This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Buffalo, NY Tech Hub.
Overview: Responsible for conducting detailed analysis of most complex vulnerabilities and recommendations on advanced remediation plans to ensure the integrity and resilience of organization's security and information systems. Serves as most experienced vulnerability analyst by auditing analysis and reports, serving as an escalation point, and training newer/less-experienced analysts.
Primary Responsibilities:- Develop and refine testing methodologies for vulnerability scanning to provide comprehensive risk-based view of potential complex vulnerabilities, and lead implementation of new methodologies within team.
- Develop configuration scanning strategies that ensure compliance with internal policies and best practices and aligned with industry standards; lead configuration scanning of most complex systems and networks and build remediation plan for identified vulnerabilities.
- Identify advanced monitoring techniques to monitor database activities and performance and manage responses to detected issues in partnership with appropriate teams.
- Lead in-depth analysis of complex active and network vulnerability scans to identify potential exploits, misconfigurations, and attacks; partner with appropriate teams to execute remediation plans.
- In partnership with technology and risk, develop vulnerability management policies and standards and educate technology teams on how integrate into to developing, deploying, and monitoring infrastructure.
- Design and direct complex infrastructure testing frameworks to ensure technology teams are developing and deploying infrastructure in alignment with policies and standards.
- Formulate and recommend advanced best practices to technology teams on how to improve or implement new security practices, tools, and techniques based on industry standards and latest vulnerabilities to protect the bank from vulnerabilities.
- Produce and interpret complex reporting with recommendations for cybersecurity and technology senior leadership, including but not limited to audit reports identifying technical and procedural findings, common vulnerability score, and datasets for regulatory reporting.
- Understand and adhere to the Company's risk and regulatory standards, policies, and controls in accordance with the Company's Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
- Promote an environment that supports diversity and reflects the M&T Bank brand.
- Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
- Complete other related duties as assigned.
Scope of Responsibilities:- Partner with peers, manager, cybersecurity organization, technology teams, senior people leaders, and line of business senior leaders
- Exercises judgement in selecting methods, techniques, and evaluation criteria in obtaining results. Exerts significant latitude in determining objective of assignment. Work is accomplished with limited direction.
- Advanced knowledge of all vulnerability scanning and assessment tools
- Subject matter expert understanding of multiple vulnerability scanning and assessment tools.
- Subject matter expert understanding of industry best practices related to vulnerability and patch management.
- Trains analyst to subject matter expert level knowledge of vulnerability scanning and assessment tools, and industry best practices.
- Highest individual contributor escalation point in team
Manager Responsibilities: No supervisory responsibilities.
Education and Experience Required:- Bachelor's degree and a minimum of 5 years' relevant work experience, or in lieu of a degree, a combined minimum of 9 years' higher education and/or work experience
- Excellent communication and interpersonal skills
- Proven experience effectively communicating technical information to both non-technical and technical stakeholders, including up to senior leadership in Cybersecurity and Technology
- Experience effectively collaborating with leadership and with business partners across the organization.
- Proven experience with and demonstrable aptitude for quickly learning new technical skills
Education and Experience Preferred: - Advanced certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC), OffSec Certified Professional (OSCP), or Cybersecurity domain-related industry-recognized certification (DoD Level III)
- Demonstrated experience working in a highly regulated industry (e.g., finance, healthcare, government)
- Proven experience evaluating, analyzing, and synthesizing complex quantities of data (which may be fragmented and contradictory) and accurately determining the potential range and scope of threats and contributing towards intelligence reporting.
- Proficient level of thinking critically and able to lead problem solving.
- Advanced understanding of advanced vulnerability concepts and practices, such as vulnerability management solutions, asset identification and management, and mitigation management
- Experience training analysts to ensure they have advance knowledge of and how to use security monitoring systems.
#LI-JB3
M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $110,635.01 - $184,391.68 Annual (USD). The successful candidate's particular combination of knowledge, skills, and experience will inform their specific compensation.
LocationBuffalo, New York, United States of America
