M&T Bank
Senior Application Security Engineer page is loaded
Senior Application Security Engineer
Apply remote type Hybrid Position locations Buffalo, NY time type Full time posted on Posted 7 Days Ago job requisition id R78680
This role offers a
hybrid
work schedule providing the opportunity for in-person collaboration at our
Buffalo, NY
location. Overview:
Responsible for capturing and refining information security requirements and ensures their integration into information technology component products and information systems through purposeful security design or configuration. Provides advanced working guidance to technology teams and leadership in the areas of secure coding, application authentication, encryption, and quickly research and become competent in other areas as needed. Primary Responsibilities:
Develop and implement engineerings technical security policies and procedures, and performance of security measures, Scan and test applications for potential vulnerabilities and non-compliance with security standards, Partner with engineering teams during code reviews to identify potential security vulnerabilities and advise strategies to develop more secure code, Integrate security tools and processes into the software development and operations (DevOps) pipeline, including automation of security checks and scans to identify and fix vulnerabilities early in the development process. Lead training sessions for technology teams in one-on-one coaching and large team training sessions on secure coding practices and information system security best practices. Configure and manage automated tools and solutions to address security weaknesses in applications, systems, and infrastructure. Partner closely with incident response teams to mitigate the impact of incidents from application security vulnerabilities and identify necessary steps to remediate findings. Proactively recommend process enhancements and implement prioritized improvements within Cybersecurity team to enhance application security capabilities. Track current events, technological advancements, and changes in the secure application development landscape to anticipate how attackers may change their tactics, and implement adjustments to internal technologies, policies, and procedures. Understand and adhere to the Companys risk and regulatory standards, policies, and controls in accordance with the Companys Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management. Promote an environment that supports belonging and reflects the M&T Bank brand. Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable. Complete other related duties as assigned. Scope of Responsibilities:
Partners primarily with individual contributors and leaders within Cybersecurity and Technology, and occasionally senior leaders within Cybersecurity. Determines and develops approach to solutions. Work is accomplished with periodic check-ins for alignment and limited direction. Work is evaluated upon completion to ensure objectives have been met. Proficient ability to use multiple Cybersecurity tools, specific to function. This role is used within Cybersecurity, typically in one of the following ways:
Application Security partners with engineers and developers to secure first-party and third-party code by reviewing the application, data, and systems it interacts with. Product Security secures products by ensuring they are designed, developed, and delivered in a secure manner".
Manager Responsibilities:
No supervisory responsibilities Education and Experience Required:
Bachelor's degree and a minimum of 3 years relevant work experience, or in lieu of a degree, a combined minimum of 7 years higher education and/or work experience, including a minimum of 5 years software development or application security Prior experience reviewing or fixing vulnerabilities identified using application security tools such as static application security testing (SAST), software composition analysis (SCA), interactive application security testing (IAST), dynamic application security testing (DAST), or application security posture management (ASPM) suite Intermediate understanding of the Software Development Life Cycle (SDLC) Ability to train technologist and people leaders at various levels on secure application development, both in person and virtually Excellent communication and interpersonal skills Education and Experience Preferred:
Intermediate experience reviewing or fixing vulnerabilities identified using application security tools such as static application security testing (SAST), software composition analysis (SCA), interactive application security testing (IAST), dynamic application security testing (DAST), or application security posture management (ASPM) suite Understanding of common software weaknesses that impact cloud and web applications, beyond the Open Worldwide Application Security Project (OWASP) Top 10 Demonstrable experience developing and maintaining automation for application security tasks and defect identification Experience developing enterprise applications Knowledge of secure configuration of cloud-native and containerized apps in one or more Cloud environments Certifications in the area of Application Security Proficient persuasive communication skills to gain buy-in of others in cybersecurity and technology teams Ability to create an effective learning environment that allows for maximum learner results Must be comfortable with providing 1-1 coaching for all levels of individual contributors and up to SVP management Ability to build and maintain effective relationships within and across multiple technical teams Prior experience utilizing continuous integration and continuous deployment (CI/CD) pipeline instrumentation Highly proficient at coding with one or two programming languages Highly proficient with Agile development methodologies and version control systems Experience defining and reviewing software security features and capabilities #LI-JB3 M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $93,581.10 - $155,968.51 Annual (USD). The successful candidates particular combination of knowledge, skills, and experience will inform their specific compensation.
