Senior Vulnerability Configuration Specialist

This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Buffalo, NY Tech Hub.

Overview:   

Responsible for conducting detailed analysis of vulnerabilities and recommendations on remediation plans to ensure the integrity and resilience of organization's security and information systems. Serves as senior experienced vulnerability analyst by auditing analysis and reports, serving as an escalation point, and training newer/less-experienced analysts.

Primary Responsibilities:

• Refine testing methodologies for vulnerability scanning to provide comprehensive risk-based view of potential vulnerabilities and may lead implementation of new methodologies within team.
• Create configuration scanning plans that ensure compliance with internal policies and best practices; lead configuration scanning of most systems and networks and build remediation plan for identified vulnerabilities.
• Organize monitoring techniques to monitor database activities and performance and manage responses to detected issues with cross-functional team.
• Lead analysis of active and network vulnerability scans to identify potential exploits, misconfigurations, and attacks; partner with cross-functional team to execute remediation plans.
• In partnership with technology and risk, develop vulnerability management policies and standards and educate technology teams on how integrate into to developing, deploying, and monitoring infrastructure.
• Design infrastructure testing frameworks that ensure technology teams are developing and deploying infrastructure in alignment with policies and standards.
• Formulate and recommend advanced best practices to technology teams on how to improve or implement new security practices, tools, and techniques based on industry standards and latest vulnerabilities to protect the bank from vulnerabilities.
• Produce and interpret advanced reporting with recommendations for cybersecurity and technology leadership, including but not limited to audit reports identifying technical and procedural findings, common vulnerability score, and datasets for regulatory reporting.

• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.

• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Scope of Responsibilities:

• Partners with peers, manager, cybersecurity organization, technology teams, people leaders, and line of business teams
• Determines and develops approach to solutions. Work is accomplished with periodic check-ins for alignment and limited direction. Work is evaluated upon completion to ensure objectives have been met.
• Advanced knowledge of all vulnerability scanning and assessment tools
• Advanced understanding of multiple vulnerability scanning and assessment tools
• Subject matter expert understanding of industry best practices related to vulnerability and patch management.
• Trains analyst to advanced level knowledge of vulnerability scanning and assessment tools, and industry best practices.
• Second highest individual contributor escalation point in team

Manager Responsibilities:

No supervisory responsibilities.

Education and Experience Required:

• Bachelor's degree and a minimum of 3 years’ relevant work experience, or in lieu of a degree, a combined minimum of 7 years’ higher education and/or work experience
• Excellent written and verbal communication skills
• Strong ability to effectively communicate technical information to both non-technical and technical stakeholders, including up to senior leadership in Cybersecurity.
• Experience effectively collaborating with leadership and with peers across the organization.
• Prior experience with and demonstrable aptitude for quickly learning new technical skills.

Education and Experience Preferred:

• Advanced certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC), OffSec Certified Professional (OSCP), or Cybersecurity domain-related industry-recognized certification (DoD Level II)
• Demonstrated experience working in a highly regulated industry (e.g., finance, healthcare, government)
• Experience evaluating, analyzing, and synthesizing large quantities of data (which may be fragmented and contradictory) and accurately determining the potential range and scope of threats and contributing towards intelligence reporting.
• Proficient level of thinking critically and solving problems
• Intermediate understanding of advanced vulnerability concepts and practices, such as vulnerability management solutions, asset identification and management, and mitigation management
• Experience training analysts to ensure they have intermediate knowledge of and how to use security monitoring systems.

 #LI-JB3 #Hybrid

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $93,581.10 - $155,968.51 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationBuffalo, New York, United States of America