Senior Web Application Penetration Tester

About The Position

Requirements

• Bachelor's degree and a minimum of 3 years’ relevant work experience, or in lieu of a degree, a combined minimum of 7 years’ higher education and/or work experience.
• Intermediate working knowledge of penetration testing and red team tools to be able to simulate attacker tactics, techniques, and procedures
• Strong knowledge of networking and network protocols
• Intermediate working knowledge of operating systems and scripting and/or coding

Nice To Haves

• Bachelor’s degree in an applicable discipline such as Computer Science, Cybersecurity, or Information Technology
• Strong understanding of information security concepts (both technical and organizational requirements)
• Highly ethical and expected to maintain a level of professionalism at all times
• Intermediate working knowledge in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products
• Prior experience with and demonstrable aptitude for quickly learning new technical skills
• Experience training others to ensure they have basic knowledge of and ability to use function-specific tools and systems
• Ability to analyze and draw conclusions based on quantitative data from multiple sources
• Penetration testing-specific or Cybersecurity domain-related industry-recognized certification

Responsibilities

• Complete penetration testing (primarily Grey & White Box testing) of web applications, Application Programming Interfaces (APIs), hardware, and mobile.
• Define testing methods to meet the scope and goals of assigned penetration tests.
• Gather intelligence to better understand how target works and its potential vulnerabilities.
• Understand breach and attack simulation solutions and work with the team to validate controls effectiveness.
• Document and formally report testing initiative findings.
• Maintain tools and scripts used in penetration testing and red team processes.
• Effectively educate and train Cybersecurity teams on new tactics, techniques, and procedures to ensure technology applications and services are not at risk of compromise or will leak information.
• Collaborate across Cybersecurity and Technology teams to leverage intelligence sources, identify new threats, improve tool usage and workflow, and mature monitoring and response capabilities.
• Identify areas of opportunities in daily tasks to advance penetration testing skills and regularly learn new tactics, techniques, procedures to assess risk and implement and validate controls as necessary.
• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite.
• Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis.
• Identify risk-related issues needing escalation to management.
• Promote an environment that supports belonging and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Benefits

• competitive benefits ranging from medical and retirement to forty hours of paid volunteer time, each year.