5,448 Threat Response jobs in the United States

Associate Threat Response Analyst

We're your dream security team!

As a Threat Response Analyst you will be joining the Mimecast Messaging Security organization and be responsible for supporting a service for on-demand threat resolution. The service is designed to provide customers with prompt feedback and intelligence on email-borne threats, remediate these threats from their email environment to reduce dwell time, and put the appropriate detections in place to prevent further incidents from occurring. The role may require working afternoon/evening shifts and being part of a rotation for holiday support.

Messaging Security ensures that our security-focused solutions are performing accurately and efficiently. We verify that Mimecast can detect the latest email-borne threats amidst a rapidly evolving threat landscape. Through threat research and customer feedback we identify where Mimecast can be improved and update detection at our spam, URL, and attachment security layers. We strive for proactive, rather than reactive, approaches to threat detection.

The team is also responsible for assuring that Mimecast maintains an exceptional sending reputation by looking for compromised email addresses and senders following poor mailing practice.

Messaging Security works closely with research and development, as well as customer support. We are a global team that spans three continents.

What You'll Do:

• Analyze phishing/malicious email campaigns to identify IOC's
• Categorize email threats and determining the best means of updating detection
• Provide email security advice, expertise, and remediation to our customers
• Understand security policies within the Mimecast Administration Console and providing configuration suggestions to customers
• Research and investigate the latest security threats and their potential impact to Mimecast customers
• Work with security vendors around threat detection techniques and remediation
• Identifying opportunities for improved processes and systems

What You'll Bring:

• Working knowledge of messaging (email traffic management) and routing
• Experience and understanding of email security technologies
• Strong understanding of Domain Name System (DNS)
• Strong understanding of SMTP, SSL/TLS, POP3, IMAP, TCP/IP
• Ability to translate complex technical capabilities into management-friendly responses
• Curiosity about the infrastructure of phishing/malicious email campaigns
• Some experience working with the Mimecast platform would be preferred
• Some experience working in a Security Operation Center (SOC) would be preferred
• Experience working with email/malware detection and blocking techniques
• Experience working with threat intelligence platforms
• Experience working within SaaS environments

What We Bring

Join our Messaging Security team to accelerate your career journey, working with cutting-edge technologies and contributing to projects that have real customer impact. You will be immersed in a dynamic environment that recognizes and celebrates your achievements.

Mimecast is on a path of steady and healthy growth as a company, investing in people like you who bring the skills and expertise to raise our technical expertise, operational maturity, and customer success to the next level. Your contributions are important! Every voice and action matters.

Mimecast offers formal and on-the-job learning opportunities, maintains a comprehensive benefits package that helps our employees and their family members to sustain a healthy lifestyle, and importantly - opportunities to work with cross-functional teams to build your knowledge!

Our Hybrid Model: We provide you with the flexibility to live balanced, healthy lives through our hybrid working model that champions both collaborative teamwork and individual flexibility. Employees are expected to come to the office at least two days per week, because working together in person:

• Fosters a culture of collaboration, communication, performance, and learning.
• Drives innovation and creativity within and between teams
• Introduces employees to priorities outside of their immediate realm.
• Ensures important interpersonal relationships and connections with one another and our community!

The US base salary range for this position is $60,000-$90,000 base + benefits. This reflects the minimum and maximum target for new hire salaries for this position. This position may also be eligible for bonus, incentive plans, and other related benefits. Our salary ranges are determined by role, level, and location. These factors and individual capabilities will also determine the individual pay offered.

#LI-CS1

DEI Statement

Cybersecurity is a community effort. That's why we're committed to building an inclusive, diverse community that celebrates and welcomes everyone - unless they're a cybercriminal, of course.

We're proud to be an Equal Opportunity and Affirmative Action Employer, and we'd encourage you to join us whatever your background. We particularly welcome applicants from traditionally underrepresented groups.

We consider everyone equally: your race, age, religion, sexual orientation, gender identity, ability, marital status, nationality, or any other protected characteristic won't affect your application.

If you require any adjustments or accommodations due to a disability, or any other reason that may help you in your interview process, please let us know by emailing

Due to certain obligations to our customers, an offer of employment will be subject to your successful completion of applicable background checks, conducted in accordance with local law.

Associate Threat Response Analyst

We're your dream security team!

As a Threat Response Analyst you will be joining the Mimecast Messaging Security organization and be responsible for supporting a service for on-demand threat resolution. The service is designed to provide customers with prompt feedback and intelligence on email-borne threats, remediate these threats from their email environment to reduce dwell time, and put the appropriate detections in place to prevent further incidents from occurring. The role may require working afternoon/evening shifts and being part of a rotation for holiday support.

Messaging Security ensures that our security-focused solutions are performing accurately and efficiently. We verify that Mimecast can detect the latest email-borne threats amidst a rapidly evolving threat landscape. Through threat research and customer feedback we identify where Mimecast can be improved and update detection at our spam, URL, and attachment security layers. We strive for proactive, rather than reactive, approaches to threat detection.

The team is also responsible for assuring that Mimecast maintains an exceptional sending reputation by looking for compromised email addresses and senders following poor mailing practice.

Messaging Security works closely with research and development, as well as customer support. We are a global team that spans three continents.

What You'll Do:

• Analyze phishing/malicious email campaigns to identify IOC's
• Categorize email threats and determining the best means of updating detection
• Provide email security advice, expertise, and remediation to our customers
• Understand security policies within the Mimecast Administration Console and providing configuration suggestions to customers
• Research and investigate the latest security threats and their potential impact to Mimecast customers
• Work with security vendors around threat detection techniques and remediation
• Identifying opportunities for improved processes and systems

What You'll Bring:

• Working knowledge of messaging (email traffic management) and routing
• Experience and understanding of email security technologies
• Strong understanding of Domain Name System (DNS)
• Strong understanding of SMTP, SSL/TLS, POP3, IMAP, TCP/IP
• Ability to translate complex technical capabilities into management-friendly responses
• Curiosity about the infrastructure of phishing/malicious email campaigns
• Some experience working with the Mimecast platform would be preferred
• Some experience working in a Security Operation Center (SOC) would be preferred
• Experience working with email/malware detection and blocking techniques
• Experience working with threat intelligence platforms
• Experience working within SaaS environments

What We Bring

Join our Messaging Security team to accelerate your career journey, working with cutting-edge technologies and contributing to projects that have real customer impact. You will be immersed in a dynamic environment that recognizes and celebrates your achievements.

Mimecast is on a path of steady and healthy growth as a company, investing in people like you who bring the skills and expertise to raise our technical expertise, operational maturity, and customer success to the next level.Your contributions are important! Every voice and action matters.

Mimecast offers formal and on-the-job learning opportunities, maintains a comprehensive benefits package that helps our employees and their family members to sustain a healthy lifestyle, and importantly - opportunities to work with cross-functional teams to build your knowledge!

Our Hybrid Model: We provide you with the flexibility to live balanced, healthy lives through our hybrid working model that champions both collaborative teamwork and individual flexibility. Employees are expected to come to the office at least two days per week, because working together in person:

• Fosters a culture of collaboration, communication, performance, and learning.
• Drives innovation and creativity within and between teams
• Introduces employees to priorities outside of their immediate realm.
• Ensures important interpersonal relationships and connections with one another and our community!

T he US base salary range for this position is $60,000-$90,000 base + benefits. This reflects the minimum and maximum target for new hire salaries for this position. This position may also be eligible for bonus, incentive plans, and other related benefits. Our salary ranges are determined by role, level, and location. These factors and individual capabilities will also determine the individual pay offered.

#LI-CS1

DEI Statement

Cybersecurity is a community effort. That's why we're committed to building an inclusive, diverse community that celebrates and welcomes everyone - unless they're a cybercriminal, of course.

We're proud to be an Equal Opportunity and Affirmative Action Employer, and we'd encourage you to join us whatever your background. We particularly welcome applicants from traditionally underrepresented groups.

We consider everyone equally: your race, age, religion, sexual orientation, gender identity, ability, marital status, nationality, or any other protected characteristic won't affect your application.

If you require any adjustments or accommodations due to a disability, or any other reason that may help you in your interview process, please let us know by emailing

Due to certain obligations to our customers, an offer of employment will be subject to your successful completion of applicable background checks, conducted in accordance with local law.

As a Threat Response Engineer III, you will lead efforts to detect, investigate, and respond to advanced security incidents. You will conduct in-depth forensic analysis, lead threat hunting initiatives, and refine detection strategies using both internal and external intelligence. You will also drive improvements to the organization's threat detection and incident response processes.

