, or binary reverse engineering

Experience with cloud security configurations and understanding of cloud service models (IaaS, PaaS, SaaS)

Solid understanding of automated security tools and manual testing techniques

Experience using scripting languages such as Python, PowerShell, Bash, and/or Ruby for automation of testing processes

Experience creating thorough assessment reporting and documentation

Keen attention to detail

Communicates effectively

Identifies multiple paths to success using analytical and critical thinking as well as decision-making skills

Exercises sound judgement, prioritizes effectively, and strives for continuous improvement

Effectively collaborates with colleagues

Seeks out and leverages available technology to drive efficiency and results

Understands and applies industry trends and best practices