Analyst, EMEA Red Team Support

MUFG • Full-time • London Ropemaker place, United Kingdom • 1d ago

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

MUFG (Mitsubishi UFJ Financial Group) is one of the world's leading financial groups. Headquartered in Tokyo and with approximately 350 years of history, MUFG is a global network with around 2,300 offices in over 50 countries including the Americas, Europe, the Middle East and Africa, Asia and Oceania, and East Asia. The group has over 150,000 employees, offering services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing.

As one of the top financial groups globally with a vison to be the world's most trusted, we want to attract, nurture and retain the most talented individuals in the market. The size and range of MUFG's global business creates opportunities for our employees to stretch themselves and reap the rewards, whilst our common values, to behave with integrity and responsibility, and to build a culture which is fair, transparent, and honest, underpin everything that we do.We aim to be the financial partner of choice for our clients, whatever their requirements, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

MUFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: MTU) stock exchanges. The group’s operating companies include, but are not limited to, Bank of Tokyo-Mitsubishi UFJ, Mitsubishi UFJ Trust and Banking (Japan's leading trust bank), Mitsubishi UFJ Securities Holdings (one of Japan's largest securities firms), and MUFG Americas Holdings.

Please visit our website for more information - mufgemea.com.

Technology is responsible for the operation, development and support of all technology across all areas of the local and international business. We ensure the IT strategy, architecture solutions, and service delivery are firmly aligned to business requirements and long-term strategy of the group.

Technology comprises the following functions:

Architecture and Development team - which is responsible for the provision of shared services including architecture, middleware, new systems development, quality assurance and release management.
Middle, Risk and Back Office Team - which is responsible for all the applications used by these areas including the main trading system, Murex.
Front Office Solutions - which provides a business-oriented focus to all technological developments that affect the trading floor.
Infrastructure team - which supports the operation of all production services, voice and data networks, other voice systems and desktop systems.
Programme Office and Purchasing - which is responsible for definition, prioritisation and delivery of the annual investment portfolio as well as procurement and software licence management.
IT Risk and Control - which is responsible for implementing and managing all technology related controls over IT and information risk and business continuity, supports the provision of disaster recovery solutions, performs risk assessments, and manages business recovery plans and the business recovery facility. Information Security is also the responsibility of this function.

Main Purpose of the Role:

As a Global Red Team Support at the Analyst, you will support the red team activities (i.e. planning, tooling, scheduling, finding management and etc)
To ensure effective management and control of information security, IT and information risk for MUSI and EMEA Bank by ensuring all appropriate Security, IT and common-sense controls are in place, that these controls are being followed and that this is evidenced across the whole business and IT department.
The role will involve liaising with the other information security functions within the MUS international business and MUFG group to ensure a consistent approach to all controls, standards and policies is adopted across the organisation.
To ensure all necessary Information Security controls are in place and that an appropriate strategy to protect the firm from all Cyber, external and internal threats is defined and being implemented.
To develop, implement and manage compliance with appropriate IS and IT Security policies, standards and procedures.
To support the relationship and associated reporting requirements between Technology and internal and external bodies e.g. auditors, management committees, Tokyo head office, regulators (via Compliance), Operational Risk.
Support scoping and perform penetration testing and vulnerability research of complex proprietary software and hardware
Continuously develop your skills from various resources, including MUFG provided training
Maintaining familiarity with industry trends and security best practices
Assist to validate the effectiveness of the remediation solution for security finding(s) that are ready to be re-tested
Assist with identifying and assessing vulnerabilities in systems and applications. This includes utilizing manual and automated testing methods to find and exploit code flaws, misconfigurations, and insecure software.
Write clear and concise penetration testing reports detailing findings and recommendations.
Contributing to the team continuous improvement efforts

Key Responsibilities:

In this role, you will be responsible for information/ cyber security across MUFG’s banking arm and securities business under a dual-hat arrangement. Under this arrangement, you will act and make decisions on behalf of both the bank and the securities business, subject to the same remit and level of authority, and irrespective of the entity which employs you.

Support design and execute Penetration Testing: Support and plan security testing with selected vendors.
Mitigate Findings: Work with infrastructure and application teams to address and fix security issues promptly.
Collaborate for Detection: Work with Blue Team, Detection Engineering, and Threat Intelligence to improve response workflows where necessary.
Report Findings: Provide clear and actionable reports on security issues to technical and executive stakeholders.
Support Red Team Tools: Develop and maintain tools and infrastructure for red team operations.
Stay Updated: Keep abreast of emerging threats and security methodologies to enhance team strategies.
Purple Team Testing: Collaborate with both Blue Team and vendors for annual combined security tests.
Governance and Reporting: Manage remediation progress for assessment findings and create regular reports for executives.
Improve Defensive Strategies: Work with other technology teams to develop and enhance security measures against potential attacks.
Create Reports: Translate technical assessments into executive summaries.
Support Incidents: Assist with information security incidents as needed.
Testing Solutions: Manage grey and black box testing procedures for threats and vulnerabilities.
Out-of-Hours Support: Be available for support outside regular business hours if necessary.

Skills and Experience:

Experience

2 years plus of experience in information security with at least 1 year focused on Penetration testing
Demonstrated experience of involving in penetration testing engagements and finding management

Technical Skills

Some experience in scripting or programming languages (e.g., Python, PowerShell, Bash, C/C++)
Strong understanding of Windows and Linux internals, Active Directory, and enterprise network architecture
Experience with vulnerability research, exploit development, and threat emulation
Familiarity with security frameworks such as MITRE ATT&CK, NIST-CSF, and OWASP

Professional Skills

Strong analytical and problem-solving skills with a threat actor mindset
Excellent communication skills, including the ability to translate technical findings into business impact
Proven ability to work independently and collaboratively in a fast-paced, global environment

Personal Requirements:

Excellent communication skills
Results driven, with a strong sense of accountability
A proactive, motivated approach.
The ability to operate with urgency and priorities work accordingly
Strong decision-making skills, the ability to demonstrate sound judgement
A structured and logical approach to work
Strong problem-solving skills
A creative and innovative approach to work
Excellent interpersonal skills
The ability to manage large workloads and tight deadlines
Excellent attention to detail and accuracy
A calm approach, with the ability to perform well in a pressurised environment

We are open to considering flexible working requests in line with organisational requirements.

MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.

We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.