MUFG Union Bank Sr. Secure SDLC Specialist - REMOTE in Raleigh, North Carolina
Do you want your voice heard and your actions to count?
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2018). In the Americas, we’re 14,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, developing positive relationships built on integrity and respect. It’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. We’re a team that accepts responsibility for the future by asking the tough questions and owning the solutions. Join MUFG and be empowered to make your voice heard and your actions count.
Please note that this position can sit in Tempe, AZ, Charlotte, NC or Arlington, TX as well as work remotely in any approved location.
The Software Security Associate Vice President (AVP) will work within the Software Security group within Enterprise Information Security (EIS). The role reports to the VP of Application Security, Secure SDLC.
This position is responsible for providing services in one or more of the following Application Security Secure SDLC controls:
Static Application Security Testing (SAST)
Software Component Analysis (SCA)
Dynamic Application Security Testing (DAST)
Security Requirements and Threat Modeling
Secure SDLC (90%)
Provide application security support to development teams, including reviewing and explaining application security tools and processes, providing vulnerability explanations and remediation guidance, and performing basic configuration of scans
Review and approve/reject SAST false-positive and mitigated by design requests
Perform manual SAST scans as required
Provide basic administration of our various security platforms, including approving access requests for application security tools and basic setup and configuration of new and existing applications
Partner with development teams and release management to review current SAST applications configurations for correctness and completeness
Ensure the usage of Secure SDLC controls (e.g., SAST, SCA, and DAST)
Provide backup for DAST and Security Requirements & Threat Modeling tools
- Ensure processes and procedures are documented and maintained
Stay up to date on attack intelligence by collaborating internally via our Threat Vulnerability Management (TVM) and Cyber Security Operations Center (CSOC) teams and externally via conferences, virtual training, monitoring attacker forums, reading relevant publications or blogs
Filter intelligence and share insight relevant to MUFG for both technical and business audiences
Experience with AppSec tools such as Static Application Security Tests (SAST), Software Composition Analysis (SCA) or Dynamic Application Security Testing (DAST).
Good ability to code in .NET or Java. Developers respect this since we can speak their “language” and understand their day-to-day life. This also enables the ability to write sample secure code and provide better remediation consultations.
Superior communication skills to be able to demonstrate vuln, explain risk and facilitate 7mremediation coaching. Must be able to speak with developers and refine communication to Executive level.
Functional understanding in tooling integrations to support Agile, CI/CD and DevSecOps methodologies. Must have a passion and relentless drive for continuous improvement of people, process and technology.
Must be a team player that thrives on collective wins.
Must have the “perseverance gene” as we strive to maintain and create best-in-class services.
Subject matter expertise in application security
Familiar with IDEs Visual Studio, eclipse or IntelliJ, or IDEA
Familiar with SDLC methodologies such as Waterfall, Agile, CI/CD and DevSecOps (we’re currently transitioning away from Waterfall)
Familiar with defect management systems such as Jira
Familiar with build systems such as Jenkins or Maven
Familiar with application security tools such as Veracode SAST, Veracode SCA, Qualys WAS, Netsparker, Nexus Sonatype or Twistlock
Familiar with regulations such as FFIEC or GLBA
Certification in cybersecurity, project management or Six Sigma is a plus
The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.
We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.
A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it’s the bank’s policy to only inquire into a candidate’s criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses
Primary Location: ARIZONA-Phoenix
Other Locations: NORTH CAROLINA-Raleigh, TEXAS-Arlington, NORTH CAROLINA-Charlotte, TEXAS-Austin
Schedule Full Time
Req ID: 10037681-WD