About Us:
M&T Bank is the 10th largest US national bank with a strong commitment to technological advancement and ensuring the utmost security for our customers' financial assets. As part of our ongoing technology transformation, we are modernizing our entire vulnerability management program to fortify our defenses against emerging cyber threats. We are seeking a dynamic and visionary player/coach to help spearhead our Attack Surface Management strategy and drive impactful outcomes across the bank.
Role Overview:
As the Principal Engineer - Cyber Attack Surface Management at M&T Bank, you will play a pivotal role in leading the operations, growth, and enhancement of our threat intelligence, vulnerability management and application security domains. This role is integral to our technology transformation journey, ensuring the security posture of our bank-wide infrastructure and applications.
Key Responsibilities:
Serve as the subject matter expert on the broader threat landscape within the banking industry, collaborating with internal and external partners to identify emerging trends and potential risks.
Serve as our SME on Attack Surface Management, review full attack surface and perimeters and provide solutions to areas of need accordingly.
Champion the importance of Attack Surface Management throughout the organization, providing actionable insights and recommendations to drive continuous improvement in our security posture.
Ensure the continuous operation of core capabilities including threat identification and monitoring, vulnerability lifecycle management, critical vulnerability triage, risk reporting, and consultation on mitigation techniques relevant to M&T Bank.
Mentor top technical talent, fostering a culture of innovation and excellence within the Attack Surface Management team.
Minimum Required Qualification
Bachelor’s degree and a minimum of 9 years’ cybersecurity domain experience, or in lieu of a degree, a combined minimum of 13 years’ higher education and/or work experience, including a minimum of 9 years’ cybersecurity experience.
Minimum of 9 years of experience in the cybersecurity domain, with a deep understanding of attacker tactics, techniques, and procedures specific to the financial sector.
Proficiency in understanding a comprehensive array of security tools including intrusion detection systems, firewalls, SIEM, EDR, web proxies, and network scanning technologies.
Understanding of new and modern Attack Surface Management tools and practices, third-party vendors in this space, and advancements in AI/ML and LLM technologies.
Strong familiarity with frameworks such as MITRE ATT&CK, Cyber Kill Chain, IoC ingestion, network penetration testing techniques, red teaming, and reverse engineering.
Experience with compliance standards such as PCI, GLBA, HIPAA, ISO, and NIST, ensuring adherence to regulatory requirements in the financial industry.
Experience in Application Security and DevSecOps practices, including familiarity with dependency scanning, CI/CD pipeline tools, and source code analysis tools.
Proven track record of collaborating across Information Security, GRC, and Engineering disciplines to improve vulnerability management architecture and integrate with existing processes and tooling.
Outstanding written and verbal communication skills, with the ability to influence and communicate effectively at all levels of the organization.
#ASM, #Cyber, #Penetesting, #Coud, #Security #AttackSurfaceManagement, #developer #LI-JB3
M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $136,787.30 - $227,978.83 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.LocationBuffalo, New York, United States of America