MUFG Investor Services
DevSecOps Engineer

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
About MUFG Investor Services
MUFG Investor Services is a trusted partner to many of the world’s largest public and private funds, providing asset servicing and operational solutions built for alternatives. With over $1 trillion in client assets under administration, we offer fund administration, banking, payments, fund financing, foreign exchange overlay, corporate and regulatory services, custody, business consulting, and more.
Operating from 17 locations worldwide, we help clients mitigate risk, enhance efficiency, and navigate the operational complexities of today’s investment management landscape. As a division of Mitsubishi UFJ Financial Group (MUFG), one of the world’s largest financial institutions with approximately $3 trillion in assets, we combine deep expertise with the strength and stability of a leading financial institution. To learn more, visit us at www.mufg-investorservices.com.
Job Description
We are seeking a proactive and collaborative Application Security Engineer who speaks the language of developers, thrives in the purple team space and is an automation advocate. The successful candidate will work closely with engineering & IT teams to enhance the security of our applications, APIs and infrastructure by implementing preventative controls and identifying risks through security testing.
You Will:
- Act as a security champion to foster the secure by design approach across the business.
- Support the identification and analysis of web application security vulnerabilities across the business to reduce risk.
- Oversee daily management of application security platforms to maintain comprehensive coverage, ensure compliance and remediation of findings.
- Conduct threat modelling and review application architectures to identify potential risks early in the SDLC.
- Implement application security controls and proactive measures to prevent security incidents.
- Implement and manage SAST/SCA tooling across our application repositories to identify source code risks.
- Scale automated DAST solutions across our applications to maximize testing coverage and provide visibility into runtime security posture.
- Provide security guidance and remediation advice to engineers where applicable.
- Carry out penetration testing on internally developed applications to identify security defects.
- Review and assess the security of third-party vendor applications through configuration and hardening reviews.
- Validate remediation of security issues by the development team and 3rd parties.
- Coordinate and arrange external penetration testing assessments to independently evaluate the security of our applications.
- Build and maintain effective collaboration with development and IT teams.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Qualifications
You Have:
- Experienced in application security focusing on red, blue or purple team activities.
- Experienced in software development or experience contributing to Open-Source projects.
- Experienced with DAST tools such as Burp Suite, OWASP Zap or similar.
- Experience with SAST/SCA tools such as Snyk, Veracode, Checkmarx or similar.
- Proficient in one or more of the following languages - Python, JavaScript, .NET or Java.
- Well-versed in analysis of open source and third-party library vulnerabilities.
- Well-rounded knowledge of the Software Development Life Cycle (SDLC) and agile methodologies.
- Hold a strong understanding and experience testing of both REST and GraphQL APIs.
- Demonstrated experience with development tools including GitLab/GitHub, Datadog, Jira, Docker, and various IDEs.
- Previously worked very closely with development and DevOps teams to resolve security issues.
- Have performed security-focused code reviews to identify code level issues.
- Experience in creating custom security tooling or scripts.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Preferred
- Experience in the financial sector or another heavily audited industry.
- Experience with cloud services, particularly AWS services like WAF, Cognito etc.
- Experience working with Infrastructure as Code, Kubernetes and Containers.
- Experience with auth mechanisms like Open ID Connect, OAuth and identity providers.
- Experience in creating custom CI/CD pipeline jobs to carry out security related reviews or scans.
Additional Information
What’s in it for you to join MUFG Investor Services?
Take a look at our careers site and you’ll find everything you’d expect from a career with the fastest-growing business at one of the world’s largest financial groups. Now take another look. Because it’s how we defy expectations that really defines us. You’ll feel that difference in all kinds of ways. Our vibrant CULTURE. Connected team. Love of innovation, laser client focus, and next-level LEARNING & DEVELOPMENT.
So, why settle for the ordinary? Apply now for a Brilliantly Different career.
We thank all candidates for applying; however, only those proceeding to the interview stage will be contacted.
We are an equal opportunity employer.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location