Position Details

Type Full-Time

Experience senior

Exp. Years 5-7 years

Education Bachelor's Degree in Computer Science or related fields; or equivalent work experience

Category Cybersecurity

About this role

Part of MUFG's red team to improve detection and defenses through adversarial testing, mentoring junior members and leading complex engagements.

Key Responsibilities

Develop guidelines for the usage, control, maintenance and audit-readiness of information and computer resources
Analyzing and addressing customer security requirements for all business applications existing on a distributed platform
Assisting in the evaluation, selection, and installation of security software products for distributed platforms
Identifying distributed systems security issues and coordinating with the security architect to address issues
Conduct tactical assessments that require expertise in social engineering, application security, physical methods, lateral movement, threat analysis, internal and external network architecture

Technical Overview

Red team exercises, social engineering, application security, network and endpoint exploitation, using tools such as Cobalt Strike, Metasploit, Nmap, CrackMapExec, Impacket, and Responder; knowledge of NIST/PCI etc.

Ideal Candidate

The ideal candidate is a senior red team operator with 5-7 years of pentest/red team experience, strong exploit development capabilities, and multiple security certifications; capable of mentoring juniors and leading complex assessments for MUFG.

Must-Have Skills

Bachelor's Degree in Computer Science or related fields5-7 year of experience conducting penetration-testing/red team engagementsExperience in planning and executing advanced attacks that evade network and endpoint security controlsExperience with implementing red team assessment methodstoolsand techniquesExperience identifying and exploiting common web-application vulnerabilitiesExperience handcrafting/dissecting HTTP conversationsExperience in developingextendingor modifying exploits and offensive security toolsC2 frameworks (Cobalt Strike and Metasploit)Windows and Linux systems exploitation

Nice-to-Have Skills

CISSPGIACCISACRISCCISMOSCPOSCEGWAPT

Required Skills

Penetration testingred team engagementslateral movementthreat analysisweb application vulnerabilitiesC2 frameworksNmapMetasploitCobalt StrikeOSCPWindowsLinux

Hard Skills

Penetration testingred team engagementslateral movementthreat analysisweb application vulnerabilities (SQL InjectionDOM ManipulationAuthorization System BypassDesign Logic issuesbounds checkingrole & access validationfilter evasion)offensive security tools (Cobalt Strike and Metasploit)C2 frameworksNmapCrackMapExecImpacketResponderWindowsLinuxExploitationShellcode

Soft Skills

leadershipmentoringcommunicationteam collaborationproblem-solvingresearch

Certifications

Preferred

CISSPGIACCISACRISCCISMOSCPOSCEGWAPT

Industry & Role

Industry Banking

Job Function Lead red team assessments to strengthen MUFG's security posture with mentorship and adherence to compliance frameworks

Role Subtype Security Engineer (Red Team)

Tech Domains Amazon Web Services, Azure, Kubernetes, Docker, Active Directory

Keywords for Your Resume

Red Team OperatorAssistant Vice PresidentMUFGcyber securityred teampenetration testingsocial engineeringapplication securityweb application vulnerabilitiesSQL InjectionDOM ManipulationAuthorization System BypassCobalt StrikeMetasploitNmapCrackMapExecImpacketResponderWindowsLinuxthreat analysisthreat actor TTPsCISSPGIACOSCPOSCEGWAPTNISTPCIFFIECGLBASOXred team operatoroffensive security

Deal Breakers

Lack of 5-7 years pentest experience, No security certifications, Inability to work a hybrid schedule, No experience with web app vulnerabilities

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile

Untitled Position

Get matched to jobs like this