Lead Cybersecurity Engineer - Vulnerability

M&T Bank-posted 4 days ago
Full-time • Mid Level
Hybrid • Buffalo, NY
5,001-10,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

This role offers a hybrid work schedule providing the opportunity for in-person collaboration at our Seneca One Tech Hub in Buffalo, NY. At M&T Tech , we’re a team of makers, doers, and builders, working to create the most advanced technology solutions in banking. We’re not your stereotypical suit and tie bankers: we’re an innovative team of leading tech experts, pushing boundaries, and taking risks. We’re building an agile team of the most skilled and creative workers to solve complex problems, architect solutions, write high-performance software, and chart our new path, all to make the lives of our customers, and the communities that we serve, better. Join us and be part of something new as we build tomorrow’s bank, today. Overview: We are seeking a highly skilled and experienced Lead Cybersecurity Engineer to join our dynamic cybersecurity team. In this role, you will be responsible for designing, implementing, and enhancing our cybersecurity vulnerability platforms and risk posture across our large-scale infrastructure, applications and systems. You will work closely with other security engineers, product teams, and IT professionals to ensure the resilience and integrity of our environment. The candidate will have strong technical expertise solving advanced complex problems or enhancements, a deep understanding of security frameworks, and a passion for protecting sensitive data from evolving threats, with a strong emphasis on vulnerability management, secure application testing, and automation. The ideal candidate will have extensive expertise in managing and deploying vulnerability scanning tools, including but not limited to Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), as well as a proven history of leading enterprise initiatives and mentoring junior engineers. Experience working in regulated environments is strongly preferred. The role also requires proficiency in scripting, programming, and automation to streamline security processes and improve efficiency.

  • Evaluate, design, implement, and manage vulnerability scanning tools and automated processes to streamline detection and response workflows
  • Lead integrations of vulnerability scanning tools into the software development & lifecycle process, through collaboration with DevSecOps, IT, infrastructure and security teams, to ensure vulnerability management processes align with security best practices and organizational goals
  • Design security systems or solutions with significant complexity and moderate risk, ensuring alignment with cybersecurity objectives and organizational needs.
  • Configure and develop controls for security systems with significant complexity, to fortify system defenses and optimize performance of technologies.
  • Lead testing efforts for systems and technology, coordinating with cross-functional teams and providing technical expertise in identifying and resolving issues.
  • Manage deployment of security solutions for complex systems or technology, ensuring smooth integration with existing infrastructure and minimal disruption.
  • Define and implement tuning methodologies for systems and technologies, using advanced analytical techniques to maximize efficiencies.
  • Develop and implement automation and orchestration for complex systems to streamline security operations and response activities.
  • Lead collaboration efforts with Cybersecurity and Technology teams to effectively implement and maintain security solutions for the organization.
  • Lead improvement initiatives within Cybersecurity team, implementing best practices and optimizing processes to enhance security capabilities.
  • Actively partner with vendor to optimize security products and/or drive resolution of complex support issues.
  • Assist leadership with vendor relationships by maintaining when licenses need to be renewed, informing when hardware needs to be refreshed or new technologies should be considered.
  • Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite.
  • Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis.
  • Identify risk-related issues needing escalation to management.
  • Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
  • Complete other related duties as assigned.
  • Bachelor's degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience
  • In-depth knowledge and hands-on experience with vulnerability tools and technologies (e.g., Blackduck, Veracode, Qualsys, Rapid7, Checkmarx, Burp Suite, etc.)
  • Strong knowledge of DevSecOps practices and secure integration into CI/CD pipelines.
  • Proficiency in scripting and automation (e.g., Python, PowerShell, bash, Java, or similar).
  • Experience with container security and cloud security tools (e.g., Docker, Kubernetes, AWS, Azure).
  • Relevant certifications (e.g., CISSP, SSCP, CompTIA Security+, AWS Certified Security Specialty, Azure Security Engineer, or similar cybersecurity certifications) are a plus.
  • Experience with security frameworks (e.g., NIST, CIS, OWASP)
  • Advanced understanding of the security system development and infrastructure lifecycle and architecture, and systems design
  • Proven experience with the development and customization of tools utilized in assigned Cybersecurity function
  • Demonstrated ability to translate architecture into technical requirements
  • Proficient level of critical thinking and problem solving ability
  • Excellent communication and interpersonal skills
  • Experience partnering with leaders to design solutions to business needs.
  • Proficient persuasive communication skills to gain buy-in of others
  • Strong ability to analyze and draw reliable conclusions based on large volumes of quantitative data from diverse sources
  • Ability effectively serves in indirect leadership role
  • Competitive compensation
  • Health, welfare, and retirement benefits
  • 401(k) match at 5%
  • Work-life balance and flexible work arrangements
  • Banking Officers start with 25 days PTO plus 12 paid holidays
  • 40 hours paid volunteer hours per year
  • Much more.
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Cybersecurity Engineer Resume Examples
Cybersecurity Engineer Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service