Location
Buffalo, New York, United States of America
Similar Jobs (3)
Senior QA Engineer - IAM
remote type Hybrid Position locations Buffalo, NY time type Full time posted on Posted 30 Days Ago
Senior Penetration Tester Offensive Security
remote type Hybrid Position locations Buffalo, NY time type Full time posted on Posted 30 Days Ago
Senior Software Engineer (ServiceNow)
remote type Hybrid Position locations Buffalo, NY time type Full time posted on Posted 30+ Days Ago
Great companies have an enduring sense of purpose. At M&T, our purpose is a simple one:
make a difference in peoples lives and uplift the communities we serve . M&T Bank Corporation is a financial holding company headquartered in Buffalo, New York. M&Ts affiliates offer advice, guidance, expertise and solutions across the entire financial spectrum, combining M&T Banks traditional banking services with the wealth management and institutional capabilities offered by Wilmington Trust. M&T Bank has a network of over 1,000 branches and 2,200 ATMs that span 12 states from Maine to Virginia and Washington, D.C. For more than 165 years, M&T has strived to take an active role in our communities and build long-lasting relationships with our customers. We are a bank for communitiescombining the capabilities of a large bank with the care of a locally focused institution. As an employer of choice, we are proud to offer
competitive benefits
ranging from medical and retirement to forty hours of paid volunteer time, each year. Our core values integrity, ownership, collaboration, curiosity, and candor drive the work we do. We seek to further build upon our record of success by bringing in top talent and fresh skill sets while continuing to support the growth and development of all our team members. ViewM&Ts Human Capital Report to learn more. Ready to join our team?
Submit your application today! If you are unable to apply through this site due to technical issues or need an accommodation to apply, please contact us at careersitesupport@mtb.com for assistance. M&T Bank is unwavering when it comes to providing equal employment opportunities to all employees and applicants without regard to race, color, national origin, religion, ethnicity, sex, gender identity, age, disability, citizenship, pregnancy, veteran status, military status, marital status, sexual orientation, genetic information or any other characteristic protected under applicable federal, state or local laws. M&T Bank Corporation has policies and procedures in place to promote a drug free workplace. #J-18808-Ljbffr
Apply remote type Hybrid Position locations Buffalo, NY time type Full time posted on Posted 7 Days Ago job requisition id R78680
This role offers a
hybrid
work schedule providing the opportunity for in-person collaboration at our
Buffalo, NY
location. Overview:
Responsible for capturing and refining information security requirements and ensures their integration into information technology component products and information systems through purposeful security design or configuration. Provides advanced working guidance to technology teams and leadership in the areas of secure coding, application authentication, encryption, and quickly research and become competent in other areas as needed. Primary Responsibilities:
Develop and implement engineerings technical security policies and procedures, and performance of security measures, Scan and test applications for potential vulnerabilities and non-compliance with security standards, Partner with engineering teams during code reviews to identify potential security vulnerabilities and advise strategies to develop more secure code, Integrate security tools and processes into the software development and operations (DevOps) pipeline, including automation of security checks and scans to identify and fix vulnerabilities early in the development process. Lead training sessions for technology teams in one-on-one coaching and large team training sessions on secure coding practices and information system security best practices. Configure and manage automated tools and solutions to address security weaknesses in applications, systems, and infrastructure. Partner closely with incident response teams to mitigate the impact of incidents from application security vulnerabilities and identify necessary steps to remediate findings. Proactively recommend process enhancements and implement prioritized improvements within Cybersecurity team to enhance application security capabilities. Track current events, technological advancements, and changes in the secure application development landscape to anticipate how attackers may change their tactics, and implement adjustments to internal technologies, policies, and procedures. Understand and adhere to the Companys risk and regulatory standards, policies, and controls in accordance with the Companys Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management. Promote an environment that supports belonging and reflects the M&T Bank brand. Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable. Complete other related duties as assigned. Scope of Responsibilities:
Partners primarily with individual contributors and leaders within Cybersecurity and Technology, and occasionally senior leaders within Cybersecurity. Determines and develops approach to solutions. Work is accomplished with periodic check-ins for alignment and limited direction. Work is evaluated upon completion to ensure objectives have been met. Proficient ability to use multiple Cybersecurity tools, specific to function. This role is used within Cybersecurity, typically in one of the following ways:
Application Security partners with engineers and developers to secure first-party and third-party code by reviewing the application, data, and systems it interacts with. Product Security secures products by ensuring they are designed, developed, and delivered in a secure manner".
