MUFG Logo

MUFG

Threat Detection and Response, Analyst

Posted 4 Days Ago
In-Office or Remote
Hiring Remotely in Canada
Mid level
In-Office or Remote
Hiring Remotely in Canada
Mid level
Perform threat detection, triage, and first-level incident response; conduct digital forensics and malware analysis; consolidate logs, perform vulnerability scanning and remediation support; produce threat intelligence and incident reports; maintain IR procedures and support eDiscovery and compliance activities.
The summary above was generated by AI

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

EDUCATION • Degree or equivalent work experience equally preferable. • Bachelor’s degree in Information Technology, Cyber Security, Computer Science or related discipline CERTIFICATIONS • Relevant technical and industry certifications preferred such as CISSP,ISSMP, SANS, GCIA, CISM, EnCE, CEH, GCFA, GCFE, GCIH, or GSEC WORK EXPERIENCE • Experience working in global, complex, matrix-managed organization • Experience working directly in Cybersecurity Operations or Information Security • Experience in Incident Response and Forensic Investigations work • Experience in threat and vulnerability management • Experience working within the Financial Services Industry preferred • Experience in one or more security domains including Security Governance and Oversight, Security Risk Management, Network Security, Threat and Vulnerability Management, and Incident Response and Forensics preferred • Experience with information security risk management, including conducting information security audits, reviews, and risk assessments. FUNCTIONAL SKILLS • Knowledge in one or more security domains including Security Governance and Oversight, Security Risk Management, Network Security, Threat and Vulnerability Management, and Incident Response and Forensics • Knowledge of the following areas: IT security, incident handling and response, exploit analysis, intelligence gathering, digital forensics methods and procedures. • Familiar with forensic security tools. • Ability to document and explain technical details in a concise, understandable manner. • Knowledge of Information Assurance concepts and technologies. • Knowledge of cloud computing security, network, operating system, database, application, and mobile device security. • Knowledge of vulnerability management and remediation. • A diverse skill base in both product security and information security including organizational structure and administration practices, system development and maintenance procedures, system software and hardware security controls, access controls, computer operations, physical and environmental controls, and backup and recovery procedures. FOUNDATIONAL SKILLS • Communicates effectively • Identifies multiple paths to success through the development of analytical, critical thinking, and decision-making skills • Exercises sound judgement and strives for continuous improvement • Demonstrates optimism, resilience, flexibility, and openness to others' ideas • Learns while doing • Actively listens and asks thoughtful questions • Leverages available technology to achieve efficiency and results • Engages inclusively and with intent • Always acts with integrity • Analytical thinking • Iterative problem-solving • Serving as a trusted advisor RESPONSIBILITIES • High Level Responsibilities: • Examine computers, related hardware, network traffic, related applications, and operating systems to identify potential threats, anomalous or malicious activities to network resources; conduct strategic assessments on systems and networks; provide tactical analyses and suggestions; generate detailed reports for management; take effective measures to prevent and reduce cyber security incidents. • Apply forensic methods and techniques to test hardware/software equipment, operating systems, and memory for electronic data trails detection, and device records tracing; collect and analyze investigative information and data to identify signs or sources of compromise, poor security practices, and unauthorized activities; conduct a range of data forensic investigations of information security incidents • Collect, document, assess, and analyze cyber threat information from various data sets; present reports and findings to management; recommend proactive practices to reduce computer crime. • Execute first-level incident responses for reported and detected incidents; provide technical assistance to other incident response and security operation teams. • Perform security audit on regular basis to ensure compliance with cyber security policies and standards; provide reports and documents regarding network security incidents details and outcome; assist in troubleshooting problems and recommend vulnerability corrections. • Reconstruct damaged computer systems and recover damaged or destroyed data; review forensic images; determine solutions for recovery of potentially relevant information. • Details: • Review internal logs and alerts to detect potential cybersecurity events. Triage cases based on output from automated alerts, and determine when to escalate to Tier 2/3 resources • Monitor external service provider(s) activity to detect potential cybersecurity events • Assist with investigations by consolidating logs across multiple internal/external environments and performing correlation analysis • Identify and block known bad signatures or behavior of attacks • Help manage the process to create tickets when potential incidents are identified • Develop common tools and templates and workflow to standardized event and incident reporting • Review log coverage and determine whether appropriate logs are maintained and available to support incident detection and response efforts • Evaluate potential security products, technical solutions, and capacity requirements to meet business needs and recommend changes to mitigate risk • Maintain knowledge of industry trends and current security practices • Document incident response (IR) procedures that include a definition of personnel roles for handling incidents • Establish alert thresholds to determine when to convene the CIRT and investigate incidents • Analyze security data from all systems in real time to spot and thwart potential threats, attacks, and other violations • Conduct periodic incident scenario sessions for personnel associated with the incident response team to ensure that they understand current threats and risks, as well as their responsibilities in supporting the IR process • Analyze compromised systems and remediate to a clean state • Identify when protected data such as PHI or PII was compromised • Perform breach indicator assessment to investigate network traffic for malicious activity • Perform malware analysis to determine the different components, its behavior, and locations throughout the network • Assist with internal or third-party employee investigations • Provide technical support for eDiscovery investigations, breach lawsuits, and other legal cases • Use data indexing and search capabilities to provide accurate information when eDiscovery requests are received • Scrub and redact sensitive data, including employee and client data, prior to delivery to outside parties • Researched evolving IR and Forensic techniques and tools in support of incident response efforts • Assist in the production of threat intelligence reports (FS-ISAC, DHS, etc.) which identify relevant upcoming and ongoing threats to the enterprise • Identify new threats and vulnerabilities using sources such as threats identified by institution staff and known threats identified by information sharing and analysis organizations and other non-profit and commercial organizations • Support SMEs in performing detailed threat modeling to identify where the business and relevant IT systems are vulnerable and model those threats according to type, severity, and target • Monitor and analyze industry and privately obtained vulnerability data • Research evolving threats, techniques, and tools in support of threat intelligence efforts • Stay current with information security program developments, industry frameworks, and changes in the company that may impact reporting • Assist in supporting the vulnerability scanning process • Document a prioritized list of the most critical vulnerabilities along with the risk scores • Support in performing TSS Policy compliance scanning to identify when IT assets violate security requirements and policy • Update the scanner regularly to enable the identification of new security vulnerabilities • Establish a dedicated account for authenticated vulnerability scans and grant access to a limited number of employees • Perform vulnerability analysis and assists in generating reports for stakeholders to remediate • Perform periodic asset discovery and gap analysis to report rogue devices • Subscribe to a vulnerability intelligence service to stay aware of emerging exposures, and use the information gained from this subscription to update the organization's vulnerability scanning activities • Risk-rate vulnerabilities based on the exploitability and potential impact of the vulnerability, and segmented by appropriate groups of assets • Perform TSS Policy compliance scanning to identify when IT assets violate security requirements and policy • Establish expected patching timelines based on the risk rating level • Measure the delay in patching new vulnerabilities and ensure compliance with Service Level Agreements (SLAs) • Review critical patches in the test environment prior to pushing them into production on enterprise systems • Assist system owners in the remediation of IT assets which violate Technology Security Standards • Monitor logs associated with scanning activity and associated administrator accounts to ensure that all scanning activity is limited to the timeframes of legitimate scans • Track and report vulnerability remediation progress

