Senior Cyber Security & Information Risk Engineer

Company: Sumitomo Mitsui Banking Corporation
Location: New York
Posted on: March 20, 2023

Job Description:

Overview
SMBC Capital Markets, Inc. is a market maker for swaps, including interest rate, currency and commodity swaps and related derivative products, headquartered in New York as a wholly owned subsidiary of SMBC. SMBC Capital Markets, Inc. was provisionally registered as a swap dealer with the Commodity Futures Trading Commission on December 31, 2012. Our business works in close collaboration with SMBC Nikko Capital Markets, Capital Markets Limited in the UK, and SMBC Capital Markets Asia, Ltd in Hong Kong to provide global coverage to SMBC's corporate, institutional, and project clients. Capital Markets maintains its own middle and back-office functions, including Risk Management, Compliance, Systems, Finance, and Operations.

The Senior Cyber Security & Information Risk Engineer will be responsible for ensuring that Information Security systems are configured, deployed, and maintained in accordance with SMBC's polices and standards. This position requires participation in technical research and development to enable continuing innovation for Cyber Security and Information Risk management.

Scope:

This role is part of a team responsible for administering security projects designed to safeguard Capital Market's information systems. The Senior Engineer focuses on implementing and engineering information security solutions using industry's best practices, defining and documenting projects, creating and executing project plans, engaging in project cost management, resource management and performing periodic reporting. This position requires participation in technical research and development to enable continuous innovation for Cyber Security and Information Risk department. Acts as a subject matter expert who uses expertise to resolve complex problems in consideration of established policies, guidelines or processes. Reports to Head of Cyber Security of Capital Markets with reporting lines into the regional CISO of Americas Division as well Capital Markets' CIO.
Responsibilities

• 
  
• Focuses on hands on engineering and architecting cybersecurity solutions and ways to protect the firm from various threat actors.
  
• Performs as the Subject Matter expert focused in multiple technologies within the Security arena (Unix Security Engineering, IAM, Cloud Security, Data Security, Network Security, Encryption, Privileged Access Management, Federation etc.).
  
• Establishes a strategic security architecture vision, including standards and frameworks for medium to large enterprises.
  
• Develops and maintains log analysis solutions, including data collection and aggregations, data normalization, and reporting. -
  
• Review and analysis security logs from a wide variety of sources.
  
• Coordinate and perform security audits and vulnerability assessments to assess internal security procedures and compliance requirements.
  
• Work with relevant internal IT Application, Infrastructure, Network and Support teams to ensure that security controls are implemented at all significant layers, test those controls and perform gap analysis to find areas of improvement.
  
• Strong understanding and hands on implementation experience with SANS/CIS Top 20, NIST CSF, 800-53, ISO27001 and FFIEC CAT controls.
  
• Strong Incident Response skillset using MITRE ATT&CK and Cyber Kill Chain frameworks. Being able to conduct threat modeling in order to determine major threats facing the firm.
  
• Good understanding of Zero Trust principles.
  
• Perform testing to evaluate new products for network and system security controls.
  
• Supporting offensive architecture analysis and design of defense-in-depth solutions
  
• Participate in the development of the security roadmap and communicate the Technology Security vision to senior management and technical departments.
  
  - - - - - - - - - Works with and / or leads internal implementation teams and internal business organizations to define, document, and present project requirements.
  - - - - - - - - - Coordinates with project team the implementation, upgrade and maintenance of security solutions.
  - - - - - - - - - Throughout project lifecycle, tracks and manages project progress against plan schedules, budgets, technical needs, resource requirements, capacity plans and the goals of the business
  - - - - - - - - - Creates, maintains and executes required test case scenarios and use cases to verify requirements
  - - - - - - - - - Mentor junior team members and inspire them to take on challenging tasks within the department.
  - - - - - - - - - Monitors data quality and assists in the collection of data for Risk Management and internal auditors.
  Qualifications
  
  • 
    
  • 8-10+ Years of hands-on security architecture, implementation and design experience required, designing globally scalable security solutions
    
  • Strong Unix security engineering background required
    
  • Scripting experience in bash, python, perl or any other scripting language required.
    
  • Strong understanding of DNS concepts and DNS management using commercial tools
    
  • Strong hands-on knowledge of SMTP, SPF, DKIM concepts and email gateways.
    
  • Knowledge of Stunnels and FIX configurations.
    
  • Cloud Security and hands on knowledge with AWS and/or Azure is required.
    
  • Strong knowledge of enterprise Information Security pillars (Perimeter security, Identity Management and Governance, Privileged Account Management, Compliance, Penetration testing, Encryption, Cloud Security, Incident Response, Vulnerability Management)
    
  • Deep packet analysis experience using wireshark/tcpdump.
    
  • Advanced experience in process documentation, flow charting and re-engineering.
    
  • Understanding of OWASP Top 10 highly desired.
    
  • Good understanding of Zero Trust principles highly desired.
    
  • Excellent communication skills, writing skills, and the ability to work with internal teams
    
  • Be a performance-driven team player with an excellent attitude
    
  • Performing gap analysis within different environments coupled with an in depth understanding of regulatory guidelines as well as standards and best practices related to CIS Top 20, ISO and NIST CSF frameworks.
    
  • Ability to communicate information security concepts across a broad range of technical & non-technical staff.
    
  • Bachelor's degree in Information Security, Compute Science or related field Required
    
  • One of the following certifications is required - CISSP, CISM, CCSP, OSCP, GIAC GCIH, GCTIA, GDSA or equivalent. Any AWS/Azure certifications are a plus.
    
  • Weekend and night work may be needed at times based on project, support, and business needs.
    

Keywords: Sumitomo Mitsui Banking Corporation, New York , Senior Cyber Security & Information Risk Engineer, Accounting, Auditing , New York, New York