Job Information
M&T Bank Cybersecurity Senior Penetration Tester in Buffalo, New York
The Bank sponsors individuals for TN and H-1B transfers on a case by case basis. Please note that this position is not open to anyone on an F-1 student visa including those eligible for CPT/OPT or the Stem OPT extension.
About M&T Bank
At M&T Tech, we’re a team of makers, doers, and builders, working to create the most advanced technology solutions in banking. We’re not your stereotypical suit and tie bankers: we’re an innovative team of leading tech experts, pushing boundaries, and taking risks. We’re building an agile team of the most skilled and creative workers to solve complex problems, architect solutions, write high-performance software, and chart our new path, all to make the lives of our customers, and the communities that we serve, better. Join us and be part of something new as we build tomorrow’s bank, today.
Overview:
Responsible for searching for application and system weaknesses that are exploitable, and partners with Technology, Cybersecurity, and Risk teams to remediate any found weaknesses. Partners with technology leaders to train engineering and Infrastructure teams to develop new applications and systems securely to ensure weaknesses are removed prior to implementation or deploying software.
Primary Responsibilities:
Perform penetration testing (Black, Grey & White Box testing) for web applications, APIs, hardware, mobile, networks (internal & external), and cloud environments.
Design penetration tests, including scope, goals & methods.
Use advanced tactics, techniques, and procedures to gather intelligence
Generate reports on assessment findings and summarizes to facilitate remediation, document technical issues identified during security assessments
Develop and maintain tools and scripts used in penetration testing and red team processes
Build relationships with Cybersecurity and Technology teams to ensure technology applications and services are not at risk of compromise or will leak information
Partner with Cybersecurity and Technology teams to leverage intelligence sources, identify new threats, improve tool usage and workflow, and mature monitoring and response capabilities
Proactively recommend process enhancements to penetration testing tactics, techniques, and procedures, and implements prioritized improvements within Cybersecurity team
Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite. Identify risk-related issues needing escalation to management.
Promote an environment that supports diversity and reflects the M&T Bank brand.
Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
Complete other related duties as assigned.
Scope of Responsibilities:
Regular interaction with middle management and associated staff within Internal Audit, Compliance, Risk Management, and Technology. Position also requires occasional interaction with the Chief Information Security Officer.
Exercises judgement in selecting methods, techniques, and evaluation criteria in obtaining results. Exerts significant latitude in determining objective of assignment. Work is accomplished with limited direction.
Advanced knowledge of penetration testing and red team tools
Advanced knowledge of networking and network protocols
Intermediateworking knowledge of operating systems and scripting and/or coding
The position provides guidance and mentoring to less experienced team members.
Education and Experience Required:
Associate’s degree and a minimum of 7 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience, including a minimum of 7 year relevant work experience
Excellent knowledge of Cybersecurity principles relevant to confidentiality, integrity, availability, authentication and non-repudiation
Proven ability facilitating targeted discussions with peers, line managers and senior management within business unit
Experience conducting research and evaluating information for reliability, validity, objectivity and relevance
Excellent ability communicating complex information, concepts or ideas in a confident and well-organized manner through verbal, written and/or visual means
Experience conducting information searches
Excellent ability to discern protection needs (i.e., security controls) of information systems and networks
Proven ability to design and develop effective risk management processes (e.g., methods for assessing and mitigating risk)
Experience recognizing vulnerabilities in security systems
Excellent ability designing valid and reliable assessments
Experience conducting knowledge mapping
Experience anticipating new security threats
Education and Experience Preferred:
Bachelor’s degree in an applicable discipline such as Computer Science, Cybersecurity, or Information Technology
Extensive understanding of information security concepts (both technical and organizational requirements)
Intermediate working knowledge in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products
Excellent ability to strategically learn new technical skills, and apply broadly across systems, tools, and processes
Experience training penetration tester to ensure they have intermediate knowledge of penetration testing and red team concepts, tools, and ability to simulate attacker tactics, techniques, and procedures
CEH (Certified Ethical Hacker), PenTest+, OSCP(OffSec Certified Professional), GWAPT (GIAC Web Application Penetration Tester), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), or other PenTesting-specific or Cybersecurity domain-related industry-recognized certification
#LI-JB3 #Hybrid
M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $97,869.52 - $163,115.87 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.
Location:
Buffalo, New York, United States of America
M&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer, including disabilities and veterans.