Senior Penetration Tester – Offensive Security

About the position

This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Wilmington, DE Tech Hub. The position involves searching for application weaknesses that are exploitable and partnering with technology, cybersecurity, and risk teams to remediate any found weaknesses. The role requires collaboration with technology teams when implementing new applications to help identify weaknesses before an attacker does.

Responsibilities

• Complete penetration testing (primarily Grey & White Box testing) of web applications, Application Programming Interfaces (APIs), hardware, and mobile.
• Define testing methods to meet the scope and goals of assigned penetration tests.
• Gather intelligence to better understand how target works and its potential vulnerabilities.
• Understand breach and attack simulation solutions and work with the team to validate controls effectiveness.
• Document and formally report testing initiative findings.
• Maintain tools and scripts used in penetration testing and red team processes.
• Effectively educate and train Cybersecurity teams on new tactics, techniques, and procedures to ensure technology applications and services are not at risk of compromise or will leak information.
• Collaborate across Cybersecurity and Technology teams to leverage intelligence sources, identify new threats, improve tool usage and workflow, and mature monitoring and response capabilities.
• Identify areas of opportunities in daily tasks to advance penetration testing skills and regularly learn new tactics, techniques, procedures to assess risk and implement and validate controls as necessary.
• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite.
• Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis.
• Identify risk-related issues needing escalation to management.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Requirements

• Bachelor's degree and a minimum of 3 years’ relevant work experience, or in lieu of a degree, a combined minimum of 7 years’ higher education and/or work experience.
• Intermediate working knowledge of penetration testing and red team tools to be able to simulate attacker tactics, techniques, and procedures.
• Strong knowledge of networking and network protocols.
• Intermediate working knowledge of operating systems and scripting and/or coding.

Nice-to-haves

• Bachelor’s degree in an applicable discipline such as Computer Science, Cybersecurity, or Information Technology.
• Strong understanding of information security concepts (both technical and organizational requirements).
• Highly ethical and expected to maintain a level of professionalism at all times.
• Intermediate working knowledge in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products.
• Prior experience with and demonstrable aptitude for quickly learning new technical skills.
• Experience training others to ensure they have basic knowledge of and ability to use function-specific tools and systems.
• Ability to analyze and draw conclusions based on quantitative data from multiple sources.
• Penetration testing-specific or Cybersecurity domain-related industry-recognized certification.

Benefits

• Competitive benefits ranging from medical and retirement to forty hours of paid volunteer time each year.