Manager Responsibilities:
No supervisory responsibilities Education and Experience Required:
Bachelor's degree and a minimum of 3 years relevant work experience, or in lieu of a degree, a combined minimum of 7 years higher education and/or work experience, including a minimum of 5 years software development or application security Prior experience reviewing or fixing vulnerabilities identified using application security tools such as static application security testing (SAST), software composition analysis (SCA), interactive application security testing (IAST), dynamic application security testing (DAST), or application security posture management (ASPM) suite Intermediate understanding of the Software Development Life Cycle (SDLC) Ability to train technologist and people leaders at various levels on secure application development, both in person and virtually Excellent communication and interpersonal skills Education and Experience Preferred:
Intermediate experience reviewing or fixing vulnerabilities identified using application security tools such as static application security testing (SAST), software composition analysis (SCA), interactive application security testing (IAST), dynamic application security testing (DAST), or application security posture management (ASPM) suite Understanding of common software weaknesses that impact cloud and web applications, beyond the Open Worldwide Application Security Project (OWASP) Top 10 Demonstrable experience developing and maintaining automation for application security tasks and defect identification Experience developing enterprise applications Knowledge of secure configuration of cloud-native and containerized apps in one or more Cloud environments Certifications in the area of Application Security Proficient persuasive communication skills to gain buy-in of others in cybersecurity and technology teams Ability to create an effective learning environment that allows for maximum learner results Must be comfortable with providing 1-1 coaching for all levels of individual contributors and up to SVP management Ability to build and maintain effective relationships within and across multiple technical teams Prior experience utilizing continuous integration and continuous deployment (CI/CD) pipeline instrumentation Highly proficient at coding with one or two programming languages Highly proficient with Agile development methodologies and version control systems Experience defining and reviewing software security features and capabilities #LI-JB3 M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $93,581.10 - $155,968.51 Annual (USD). The successful candidates particular combination of knowledge, skills, and experience will inform their specific compensation.
Location
Buffalo, New York, United States of America
Similar Jobs (3)
Senior QA Engineer - IAM
remote type Hybrid Position locations Buffalo, NY time type Full time posted on Posted 30 Days Ago
Senior Penetration Tester Offensive Security
remote type Hybrid Position locations Buffalo, NY time type Full time posted on Posted 30 Days Ago
Senior Software Engineer (ServiceNow)
remote type Hybrid Position locations Buffalo, NY time type Full time posted on Posted 30+ Days Ago
Great companies have an enduring sense of purpose. At M&T, our purpose is a simple one:
make a difference in peoples lives and uplift the communities we serve . M&T Bank Corporation is a financial holding company headquartered in Buffalo, New York. M&Ts affiliates offer advice, guidance, expertise and solutions across the entire financial spectrum, combining M&T Banks traditional banking services with the wealth management and institutional capabilities offered by Wilmington Trust. M&T Bank has a network of over 1,000 branches and 2,200 ATMs that span 12 states from Maine to Virginia and Washington, D.C. For more than 165 years, M&T has strived to take an active role in our communities and build long-lasting relationships with our customers. We are a bank for communitiescombining the capabilities of a large bank with the care of a locally focused institution. As an employer of choice, we are proud to offer
competitive benefits
ranging from medical and retirement to forty hours of paid volunteer time, each year. Our core values integrity, ownership, collaboration, curiosity, and candor drive the work we do. We seek to further build upon our record of success by bringing in top talent and fresh skill sets while continuing to support the growth and development of all our team members. ViewM&Ts Human Capital Report to learn more. Ready to join our team?
Submit your application today! If you are unable to apply through this site due to technical issues or need an accommodation to apply, please contact us at careersitesupport@mtb.com for assistance. M&T Bank is unwavering when it comes to providing equal employment opportunities to all employees and applicants without regard to race, color, national origin, religion, ethnicity, sex, gender identity, age, disability, citizenship, pregnancy, veteran status, military status, marital status, sexual orientation, genetic information or any other characteristic protected under applicable federal, state or local laws. M&T Bank Corporation has policies and procedures in place to promote a drug free workplace. #J-18808-Ljbffr