Mitsubishi UFJ Financial Group (MUFG) is an equal opportunity employer. We view our employees as our key assets as they are fundamental to our long-term growth and success. MUFG is committed to hiring based on merit and organsational fit, regardless of race, religion or gender.

Similar Jobs

14 Hours Ago
Remote
3 Locations
Mid level
Mid level
Productivity • Software • App development • Automation
Run pipeline, lifecycle, and demand programs to drive multi-seat B2B SaaS conversions. Build and execute full-funnel campaigns, manage HubSpot workflows and reporting, partner with sales on account targeting, and run customer advocacy, review-generation, and content initiatives to grow pipeline and bookings.
Top Skills: Ai ToolsAutomation PlatformsCanvaCapterraFigmaG2HubspotMartech
14 Hours Ago
Easy Apply
In-Office or Remote
Canada
Easy Apply
Expert/Leader
Expert/Leader
Artificial Intelligence • Hardware • Healthtech • Software
The VP of Quality leads the development and maintenance of the Quality Management System (QMS), ensures compliance with ISO 13485, collaborates with engineering on product quality, and develops a high-performing quality team.
Top Skills: CapaFmeaIec 62304Iso 13485Plm Software
14 Hours Ago
In-Office or Remote
CA
Expert/Leader
Expert/Leader
Blockchain • eCommerce • Fintech • Payments • Software • Financial Services • Cryptocurrency
Design, build, and operate production ML decision systems to detect and prevent payment fraud, account takeover, scams, and other abuse. Integrate diverse signals into low-latency serving and batch scoring, own feature pipelines and model lifecycle, develop AI-assisted triage and feedback loops, and partner cross-functionally to balance fraud reduction with legitimate customer access.
Top Skills: Cloud InfrastructureData LakehouseData WarehouseEmbeddingsFeature StoreJavaKafkaKotlinKubernetesLightgbmModel ServingMonitoringObservabilityPythonPyTorchSQLTensorFlowWorkflow OrchestrationXgboost

What you need to know about the Ottawa Tech Scene

The capital city of Canada and the nation's fourth-largest urban area, Ottawa has proven a rapidly growing global tech hub. With over 1,800 tech companies, many of which are leaders in their sectors, the city's tech talent now makes up more than 13 percent of its total workforce. This growth is driven not only by the big players like UL Solutions and Dropbox, but also by a thriving startup ecosystem, as new businesses emerge to follow in the footsteps of those that came before them.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account