Senior Cybersecurity Engineer - Vulnerability

This role offers a hybrid work schedule; offering the flexibility to work from home two days a week, while providing the opportunity for in-person collaboration. At M&T Tech, we’re a team of makers, doers, and builders, working to create the most advanced technology solutions in banking.  We’re not your stereotypical suit and tie bankers: we’re an innovative team of leading tech experts, pushing boundaries, and taking risks.  We’re building an agile team of the most skilled and creative workers to solve complex problems, architect solutions, write high-performance software, and chart our new path, all to make the lives of our customers, and the communities that we serve, better.  Join us and be part of something new as we build tomorrow’s bank, today.Overview:   We are seeking a skilled and experienced Senior Cybersecurity Engineer to join our dynamic cybersecurity team. In this role, you will be responsible for designing, implementing, and enhancing our cybersecurity vulnerability platforms and risk posture across our large-scale infrastructure, applications and systems. You will work closely with other security engineers, product teams, and IT professionals to ensure the resilience and integrity of our environment. The candidate will have strong technical expertise solving moderate to complex problems or enhancements, an understanding of security frameworks, and a passion for protecting sensitive data from evolving threats, with an emphasis on vulnerability management, secure application testing, and automation.The ideal candidate will have moderate experience in managing and deploying vulnerability scanning tools Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). Experience working in regulated environments is strongly preferred. The role also requires knowledge of scripting and automation to streamline security processes and improve efficiency.Primary Responsibilities:

• Deploy, monitor and maintain vulnerability scanning tools and automated processes to streamline detection and response workflows
• Configure vulnerability scanning tools in the software development & lifecycle process, through collaboration with DevSecOps, IT, infrastructure and security teams, to ensure vulnerability management processes align with security best practices and organizational goals
• Design components of security solutions with significant complexity and moderate risk, ensuring alignment with cybersecurity objectives and organizational needs
• Configure and develop controls for security tools or systems to fortify system defenses.
• Design and execute testing of systems and technology thoroughly in coordination with cross-functional teams to ensure reliability and effectiveness of security measures.
• Deploy security systems and code, ensuring seamless integration into existing infrastructure while minimizing disruptions.
• Continuously monitor and tune security systems to enhance efficiency and effectiveness in mitigating and detecting threats.
• Develop and implement automated installation, configuration, and processes to streamline security operations and response activities.
• Partner with Cybersecurity and Technology teams on security solutions implementations and maintenance
• Proactively recommend process enhancements and implements prioritized improvements within Cybersecurity team.
• Engage with vendor for routine security products or solutions support.
• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Scope of Responsibilities:

• Designs and implements secure systems, technologies, policies and procedures to protect against cybersecurity threats and malicious activities.  Architects, maintains, and optimizes the tools and capabilities leveraged by cyber security to achieve organizational objectives.

• Partners primarily with individual contributors and leaders within Cybersecurity and Technology, and occasionally senior leaders within Cybersecurity.
• Determines and develops approach to solutions. Work is accomplished with periodic check-ins for alignment and limited direction. Work is evaluated upon completion to ensure objectives have been met.
• Proficient ability to use multiple Cybersecurity tools, specific to function.
• Stays updated with the latest vulnerability management technologies, continuously monitoring and researching emerging threats and vulnerabilities in the cybersecurity landscape. Update security processes and tools accordingly to address new risks.

Manager Responsibilities: No supervisory responsibilities.Education and Experience Required:

• Bachelor's degree and a minimum of 3 years’ relevant work experience, or in lieu of a degree, a combined minimum of 7 years’ higher education and/or work experience
• Knowledge and experience with vulnerability tools and technologies (e.g., Blackduck, Veracode, Qualsys, Rapid7, Checkmarx, Burp Suite, etc.)
• Understanding of DevSecOps practices and secure integration into CI/CD pipelines.

Education and Experience Preferred:

• Experience in scripting and automation (e.g., Python, PowerShell, bash, Java, or similar).
• Understanding of container security and cloud security tools (e.g., Docker, Kubernetes, AWS, Azure).
• Relevant certifications (e.g., CISSP, SSCP, CompTIA Security+, AWS Certified Security Specialty, Azure Security Engineer, or similar cybersecurity certifications) are a plus.
• Understanding of security frameworks (e.g., NIST, CIS, OWASP)
• Intermediate understanding of the security system development and infrastructure lifecycle and architecture, and systems design
• Proven experience with the tools utilized in assigned Cybersecurity function
• Experience translating architecture into technical requirements.
• Proficient level of critical thinking and problem solving
• Excellent written and verbal communication skills
• Proven experience collaborating with leaders to execute results.
• Prior experience seeking buy-in of others to align on processes.
• Ability to analyze and draw conclusions based on quantitative data from multiple sources.

We support our team members with generous benefits. 

• Competitive compensation 
• Health, welfare, and retirement benefits 
• 401(k) match at 5% 
• Work-life balance and flexible work arrangements 
• Banking Officers start with 25 days PTO plus 12 paid holidays  
• 40 hours paid volunteer hours per year 
• Much more. For details, see: M&T Benefits Overview 

About M&TM&T Bank is a Top 20 US bank holding company and one of the best performing and financial stable regional banks in the country, we offer our technology employees a wide range of performance-based career development opportunities. We have a strong commitment to our customers and the communities we serve, and we continue to grow with a focus on the future. So, when looking to advance your career, look to M&T. Grow with us.

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $93,581.10 - $155,968.51 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationBuffalo, New York, United States of America