About the team :

At Bloomberg Industry Group, the Threat Response team leads the defense against advanced and persistent cyber threats. This team handles all aspects of threat intelligence, threat hunting, and incident response, leveraging cutting-edge tools to protect the organization's critical systems.

What you will do :

• Lead the investigation and response to complex security incidents, including APTs, insider threats, and sophisticated malware attacks.

• Conduct in-depth forensic analysis of compromised systems to identify attack vectors, persistence mechanisms, and other indicators of compromise.

• Develop and refine detection strategies and automation scripts to improve the organization's ability to detect and respond to threats.

• Lead proactive threat hunting efforts to identify potential security risks within the network and systems.

• Analyze threat intelligence and integrate it into detection systems to stay ahead of emerging threats.

• Mentor junior engineers and provide technical leadership in threat detection, investigation, and response.

• Stay up to date on the latest cyber threats, adversary tactics, and attack techniques, applying this knowledge to continuously improve detection and response.

You need to have :

• Extensive experience in incident response, forensic investigations, and threat hunting.

• Expertise in analyzing complex attacks and understanding adversary tactics, techniques, and procedures (TTPs).

• Strong knowledge of threat intelligence, malware analysis, and advanced security monitoring tools.

• Proficiency with SIEM, SOAR, EDR, and forensic tools, as well as scripting for automating detection and response tasks.

• 6-10 years of relevant experience.

We'd love to see :

• Certifications such as AWS Certified Security - Specialty, Azure Security Engineer, CISSP, CSSP, CISM or equivalent.

• A bachelor's degree in information security, Computer Science, or a related field, or equivalent experience.

Equal Opportunity

Bloomberg Industry Group maintains a continuing policy of non-discrimination in employment. It is Bloomberg Industry Group's policy to provide equal opportunity and access for all persons, and the Company is committed to attracting, retaining, developing, and promoting the most qualified individuals without regard to age, ancestry, color, gender identity or expression, genetic predisposition or carrier status, marital status, national or ethnic origin, race, religion or belief, sex, sexual orientation, sexual and other reproductive health decisions, parental or caring status, physical or mental disability, pregnancy or maternity/parental leave, protected veteran status, status as a victim of domestic violence, or any other classification protected by applicable law ("Protected Characteristic"). Bloomberg prohibits treating applicants or employees less favorably in connection with the terms and conditions of employment, in all phases of the employment process, because of one or more Protected Characteristics ("Discrimination").

About the Company

Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all — bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure.

The Department: Threat Detection & Response

The Role: Staff Security Engineer

The Threat Detection and Response (TDR) team builds and operates the detection pipelines, response workflows, and engineering tools that keep Gemini secure. As a Staff Security Engineer on TDR, you will lead complex projects, own detection infrastructure, and mentor a growing team of security engineers. This is a hands-on role that combines software engineering with deep security expertise.

You’ll work closely with partners across Security, Infrastructure, and Product to ensure we’re catching real threats without burning the team out on noise. You’ll help us shift detection left, push logic into code, and build scalable response tooling.

We’re looking for high-velocity engineers who can lead by example, write production-grade code, and improve the signal-to-noise ratio across our detection stack.

This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office.

Responsibilities:

• Design, implement, and own detection logic and alerting pipelines across diverse data sources
• Lead investigations of high-severity incidents and postmortem reviews
• Build and maintain automation that enables scalable response and analysis
• Mentor engineers across the team on detection engineering, response workflows, and code quality
• Develop internal tools that help us test, tune, and improve detections
• Partner with teams across Gemini to expand coverage and context in our security data

Minimum Qualifications:

• Strong experience in threat detection, incident response, or security engineering
• Proficiency in Python, Go, or similar languages used for automation and detection logic
• Deep familiarity with detection platforms (e.g., Splunk, EDR tools) and log pipelines including developing and deploying custom detection rules and pipelines
• Hands-on experience with containerization technologies like Docker and Kubernetes
• Comfort with CI/CD systems, infrastructure as code, and distributed systems
• Clear written and verbal communication, especially under pressure

Preferred Qualifications:

• Familiarity with forensics (host, memory, or network) across major operating systems
• Understanding of common attacker techniques and frameworks like MITRE ATT&CK
• Exposure to workflow engines (e.g., Argo, Airflow) and data engineering patterns
• Experience working in cloud-native environments (AWS preferred)
• History of mentoring and supporting engineers in technical growth

