Cyber Defense, Adversary Emulation
About the role
The role serves as a senior leader within the Cyber Defense organization, overseeing the Threat and Vulnerability Management (TVM) program for Mizuho Americas Services. This includes partnering with Information Security, Infrastructure, Application, and third-party teams to identify, prioritize, and remediate threats and vulnerabilities across the enterprise.
Responsibilities
- Oversee the Threat and Vulnerability Management program
- Prioritize work amongst full-time staff and third-party resources
- Oversee tools, technologies, and processes related to threat management
- Ensure effective reporting of security activities, reporting status, risks, issues, and escalations to senior leadership
- Manage relationships with other Security, Infrastructure, and Application teams to identify, mitigate, and remediate vulnerabilities and other threats in the environment
- Provide expertise on Security Incidents
- Map TTPs and CVEs to identified threats and prioritize appropriately
- Recommend and implement enhancements to existing processes, focusing on automation and integration between other security tools
- Ensure comprehensive threat identification of the entire Mizuho enterprise
- Review daily, weekly, and monthly security reports for any anomalies or issues
- Maintain documentation on security architecture, procedures, configurations
- Project based work
- Provide feedback to MAS teams to implement well-engineered solutions to improve security posture
- Identify workflow areas to proactively address potential vulnerabilities
- Work with colleagues and vendors to assess different technologies and determine their impact within the Mizuho environment
- Provide security requirements for the design, development, engineering, and implementation of hardware, networks, and applications
- Conduct lessons learned exercises and RCAs after security incidents, detection of major system vulnerabilities, and ongoing compliance violations
- Analyze threat intelligence, vulnerability and security assessments; produce vulnerability reports and work with IT teams to correct or mitigate found deficiencies
Qualifications
- At least 10+ years’ security domain related experience, preferably within a financial services firm
- 5+ years of experience in a similar position
- Proven experience in a vulnerability management program within a large enterprise
- Strong understanding of cybersecurity risk management and information security standards (SOX, NIST, FISMA, etc.)
- Ability to manage and use various scanning technologies across different layers of the tech stack, such as SAST, DAST, cloud infrastructure
- Strong understanding of OWASP and other common Application Security issues and frameworks
- Fundamental understanding of vulnerability reporting and management processes or tools
- Solid grasp and understanding of vulnerability scoring and classification methodologies
- Excellent communication and leadership skills, with the ability to manage and prioritize multiple projects and initiatives
- Strong knowledge of internet, web, application and network security platforms
- Strong knowledge of Linux & Windows operating system and security functions
- Strong knowledge of Cloud Deployment and management
- Develop, document, and maintain policies, procedures, and training plans for system administration and appropriate use
- Strong written and verbal communication skills
Additional Qualifications
- Possess security certifications (CISSP, CISM, CISA, GSEC, etc.)
- Experience with project management and industry best practices
- Experience working within the Financial Services industry
- Experience in support projects and able to handle issues against defined SLA / KPI
- Clear communication & presentation skills, and the ability to articulate complex issues concisely
- Leadership, relationship-building and influencing skills to drive agendas across a number of teams
- Proven track record of effectively interacting with senior management
- To work strategically and collaboratively across departments
- Excellent organizational skills with the ability to multi-task, prioritize competing demands, be versatile and action-oriented
Pay
The expected base salary ranges from $111k-$185k. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, certifications and licenses obtained. Market and organizational factors are also considered. In addition to salary and a generous employee benefits package, successful candidates are eligible to receive a discretionary bonus.