Senior Cyber Security Engineer-Threat Detection (VP)

SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

In the Americas, SMBC Group has a presence in the US, Canada, Ireland, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

Role Description

You will be a key member of a high-performing team responsible for security detection and monitoring capabilities and strategy. The team has a mixture of offensive and defensive cyber security expertise. The team works to proactively analyse, prevent, detect, and respond to threats before they impact SMBC. This position includes mastery of a wide range of security detection and monitoring technologies (both cloud and on-premise) with a focus on ensuring optimal performance, new detection and coverage capabilities, and maintaining continuous monitoring and tuning. The successful candidate will execute and drive detection engineering with minimal guidance.  

Role Objectives

•    Data ingestion: selection and implementation of optimum data flows to ingest security data to our systems. 
•    Data optimization: identify and filter data to relevant systems, such as SIEM for rule detection and Data Lake for investigations and incident response.
•    Identify, resolve and document operational issues and report time to respond and time to resolve.
•    Deliver a detection strategy to ensure SMBC is both fully compliant for various Cyber Security Controls and Emerging Threats by implementing high fidelity actionable security detections. This implemented strategy must cover sources such as compliance, pen test results, incidents lessons learned, threat hunts, threat intelligence and Mitre Attack coverage.
•    Creation and tuning of alerts and detections from a SIEM and other devices in response to changing threats.
•    Work with detection as code pipeline with built in change control with a full audit trail.
•    Build automated verification suites of our rule set to ensure rules are behaving as expected.
•    Conduct advanced adversary simulations to assess the effectiveness of our detections.
•    Integrate outputs from red teaming into security strategies, enhancing our security posture.
•    Onboard new security tools to SOC monitoring including testing and verification of how the system is configured.
•    Develop and implement enhancements to assist in detection, prevention, and analysis of security threats.
•    Automate robust enterprise solutions reducing manual effort.
•    Conduct proactive research to analyze security weaknesses and recommend appropriate strategies.
•    Manage tasks in an agile manner – working to a prioritized backlog.
•    Collaborate across functions and vendors to drive implementation and enhancements of security detection capabilities.
•    Assess the effectiveness of cybersecurity measures utilized by systems.
•    Employ configuration management processes.
•    Design, develop, integrate, and update system security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation.
•    Develop mitigation strategies to address cost, schedule, performance, and security risks.
•    Trace system requirements to design components and perform gap analysis.
•    Measure and track metrics for the detection engineering process to illustrate progress towards goals and track gaps in detection coverage.
•    Maintain and create documentation in support of detection and response capabilities and processes and readily fulfil any audit requests.
•    Provide mentoring, coaching, and professional development opportunities to team members.

Qualifications and Skills

•    5+ years of relevant experience
•    Experience with log analysis from multiple sources
•    Experience with cloud SIEM, UEBA, NSM, EDR and/or other detection technologies
•    Strong knowledge of Windows and Linux systems, Active Directory, Cloud technologies
•    Ability to use logic and reasoning to identify solutions and improvements to manual/inefficient processes and tasks
•    Experience of building detection as code pipelines
•    Experience mapping detections to the MITRE framework
•    Expertise in query languages
•    Strong troubleshooting ability
•    Ability to balance operational tasks with project work
•    Ability to translate threat intelligence into actionable detection logic
•    Scripting ability
•    Experience in other areas of Cyber Security an advantage
•    Work effectively and collaboratively in a global team environment 
•    Strong sense of self-ownership and attention to detail
 

Additional Requirements

D&I Commitment

Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment through awareness and practice of equity in recruiting, developing, and promoting diverse talent.

SMBC’s employees participate in a hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process.

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SMBC provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.