It Pays to Work Here The compensation & benefits package for this role includes:

• Competitive starting salary
• A discretionary annual bonus
• Long-term incentive in the form of a new hire equity grant
• Comprehensive health plans
• 401K with company matching
• Paid Parental Leave
• Flexible time off

Salary Range : The base salary range for this role is between $168,000 - $240,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

In the United States, employees within the New York, Seattle, San Francisco, and Miami metropolitan areas are expected to work from the designated office on a hybrid cadence, unless there is a job-specific requirement to be in the office every work day. We believe our hybrid approach for those near our NYC, Seattle, San Francisco, and Miami offices increases productivity through more in-person collaboration where possible. Employees outside of these areas are considered part of our remote-first workforce.

At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.

#LI-JS2

**Do you want your voice heard and your actions to count?**
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.
**The working hours for this role in the Tampa office will be 8:00 AM - 6:00 PM US Eastern Time, 4 days per week (Sunday to Wednesday).**
**Job Summary**
In this role you will focus on researching potential cybersecurity threats to various systems, technologies, operations, and programs throughout multiple environments. You will perform analysis based on this research to determine the risk to the organization and take appropriate actions based upon that analysis. Responsibilities include rapidly responding to potential incidents and events to minimize risk exposure and ensure the confidentiality, integrity, and availability of assets and business processes. Additionally, you will proactively monitor internal and external-facing environments, seek opportunities to strengthen and automate detection and remediation capabilities, reduce response times for incidents, and produce analyses of cybersecurity events that include perspectives on the behavior of adversaries.
**Major Responsibilities**
+ Perform cybersecurity threat detection, assessment, and mitigation efforts as part of a 24/7 global team
+ Investigate potential cybersecurity events across multiple environments using various tools and techniques
+ Support inquiries from compliance teams such as IT risk management and internal and external auditors to ensure documentation is complete and processes are in compliance with information security policies
+ Create reports analyzing activities or trends both within and outside of the organization
+ Perform threat hunting across the environment to attempt to detect any adversary activity
+ Support the development of security operations detections, playbooks, and automations to ensure threat detection, monitoring, response, and forensics activities align with best practices, minimize gaps in detection and response, and provide comprehensive mitigation of threats
+ Reviews internal logs and alerts to identify potential cybersecurity events. Triage cases based on output from automated alerts, and determine when to escalate to other teams
+ Monitors external service provider activity to detect potential cybersecurity events
+ Analyzes security data from all systems in real time to spot and thwart potential threats, attacks, and other violations
+ Analyzes compromised systems and remediates to a clean state
+ Performs breach indicator assessments to investigate network traffic for malicious activity
+ Assists with internal or third-party employee investigations
+ Assists in the production of various reports which identify and analyze relevant upcoming and ongoing threats to the enterprise
+ Researches evolving threats, techniques, tools, and vulnerabilities in support of information security efforts
+ Stays current with information security program developments, industry frameworks, changes in the company, industry trends, and current security practices
**Qualifications**
+ Bachelor's degree in Information Technology, Cyber Security, Computer Science, or related discipline or equivalent work experience
+ 1 + years of experience working in the cybersecurity or related field
+ Relevant technical and industry certifications, such as those provided by GIAC, EC-Council, ISC2, and CompTIA are preferred
+ Experience in one or more security domains including Security Governance and Oversight, Security Risk Management, Network Security, Threat and Vulnerability Management, or Incident Response and Forensics preferred
+ Experience with information security risk management, including information security audits, reviews, and risk assessments
Desired Skills
+ Understanding of enterprise detection and response technologies and processes (advanced threat detection tools, intrusion detection/prevention systems, network packet analysis, endpoint detection and response, firewalls, Anti malware/anti-virus, Security Information and Event Management tools, etc.)
+ Ability to perform risk analysis utilizing logs and other information compiled from various sources
+ Understanding of network protocols, operating systems (Windows, Unix, Linux, databases), and mobile device security
+ Knowledge in one or more security domains including Security Governance and Oversight, Security Risk Management, Network Security, Threat and Vulnerability Management, or Incident Response and Forensics
+ Knowledge of cloud security, networks, databases, and applications
+ Knowledge of the various types of cyber-attacks and their implementations
+ A fundamental understanding of enterprise cybersecurity frameworks such as MITRE ATT&CK and Cyber Kill Chain
+ Ability to document and explain technical details in a concise, understandable manner
+ Experience in operational processes such as security monitoring, data correlation, troubleshooting, security operations, etc.
The typical base pay range for this role is between $80K - $109K depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below.
MUFG Benefits Summary ( will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws (including (i) the San Francisco Fair Chance Ordinance, (ii) the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, (iii) the Los Angeles County Fair Chance Ordinance, and (iv) the California Fair Chance Act) to the extent that (a) an applicant is not subject to a statutory disqualification pursuant to Section 3(a)(39) of the Securities and Exchange Act of 1934 or Section 8a(2) or 8a(3) of the Commodity Exchange Act, and (b) they do not conflict with the background screening requirements of the Financial Industry Regulatory Authority (FINRA) and the National Futures Association (NFA). The major responsibilities listed above are the material job duties of this role for which the Company reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of conditional offer of employment, if any.
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.
We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual's associates or relatives that is protected under applicable federal, state, or local law.
At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!
**Our Culture Principles**
+ Client Centric
+ People Focused
+ Listen Up. Speak Up.
+ Innovate & Simplify
+ Own & Execute

