M&T BankMB

Lead Application Security Engineer

M&T Bank Corporation is a community-focused financial institution offering a range of banking and investment services across the Eastern United States.

M&T Bank

Employee count: 1001-5000

Salary: 111k-184k USD

United States only

Overview:

As the Lead Product Security Engineer at M&T Bank, you will support and participate in the building and implementation of software security controls in all stages of the product development life cycle. This role will offer you the opportunity to be involved with a wide range of responsibilities in transforming the software security culture and technologies. We are looking for a highly motivated, talented, and hands-on engineer who will be responsible for identifying and mitigating software vulnerabilities through code reviews, security assessments, threat modeling, and providing secure coding guidance to software engineers. This role is integral to our technology transformation journey, ensuring the security posture of our bank-wide infrastructure and products.

This role is based in Buffalo, New York with hybrid work model of 3 days per week in the office.

Primary Responsibilities:

  • Collaborate with cross-functional teams to integrate security measures into the software development process including conducting code reviews, secure code guidance, threat modeling

  • Stay up to date on emerging threats and vulnerabilities, and proactively recommend security enhancements.

  • Partner with engineering teams and provide guidance and support to developers on secure coding practices and security best practices.

  • Mentor product security engineers and DevSecOps professionals to ensure a strong security posture across all software development and deployments.

  • Assist in the development of software security processes, configuration of tools, and management of solutions to tactically address software security vulnerabilities.

  • Build and support high quality security documentation for product security best practices.

  • Utilize product security scanning tools to track, analyze, and manage vulnerabilities.

  • Develop analytics to evaluate and enhance the effectiveness of the vulnerability management program including, tools, technologies, policies.

  • Communicate effectively with all levels of organizational leadership, conveying complex technical concepts in a clear and concise manner.

Education and Experience Required:

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity or applicable discipline and a minimum of 5 years of relevant work experience.

• Demonstrable experience developing and maintaining automation for product security tasks and defect identification.

• Advanced knowledge with industry standards and frameworks such as OWASP, ISO 27001, GDPR, PCI DSS, and NIST.

• Advanced experience with security testing tools and techniques and fixing vulnerabilities.

• Strong background in cybersecurity, manual code review, static/dynamic code analysis, threat modeling, bug bounty research and vulnerability management. • Experience with at least 2-3 of the following programming languages – Java, C#, JavaScript, Python, PHP, Ruby, Scala.

• Hands-on experience with product security tools and exploit tools and methods.

• Hands-on experience with product security testing tools such as SAST, DAST, IAST, SCA, and SBOM as well as experience with DevOps technologies such as CI/CD pipelines, repos, etc.

• Excellent communication and leadership skills.

• Capable of working on multiple projects of a complex nature

• Excellent problem-solving skills to assist in issue resolution.

• Detail-oriented with excellent verbal and written communication skills, with prior experience presenting to the target audience.

• Excellent organizational, teamwork, and time management skills

• Strong vertical thinking skills.

• Experience recommending and implementing security solutions.

• Experience driving project milestones and delivery dates.

• Proven mentoring and leadership capabilities.

Education and Experience Preferred:

• Cyber security certifications in the domain of product security or penetration testing (such as GWAPT, GCPEN, OSCP, CSSLP, CCSP).

• Proven experience in software development including architecture review & secure coding.

• Familiarity with mobile security testing.

• Strong understanding of mainframe, web productarchitectures, security protocols, and encryption.

• Familiarity with cloud security principles and practices.

• Experience running a bug bounty program.

• Knowledge of Cloud platforms such as AWS, GCP, Azure, Oracle.

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $110,635.01 - $184,391.68 (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation. The range listed above corresponds to our national pay range for this role. The specific pay range applicable to you may vary based on your location.

Location

Clanton, Alabama, United States of America

About the job

Apply before

Posted on

Job type

Full Time

Experience level

Senior
Manager

Salary

Salary: 111k-184k USD

Location requirements

Hiring timezones

United States +/- 0 hours

About M&T Bank

Learn more about M&T Bank and their company culture.

View company profile

M&T Bank Corporation, headquartered in Buffalo, New York, is a leading community bank that has been serving individuals and businesses since its establishment in 1856. The bank offers a wide variety of financial services including retail banking, commercial banking, investment banking, and wealth management services. M&T Bank prides itself on its community-focused approach, understanding the needs of its neighbors, and fostering long-lasting relationships with its customers.

With over 1,000 branches across 12 states, M&T Bank is committed to helping customers achieve their financial goals through innovative banking solutions, mortgages, loans, and investment services. The company's mission is not only to provide robust financial products but also to invest back into the communities it serves. By offering community lending programs and financial education, M&T Bank aims to promote financial literacy and empowerment.

Claim this profileM&T Bank logoMB

M&T Bank

View company profile

Similar remote jobs

Here are other jobs you might want to apply for.

View all remote jobs

38 remote jobs at M&T Bank

Explore the variety of open remote roles at M&T Bank, offering flexible work options across multiple disciplines and skill levels.

View all jobs at M&T Bank

Remote companies like M&T Bank

Find your next opportunity by exploring profiles of companies that are similar to M&T Bank. Compare culture, benefits, and job openings on Himalayas.

View all companies

Find your dream job

Sign up now and join over 85,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan