SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

In the Americas, SMBC Group has a presence in the US, Canada, Ireland, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC Rail Services LLC, Manufacturers Bank, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

Role Description

As a Senior Vulnerability Management Analyst, you will be a key part of a high performing SOC team with a desire to continually improve and advance our capabilities to protect SMBC Group. You will bring your passion for Cybersecurity to a team of like-minded professionals and leverage this passion to ensure our vulnerability remediation activities are effective and efficient and that we keep pace with a rapidly changing threat landscape. You will help protect the Bank’s networks, applications, and infrastructure by working with IT owners to identify and mitigate risks that may be targeted by threat groups.

The Vulnerability Management team is responsible for identifying, analyzing and reporting on vulnerabilities. The goal is to take a proactive and risk-based approach to identifying and addressing gaps within SMBC in order to protect the Bank's network and data from a cyber-attack and in turn, protect its reputation and the trust of customers.

In this role, you will be responsible for configuring scans, analyzing findings, researching the latest threats, conducting risk assessments, coordinating remediation of identified risks, and reporting on compliance levels and opportunities for improvement across the enterprise. Due to the rapidly growing technological footprint and threat landscape, this role requires a quick learner that is proactive, diligent, and organized. The role will require interaction with various teams to effectively communicate and address risk and promote the use of secure technologies in line with security standards.

SMBC is committed to your growth as a Security professional and provides a myriad of training opportunities with leading training vendors. You will also have access and exposure to leading edge technologies and tools to help protect SMBC systems, offices, and data centers across the globe.

Role Objectives

Triage vulnerability alerts from security tools, external intelligence providers, penetration tests, and user-reported findings to assess impact to organization

Configure network, infrastructure, and/or application vulnerability scans and policy checks and conduct manual testing as needed to validate findings

Liaise with various business units to conduct vulnerability assessments, consult on risk reduction strategies, and supervise remediation such that vulnerabilities are addressed within required timelines

Conduct attack surface risk modeling and articulate high-risk areas to stakeholders in collaboration with Threat Intelligence and Threat Hunting functions

Tune vulnerability management tools to increase coverage, reduce false positives and false negatives, and improve processes

Liaise with Optimization team and Security Engineering team to set up detections and mitigations i.e. Intrusion Prevention Systems, ensuring we have signatures and configurations in place to protect us from relevant threats

Lead projects that support the enhanced delivery of services by the SOC including onboarding of new technologies or implementation of new processes

Support CI/CD and build pipelines and promote use of secure technology by ensuring integration of vulnerability management into the development lifecycle of Bank's applications / infrastructure

Assist in production of vulnerability management reports and statistics for management and board members.

Support the culture of continuous improvement by proactively investigating new risks and opportunities to strengthen Bank's security posture

Mentor and train other team members

Lead incident response, as needed, to ensure risks are quickly identified and mitigated

Qualifications and Skills

4+ years of cybersecurity, cloud engineering, risk management, or application development experience

Bachelor of Information Technology, Computer Science, or similar preferable

Experience securing and/or conducting security assessments of container and cloud environments or in-depth knowledge of cloud, container, and application security best practices

Experience analyzing output of SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis) tools

In-depth knowledge of web-based attacks and mitigation strategies

Demonstrated success implementing risk reduction strategies

Strong critical thinking and problem-solving skills

Diligent, proactive, and strong attention to detail

Strong interpersonal and communication skills (written and verbal) including ability to present technical information to non-technical audiences

Ability to script tasks and automate processes is a plus

Additional Requirements

D&I Commitment

Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment through awareness and practice of equity in recruiting, developing, and promoting diverse talent.

SMBC’s employees participate in a hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process.

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SMBC provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.