Incident Response/Threat Hunter (Sr.)
Washington, DC (on-site)
Pay From: $70.00 per hour

MUST:
Experienced Incident Response/Sr Threat Hunter
Ability to obtain a Public Trust
Must be expert level in Splunk writing skills
Must demonstrate advanced use of Splunk features including data models, macros, lookups, and built-in functions
Current or very recent experience using Splunk specifically for non-IOC based threat hunting , not just alert triage, or dashboard usage
Must have developed multistep hunt algorithms
5 years of experience performing threat hunts & incident response activities for cloud-based and non-cloud-based environments, such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Zscaler
5 years of experience performing hypothesis-based threat hunt & incident response utilizing Splunk Enterprise Security.
5 years of experience collecting and analyzing data from compromised systems using EDR agents (e.g. CrowdStrike) and custom scripts (e.g. Sysmon & Auditd)
5 years of experience with the following threat hunting tools:
Microsoft Sentinel for threat hunting within Microsoft Azure;
Tenable Nessus and SYN/ACK for vulnerability management;
NetScout for analyzing network traffic flow;
SPUR.us enrichment of addresses
Mandiant Threat intel feeds

DUTIES:
Provide incident response services after an incident is declared and provides a service that proactively searches for security incidents that would not normally be detected through automated alerting.
The Threat Hunt mission is to explore datasets across the judicial fabric to identify unique anomalies that may be indicative of threat actor activity based on the assumption that the adversary is already present in the judicial fabric. The extended mission is to conduct counterintelligence, build threat actor dossiers, disrupt adversary operations, identify misconfigurations/ vulnerabilities, and identify visibility/detection gaps, if any. Human analytical thinking is imperative to the primary and extended missions as it is up to the threat hunter to find signs of an intrusion that have bypassed the automatic detection process that may already be in place.
Accept and respond to government technical requests through the AOUSC ITSM ticket (e.g., HEAT or Service Now), for threat hunt support. Threat hunt targets include cloud-based and non-cloud-based applications such as: Microsoft Azure, Microsoft O365, Microsoft Active Directory, and Cloud Access Security Brokers (i.e., Zscaler).
Review and analyze risk-based Security information and event management (SIEM) alerts when developing hunt hypotheses.
Review open-source intelligence about threat actors when developing hunt hypotheses.
Plan, conduct, and document iterative, hypothesis based, tactics, techniques, and procedures (TTP) hunts utilizing the agile scrum project management methodology.
At the conclusion of each hunt, propose, discuss, and document custom searches for automated detection of threat actor activity based on the hunt hypothesis.
Configure, deploy, and troubleshoot Endpoint Detection and Response agents (e.g., CrowdStrike and Sysmon).
Collect and analyze data from compromised systems using EDR agents and custom scripts provided by the AOUSC.
Track and document cyber defense incidents from initial detection through final resolution.
Interface with IT contacts at court or vendor to install or diagnose problems with EDR agents.
Participate in government led after action reviews of incidents.
Triage malware events to identify the root cause of specific activity.
Attend daily Agile Scrum standups and report progress on assigned Jira stories.

