SMBC Group
Senior Application Security Engineer Vice President
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About SMBC Group
SMBC Group, or Sumitomo Mitsui Financial Group, is a leading Japanese multinational financial services holding company and the second largest megabank in Japan, with around $2 trillion in total assets as of March 2023. Headquartered in Tokyo, the group operates in over 40 countries and ranks as the 12th largest bank globally by total assets. The company offers a wide range of financial services, including retail banking, corporate banking, investment banking, and consumer finance. Its retail banking services cater to individual customers with deposit accounts, loans, and digital banking solutions. For businesses, SMBC provides financing, advisory, and cash management services. The investment banking segment includes capital markets and securities underwriting, where SMBC is recognized as a global leader. The group also emphasizes innovation, utilizing advanced technologies like AI for customer service and security enhancements in its banking products.
Security at SMBC Group
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- SMBC Group views cybersecurity risks as a top management concern.
- They have established a Group CISO position and employ over 700 cybersecurity professionals.
- The group regularly conducts vulnerability diagnostics and threat-based penetration testing.
- A 'security by design' philosophy is also applied for IT system planning staff.
Security Team
- Daisuke Shirai is the named Group CISO.
- Taiju Aoki is the president of SMBC CyberFront Co., Ltd., an SMBC Group subsidiary, whose mission is to connect the opinions of management and IT personnel.
- The SMBC Group has over 700 cybersecurity professionals.
- An external job posting for an Application Security Engineer highlights responsibilities focused on working closely with the development community.
- The SMBC Group careers site also lists multiple security and enterprise security roles.
Key Initiatives
- SMBC Group's initiatives include regular vulnerability diagnostics and penetration testing.
- They also utilize ASM (Attack Surface Management) tools for customer advisory work through their subsidiary.
- A SOC (Security Operations Center) and a CSIRT (Computer Security Incident Response Team) have been established.
- However, public information regarding explicit AppSec team structure, security champions programs, specific SAST/SCA/DAST/secret-detection tool names, ticketing SLAs/MTTR for remediation, shift-left CI/IDE integrations, or enterprise GenAI/code-assistant usage is not available.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.