MUFG Union Bank Jobs

Mobile mufg Logo

Job Information

MUFG Union Bank Senior Application Security Engineer, VP (Hybrid, NYC) in New York, New York

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world. Across the globe, we’re 180,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

This is a hybrid position. The selected colleague will work at an MUFG office an average of two to three days per week with the remainder worked remotely.

Job Summary:

The Senior Application Security Engineer reports directly to the Head of Information Security Engineering and Operations. As an expert in your field, you will apply data-driven models to define application security strategies that are customized to the business goals. You proactively engage with stakeholders to develop and continuously revise application security roadmaps. The detailed plans and realistic methods that you develop empowers the business to aggressively pursue initiatives while optimizing risk reduction. You are a champions of the organization’s information security aspirations who works as a servant leader to evolve and embed security considerations throughout the software development lifecycle.

Responsibilities:

Define application security strategies that are customized to the business goals

Develop secure software development lifecycle processes

Perform threat modeling on existing and upcoming applications

Perform static application security testing (SAST) of the code base on a regular basis

Perform dynamic application security testing (DAST) using open source and commercial tools

Identify and track the mitigation/remediation of vulnerabilities originating from third party components

Review security alerts and reports and work closely with the DevOps team to remediate the potential security vulnerabilities

Provide secure system and software development training and best practices to the software engineering teams

Technology Skills:

Experience with system development and project management methodologies such as Waterfall, Agile, CI/CD and DevSecOps

Extensive experience with: Veracode SAST, Veracode SCA, Veracode Greenlight IDE, and Veracode reporting. Additional experience with other application security tools: Qualys, Netsparker, Sonatype Nexus, Twistlock, Black Duck, SonarQube is a bonus.

Experience with developing threat models (e.g., STRIDE, DREAD)

Solid understanding of applied cryptography, web security, TLS/SSL, and web authentication protocols such as OAuth/SAML

Familiar with Financial Services regulators, regulations and best practices (e.g., FRB, FFIEC, FINRA, SEC, IIROC, SOX, GLBA, GDPR)

Experience with supporting RCSA process of application security controls and testing

Experience with automation tools (e.g. TeamCity, Jenkins, Bamboo, GitLab, Kubernetes, Ansible, Chef, Puppet, Salt)

Experience in using programming and scripting languages and deploying applications (e.g. Python, .Net, Java, Perl) to automate tasks and manipulate data

Skills:

Excellent written and verbal communication skills

Ability to explain complex security topics in simple terms

Ability to lead and manage multiple security initiatives

A good team player who is self-motivated and very well organized

Experience:

Bachelors in computer science, or related field, or equivalent experience

10 years of experience in application security engineering or operations role

At least 3 years of experience in building and deploying applications

The typical base pay range for this role is between $120K - $150K depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays.

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity/Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual’s associates or relatives that is protected under applicable federal, state, or local law.

#LI-Hybrid

At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!

Our Culture Principles

  • Client Centric

  • People Focused

  • Listen Up. Speak Up.

  • Innovate & Simplify

  • Own & Execute

DirectEmployers