Quadrant is an affirmative action/equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, status as a protected veteran, or status as an individual with a disability.

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.

Job Summary

As a Threat Detection and Response Engineer you will occupy a crucial position in our Security Operations center, with your primary focus centered on conceiving, refining and implementing use cases and strategies that intricately align with the global security frameworks. Your expertise with this framework and the cyber security kill chain will form the foundation where our defensive capabilities are fortified, ensuring the ability to not only identify and respond, but also impede cyber threats in a proactive manner.

Major Responsibilities

• Collaboration and Innovation: Work closely with cross-functional teams, including Threat Intelligence, Incident Response, Forensics and Security Operations to collaboratively craft custom security use cases founded on the principles of global security frameworks. Harnessing the collective intelligence to device strategies that yield valuable results.

• Draw upon your comprehensive understanding of the cyber landscape to design and execute advanced detection and response strategies, employing an array of sophisticated security tools and technologies. Your solutions will serve as the first line of defense, minimizing potential risks and vulnerabilities.

• Apply your extensive knowledge of attack patterns, tactics and techniques to conduct in-depth analysis of cyber threats. Unearth the subtle nuances that set apart malicious activities from innocuous ones, thus empowering the firm with a heightened security posture.

• In the ever-changing landscape of cyber threats, stat at the forefront of industry trends and emerging attack vectors. This ensures that the strategies you develop remain resilient and effective in the face of new challenges.

• Participate in red teaming and penetration testing exercises to subject the developed use cases to real-world simulation. By doing so, ensuring their robustness and effectiveness in diverse scenarios.

• Produce and report valuable metrics to leadership and cross functional teams to quantify the value and effectiveness of use cases in an ever-changing threat landscape.

Qualifications

• Bachelor's degree in Information Technology, Cyber Security, Computer Science, or related discipline or equivalent work experience

• Preferred Certifications: CISSP, ISSMP, SANS, GSEC, GCFA, GNFA, GIAC and/or GCIH

• 5-8 years in Information Security or other Information Technology fields

• Experience working within the Financial Services Industry preferred

• Experience with use case and automation related to UEBA, SIEM, SOAR, DLP, EDR and other open-source security tools

• Knowledge of models/frameworks such as Cyber Kill Chain, MITRE and CRI (Cyber Risk Institute)

• Well-developed analytic, qualitative, and quantitative reasoning skills

• Demonstrated creative problem-solving abilities

• Security event monitoring, investigation, and overall incident response process

• Strong time management skills to balance multiple activities and lead junior analysts as needed

• Understanding of offensive security to include common attack methods

• Understanding of how to pivot across multiple datasets to correlate artifacts for a single security event

• A diverse skill base in both product security and information security including organizational structure and administration practices, system development and maintenance procedures, system software and hardware security controls, access controls, computer operations, physical and environmental controls, and backup and recovery procedures.

• In-depth knowledge in one or more security domains including Security Governance and Oversight, Security Risk Management, Network Security, Threat and Vulnerability Management, and Incident Response and Forensics

• Experience creating trending, metrics, and management reports

• Experience across the following technical concentrations:

• Network-Based Security Controls (Firewall, IPS, WAF, MDS, Proxy, VPN)

• Anomaly Detection and Investigation

• Host and Network Forensics

• Operating Systems

• Web Applications and Traffic

• Experience with cloud computing security, network, operating system, database, application, and mobile device security.

• Experience with information security risk management, including conducting information security audits, reviews, and risk assessments.

The typical base pay range for this role is between $110K - $135K depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below.

MUFG Benefits Summary (

We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws (including (i) the San Francisco Fair Chance Ordinance, (ii) the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, (iii) the Los Angeles County Fair Chance Ordinance, and (iv) the California Fair Chance Act) to the extent that (a) an applicant is not subject to a statutory disqualification pursuant to Section 3(a)(39) of the Securities and Exchange Act of 1934 or Section 8a(2) or 8a(3) of the Commodity Exchange Act, and (b) they do not conflict with the background screening requirements of the Financial Industry Regulatory Authority (FINRA) and the National Futures Association (NFA). The major responsibilities listed above are the material job duties of this role for which the Company reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of conditional offer of employment, if any.

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual's associates or relatives that is protected under applicable federal, state, or local law.

At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!

Our Culture Principles

• Client Centric

• People Focused

• Listen Up. Speak Up.

