M&T Bankposted about 2 months ago
$93,581 - $155,968/Yr
Full-time - Mid Level
Buffalo, NY
About the position
This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Buffalo, NY Tech Hub. Responsible for capturing and refining information security requirements and ensures their integration into information technology component products and information systems through purposeful security design or configuration. Provides advanced working guidance to technology teams and leadership in the areas of secure coding, application authentication, encryption, and quickly research and become competent in other areas as needed.
Responsibilities
- Develop and implement engineering’s technical security policies and procedures, and performance of security measures.
- Scan and test applications for potential vulnerabilities and non-compliance with security standards.
- Partner with engineering teams during code reviews to identify potential security vulnerabilities and advise strategies to develop more secure code.
- Integrate security tools and processes into the software development and operations (DevOps) pipeline, including automation of security checks and scans to identify and fix vulnerabilities early in the development process.
- Lead training sessions for technology teams in one-on-one coaching and large team training sessions on secure coding practices and information system security best practices.
- Configure and manage automated tools and solutions to address security weaknesses in applications, systems, and infrastructure.
- Partner closely with incident response teams to mitigate the impact of incidents from application security vulnerabilities and identify necessary steps to remediate findings.
- Proactively recommend process enhancements and implement prioritized improvements within Cybersecurity team to enhance application security capabilities.
- Track current events, technological advancements, and changes in the secure application development landscape to anticipate how attackers may change their tactics, and implement adjustments to internal technologies, policies, and procedures.
- Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite.
- Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis.
- Identify risk-related issues needing escalation to management.
- Promote an environment that supports diversity and reflects the M&T Bank brand.
- Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
- Complete other related duties as assigned.
Requirements
- Bachelor's degree and a minimum of 3 years’ relevant work experience, or in lieu of a degree, a combined minimum of 7 years’ higher education and/or work experience, including a minimum of 5 years software development or application security.
- Prior experience reviewing or fixing vulnerabilities identified using application security tools such as static application security testing (SAST), software composition analysis (SCA), interactive application security testing (IAST), dynamic application security testing (DAST), or application security posture management (ASPM) suite.
- Intermediate understanding of the Software Development Life Cycle (SDLC).
- Ability to train technologist and people leaders at various levels on secure application development, both in person and virtually.
- Excellent communication and interpersonal skills.
Nice-to-haves
- Intermediate experience reviewing or fixing vulnerabilities identified using application security tools such as static application security testing (SAST), software composition analysis (SCA), interactive application security testing (IAST), dynamic application security testing (DAST), or application security posture management (ASPM) suite.
- Understanding of common software weaknesses that impact cloud and web applications, beyond the Open Worldwide Application Security Project (OWASP) Top 10.
- Demonstrable experience developing and maintaining automation for application security tasks and defect identification.
- Experience developing enterprise applications.
- Knowledge of secure configuration of cloud-native and containerized apps in one or more Cloud environments.
- Certifications in the area of Application Security.
- Proficient persuasive communication skills to gain buy-in of others in cybersecurity and technology teams.
- Ability to create an effective learning environment that allows for maximum learner results.
- Must be comfortable with providing 1-1 coaching for all levels of individual contributors and up to SVP management.
- Ability to build and maintain effective relationships within and across multiple technical teams.
- Prior experience utilizing continuous integration and continuous deployment (CI/CD) pipeline instrumentation.
- Highly proficient at coding with one or two programming languages.
- Highly proficient with Agile development methodologies and version control systems.
- Experience defining and reviewing software security features and capabilities.
Benefits
- Medical benefits
- Retirement benefits
- Forty hours of paid volunteer time each year
- Competitive pay
- Diversity and inclusion initiatives
- Professional development opportunities
Hard Skills
Application Security
2
Application Data
1
CI/CD
1
Continuous Deployment
1
Product Security
1
7G6fcg2Oi nJym JI7gj4ylvqV3
0
7cEzXF t5wR3Zz8
0
9yUk2s8qfJI5 zNi6sjQ7E
0
ANrtT6GCQ tq5zKi
0
HeypWmKnO9Nc Oc0Cwadl3r
0
HkB39v8CX Ejnu5IMmD
0
N9I1nZxUAhi5 gCfQvzmyRF9
0
NosDuzUyY ivwHo0PZr
0
OR8cdHDo puZm3VYk086Q
0
QUi2VGPLd YCVgLO5jF
0
RdIM7nyc6vjX etEAFSWqZU
0
TSnN5H6zYPZ QKdSCkfTLmPyRG
0
WTrmeXRPi B5i6aOlFxMX4
0
Wfldb8v YcUbvRoahO
0
XJpOPz5GDlg3 syT8funQq
0
XTeWA1c2Kvb6 IQka012NU
0
aMDXu tBbdNkYSxUy
0
bjQYw2VK 8LG7FOSQ
0
bnGYwsd6FSEl DRxWHCK95 C4eOdnuK
0
bzklh BxEToad2mywC
0
cDEFkS6muGtY PgNtWKJd
0
dnjEQ3A Mm8dxaA
0
hpcd6gRUJ lbEf0mSqB
0
l5Ia9h1R0 MCmHxouQj
0
p4LE6DG NsBxV3OJWKf
0
qnvaM4Do0iSf oIPecxrWC
0
rJlwSoZCgAKs qamMj9EeO
0
s7hxCXEIQciW vCW0zjaSi
0
sz4OE t3ihWfeQM
0
t96IiWfd8z4j Od3BCs1FL
0
uwIUOnr2 oCAy065bP
0
wC3cSDPrj cSF46sPqH8Wu
0
wml8JHMR 8Np2Pe9Zh
0
wvQz4qe pEGR 4ITkd7QjVxA
0
xfIsDrz3Epqm 276RpzTVk yKxaCGMw
0
yI39icPGXtq7 aWnOQS4s X27HRZTk9
0
A Smarter and Faster Way to Build Your Resume