Sumitomo Mitsui Banking Corporation

SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

The anticipated salary range for this role is between $97,000.00 and $154,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.

Role Description

As a Cyber Security Analyst - Threat Researcher, you will be a key part of a high performing Cyber Threat Intelligence program with a desire to continually improve and advance capabilities that protect SMBC Group. A qualified applicant will have demonstrated experience researching cyber threats and vulnerabilities to develop and maintain attack flow models as part of the threat modeling process.

This role plays a key part in advancing our understanding of adversary tactics, techniques, and procedures (TTPs) by transforming threat intelligence into visual attack flow models that drive proactive defense strategies. It involves close collaboration with stakeholders to communicate cybersecurity risks and advocate for secure technologies and practices. This is an excellent opportunity for a developing cybersecurity professional to apply threat-informed defense in a complex enterprise environment, address real-world challenges, and strengthen SMBC Group resilience against evolving threats.

Role Objectives: Delivery

Key Responsibilities:

Successful candidates will require a blend of technical, analytical, and communication skills. You must be able to demonstrate a comprehensive understanding of cyber security best practices and clearly communicate knowledge of vulnerability exploitation lifecycles and network security concepts. You will be required to work as part of a team but capable of performing independant threat research to identify threat opportunity, security gaps, and key areas for improvement to mitigate potential cybersecurity related risks. You will be required to convey output of all threat research and analysis through the production of intelligence reports, briefings, and visual attack path diagrams in a clear, actionable format. Specific areas of responsibilties include:

Threat Research & Analysis:

• Conduct deep-dive research into threat actors, malware families, vulnerabilities, exploits, and campaigns to identify attack patterns and extract adversary tactics, techniques, and procedures (TTPs).
• Analyze threat intelligence from open-source, commercial, and internal telemetry to identify relevant attack patterns and enrich threat models
• Stay current with evolving threat landscape and industry best practices to identify emerging threats to the financial services sector.

Attack Flow Modeling:

• Design and maintain attack flow models that visually represent adversary behaviors across the cyber kill chain.
• Use frameworks such as MITRE ATT&CK, Diamond Model, and Cyber Kill Chain to structure flows that map TTPs to real-world attack scenarios.
• Simulate adversary behaviors against financial systems (e.g., SWIFT, ACH, card processing platforms) to identify detection and mitigation gaps.
• Build attack flow models that support detection logic, vulnerability identification, threat hunting, and red team simulations.

Tooling & Automation:

• Use threat intelligence platforms (TIPs), SIEMs, to automate data collection and analysis.
• Leverage threat modeling tools such as ATT&CK Navigator, or custom graphing tools to create and manage attack flows.
• Develop scripts or workflows to automate the generation and updating of attack flow diagrams based on new intelligence.

Reporting & Communication:

• Produce clear, actionable intelligence reports and visualizations for both technical and executive audiences.
• Present attack flow models in threat briefings, tabletop exercises, and strategic planning sessions.

Collaboration & Integration:

• Work closely with SOC analysts, security testing, cyber resiliance, and threat modeling pesonnel to validate and operationalize attack flows.
• Communicate and integrate understanding of attack flow models into threat detection logic for security engineering, SIEMs, and other security orchestration tools.
• Recommend improvements to threat modeling methodologies and threat intelligence workflows.

Qualifications and Skills

Required Qualifications:

• 3+ years of dedicated experience in cyber threat intelligence, threat research, or a threat hunting role within a SOC or information security program.
• Strong understanding of adversary TTPs and threat modeling frameworks (MITRE ATT&CK, Diamond Model, etc.).
• Ability to analyze large datasets, multi-task, and effectively prioritize tasks.
• Conduct attack surface risk modeling and articulate high-risk areas to stakeholders.
• Experience building visual attack flows or kill chain diagrams using industry tools.
• Excellent research, analytical, visualization, and communication skills.

Preferred Qualifications:

• Bachelor of Information Technology, Computer Science, or similar preferable
• Practical, hands-on threat modeling experience using frameworks such as STRIDE, attack trees, and OWASP methodologies.
• Familiarity with graph databases or visualization libraries (e.g., Neo4j, Graphviz, D3.js).
• Experience in a financial institution, FinTech, or other industry with regulatory environment.
• Familiarity with financial regulations and compliance frameworks (e.g., FFIEC, GLBA, PCI-DSS).
• Certifications such as GCTI, CTIA, CEH, or MITRE ATT&CK Cyber Threat Intelligence Certification.
• Proficiency in scripting languages such as KQL and Python for data parsing, enrichment, and automation of threat intelligence workflows.

Additional Requirements

SMBC’s employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.

SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.

SMBC’s employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.

SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.