• Innovate & Simplify

• Own & Execute

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.

Job Summary

As a Threat Detection and Response Engineer you will occupy a crucial position in our Security Operations center, with your primary focus centered on conceiving, refining and implementing use cases and strategies that intricately align with the global security frameworks. Your expertise with this framework and the cyber security kill chain will form the foundation where our defensive capabilities are fortified, ensuring the ability to not only identify and respond, but also impede cyber threats in a proactive manner.

Major Responsibilities

• Collaboration and Innovation: Work closely with cross-functional teams, including Threat Intelligence, Incident Response, Forensics and Security Operations to collaboratively craft custom security use cases founded on the principles of global security frameworks. Harnessing the collective intelligence to device strategies that yield valuable results.

• Draw upon your comprehensive understanding of the cyber landscape to design and execute advanced detection and response strategies, employing an array of sophisticated security tools and technologies. Your solutions will serve as the first line of defense, minimizing potential risks and vulnerabilities.

• Apply your extensive knowledge of attack patterns, tactics and techniques to conduct in-depth analysis of cyber threats. Unearth the subtle nuances that set apart malicious activities from innocuous ones, thus empowering the firm with a heightened security posture.

• In the ever-changing landscape of cyber threats, stat at the forefront of industry trends and emerging attack vectors. This ensures that the strategies you develop remain resilient and effective in the face of new challenges.

• Participate in red teaming and penetration testing exercises to subject the developed use cases to real-world simulation. By doing so, ensuring their robustness and effectiveness in diverse scenarios.

• Produce and report valuable metrics to leadership and cross functional teams to quantify the value and effectiveness of use cases in an ever-changing threat landscape.

Qualifications

• Bachelor's degree in Information Technology, Cyber Security, Computer Science, or related discipline or equivalent work experience

• Preferred Certifications: CISSP, ISSMP, SANS, GSEC, GCFA, GNFA, GIAC and/or GCIH

• 5-8 years in Information Security or other Information Technology fields

• Experience working within the Financial Services Industry preferred

• Experience with use case and automation related to UEBA, SIEM, SOAR, DLP, EDR and other open-source security tools

• Knowledge of models/frameworks such as Cyber Kill Chain, MITRE and CRI (Cyber Risk Institute)

• Well-developed analytic, qualitative, and quantitative reasoning skills

• Demonstrated creative problem-solving abilities

• Security event monitoring, investigation, and overall incident response process

• Strong time management skills to balance multiple activities and lead junior analysts as needed

• Understanding of offensive security to include common attack methods

• Understanding of how to pivot across multiple datasets to correlate artifacts for a single security event

• A diverse skill base in both product security and information security including organizational structure and administration practices, system development and maintenance procedures, system software and hardware security controls, access controls, computer operations, physical and environmental controls, and backup and recovery procedures.

• In-depth knowledge in one or more security domains including Security Governance and Oversight, Security Risk Management, Network Security, Threat and Vulnerability Management, and Incident Response and Forensics

• Experience creating trending, metrics, and management reports

• Experience across the following technical concentrations:

• Network-Based Security Controls (Firewall, IPS, WAF, MDS, Proxy, VPN)

• Anomaly Detection and Investigation

• Host and Network Forensics

• Operating Systems

• Web Applications and Traffic

• Experience with cloud computing security, network, operating system, database, application, and mobile device security.

• Experience with information security risk management, including conducting information security audits, reviews, and risk assessments.

The typical base pay range for this role is between $110K - $135K depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below.

MUFG Benefits Summary (

We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws (including (i) the San Francisco Fair Chance Ordinance, (ii) the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, (iii) the Los Angeles County Fair Chance Ordinance, and (iv) the California Fair Chance Act) to the extent that (a) an applicant is not subject to a statutory disqualification pursuant to Section 3(a)(39) of the Securities and Exchange Act of 1934 or Section 8a(2) or 8a(3) of the Commodity Exchange Act, and (b) they do not conflict with the background screening requirements of the Financial Industry Regulatory Authority (FINRA) and the National Futures Association (NFA). The major responsibilities listed above are the material job duties of this role for which the Company reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of conditional offer of employment, if any.

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual's associates or relatives that is protected under applicable federal, state, or local law.

At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!

Our Culture Principles

• Client Centric

• People Focused

• Listen Up. Speak Up.

