Cyber Security Analyst - Vulnerability Management - Associate

SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG's shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.


In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization's extensive global network. The Group's operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.



Role Description


As a Vulnerability Management Analyst, you will be a key part of a high performing SOC team, with a desire to continually improve and advance our capabilities to protect SMBC Group. You will bring your passion for Cybersecurity to a team of dedicated professionals and leverage this passion to ensure our vulnerability remediation activities are effective and efficient and that we keep pace with a rapidly changing threat landscape. You will help protect the Bank's networks, applications, and infrastructure by working with IT owners to identify and mitigate risks that may be targeted by threat groups.


The Vulnerability Management team is responsible for working with relevant stakeholders to identify, analyze, mitigate, and report on vulnerabilities. The goal is to take a proactive and risk-based approach to identifying and addressing gaps within SMBC to protect the Bank's network and data from a cyber-attack and in turn, protect its reputation and the trust of customers. In this role, you will be responsible for configuring scans, researching the latest threats, analyzing large datasets, conducting risk assessments, coordinating remediation of identified risks, and reporting on compliance levels and opportunities for improvement across the enterprise. Due to the rapidly growing technological footprint and threat landscape, this role requires a quick learner that is proactive, analytical, diligent, and organized. The role will require interaction with various teams to effectively communicate and address risk and promote the use of secure technologies in line with security standards.


The role offers the opportunity for a security professional to work in a challenging and complex enterprise environment, using leading edge tools and technologies.



Role Objectives

• Triage vulnerability alerts from security tools, external intelligence providers, penetration tests, and user-reported findings to assess impact to organization
• Configure network, infrastructure, and/or application vulnerability scans and policy checks and conduct manual testing as needed to validate findings
• Liaise with various business units to conduct vulnerability assessments, consult on risk reduction strategies, and supervise remediation such that vulnerabilities are addressed within required timelines
• Conduct attack surface risk modeling and articulate high-risk areas to stakeholders in collaboration with Threat Intelligence and Threat Hunting functions
• Assist in production of periodic vulnerability management reports and statistics for management
• Tune vulnerability management tools to increase coverage, reduce false positives and false negatives, and improve processes
• Liaise with Optimization team to set up detections and mitigations i.e., Intrusion Prevention Systems, ensuring we have signatures in place to protect us from relevant threats
• Support culture of continuous improvement by proactively investigating new risks and opportunities to strengthen Bank's security posture

Qualifications and Skills

• 2+ years of cybersecurity, IT, or related experience
• Bachelor of Information Technology, Computer Science, or similar preferable
• Strong understanding of MITRE ATT&CK framework, common vulnerabilities, and exploits
• Strong analytical and problem-solving abilities
• Understanding of networking concepts and common operating systems
• Ability to analyze large datasets, multi-task, and effectively prioritize tasks
• Strong interpersonal and communication skills (written and verbal)
• Ability to multi-task and remain productive in a dynamic, service-driven and results oriented environment
• Ability to script tasks and automate processes is a plus
• Working knowledge of cloud technologies and containerized environments is a plus

Additional Requirements


SMBC's employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.


SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at [email protected].