• Innovate & Simplify

• Own & Execute

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.

Job Summary

As a Threat Detection and Response Engineer you will occupy a crucial position in our Security Operations center, with your primary focus centered on conceiving, refining and implementing use cases and strategies that intricately align with the global security frameworks. Your expertise with this framework and the cyber security kill chain will form the foundation where our defensive capabilities are fortified, ensuring the ability to not only identify and respond, but also impede cyber threats in a proactive manner.

Major Responsibilities

• Collaboration and Innovation: Work closely with cross-functional teams, including Threat Intelligence, Incident Response, Forensics and Security Operations to collaboratively craft custom security use cases founded on the principles of global security frameworks. Harnessing the collective intelligence to device strategies that yield valuable results.

• Draw upon your comprehensive understanding of the cyber landscape to design and execute advanced detection and response strategies, employing an array of sophisticated security tools and technologies. Your solutions will serve as the first line of defense, minimizing potential risks and vulnerabilities.

• Apply your extensive knowledge of attack patterns, tactics and techniques to conduct in-depth analysis of cyber threats. Unearth the subtle nuances that set apart malicious activities from innocuous ones, thus empowering the firm with a heightened security posture.

• In the ever-changing landscape of cyber threats, stat at the forefront of industry trends and emerging attack vectors. This ensures that the strategies you develop remain resilient and effective in the face of new challenges.

• Participate in red teaming and penetration testing exercises to subject the developed use cases to real-world simulation. By doing so, ensuring their robustness and effectiveness in diverse scenarios.

• Produce and report valuable metrics to leadership and cross functional teams to quantify the value and effectiveness of use cases in an ever-changing threat landscape.

Qualifications

• Bachelor's degree in Information Technology, Cyber Security, Computer Science, or related discipline or equivalent work experience

• Preferred Certifications: CISSP, ISSMP, SANS, GSEC, GCFA, GNFA, GIAC and/or GCIH

• 5-8 years in Information Security or other Information Technology fields

• Experience working within the Financial Services Industry preferred

• Experience with use case and automation related to UEBA, SIEM, SOAR, DLP, EDR and other open-source security tools

• Knowledge of models/frameworks such as Cyber Kill Chain, MITRE and CRI (Cyber Risk Institute)

• Well-developed analytic, qualitative, and quantitative reasoning skills

• Demonstrated creative problem-solving abilities

• Security event monitoring, investigation, and overall incident response process

• Strong time management skills to balance multiple activities and lead junior analysts as needed

• Understanding of offensive security to include common attack methods

• Understanding of how to pivot across multiple datasets to correlate artifacts for a single security event

• A diverse skill base in both product security and information security including organizational structure and administration practices, system development and maintenance procedures, system software and hardware security controls, access controls, computer operations, physical and environmental controls, and backup and recovery procedures.

• In-depth knowledge in one or more security domains including Security Governance and Oversight, Security Risk Management, Network Security, Threat and Vulnerability Management, and Incident Response and Forensics

• Experience creating trending, metrics, and management reports

• Experience across the following technical concentrations:

• Network-Based Security Controls (Firewall, IPS, WAF, MDS, Proxy, VPN)

• Anomaly Detection and Investigation

• Host and Network Forensics

• Operating Systems

• Web Applications and Traffic

• Experience with cloud computing security, network, operating system, database, application, and mobile device security.

• Experience with information security risk management, including conducting information security audits, reviews, and risk assessments.

The typical base pay range for this role is between $110K - $135K depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below.

MUFG Benefits Summary (

We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws (including (i) the San Francisco Fair Chance Ordinance, (ii) the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, (iii) the Los Angeles County Fair Chance Ordinance, and (iv) the California Fair Chance Act) to the extent that (a) an applicant is not subject to a statutory disqualification pursuant to Section 3(a)(39) of the Securities and Exchange Act of 1934 or Section 8a(2) or 8a(3) of the Commodity Exchange Act, and (b) they do not conflict with the background screening requirements of the Financial Industry Regulatory Authority (FINRA) and the National Futures Association (NFA). The major responsibilities listed above are the material job duties of this role for which the Company reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of conditional offer of employment, if any.

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual's associates or relatives that is protected under applicable federal, state, or local law.

At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!

Our Culture Principles

• Client Centric

• People Focused

• Listen Up. Speak Up.

• Innovate & Simplify

• Own & Execute