Vacancy expired!
About M&T Bank
At M&T Tech, we're a team of makers, doers, and builders, working to create the most advanced technology solutions in banking. We're not your stereotypical suit and tie bankers: we're an innovative team of leading tech experts, pushing boundaries, and taking risks. We're building an agile team of the most skilled and creative workers to solve complex problems, architect solutions, write high-performance software, and chart our new path, all to make the lives of our customers, and the communities that we serve, better. Join us and be part of something new as we build tomorrow's bank, today. Overview: Supports and assists in providing designs, information systems solutions, and technical direction in the development of new or existing Cybersecurity advanced threat programs to solve basic to complex problems or enhancements. Serves in coordination with principal application designers for major modifications effectively using analytical skills, technical skills, available technology and tools in the evaluation of client requirements and processes. May complete day-to-day support activities and special projects related to the identification, evaluation, analysis, and remediation of threat tactics, methodologies, processes, and activities. Provides solutions that are technologically sound and prioritized by risk and severity. Primary Responsibilities:- Characterize and analyze advanced threat data to identify anomalous activity and potential threats to network resources.
- Support the development, implementation, and execution of various advanced threat-related initiatives, systems, and processes.
- With collaboration from senior team members, provide guidance, testing plans, and/or analysis reporting to be used within the team and Cybersecurity Operations to ensure conformance to established compliance, regulatory, best practice, and risk management programs.
- Identify potential threats, review with more experienced personnel, and provide recommendations for functional and/or operational improvement.
- Responsible for coordination with more experienced personnel, Operations, Technology, and business unit personnel in an auditing, analysis, training, and outreach capacity.
- Responsible for supporting functions, systems, and processes critical to the Corporation's ability to identify, investigate, minimize, and defend against advanced threats.
- May interact with various internal and external audit, regulatory, privacy, and/or compliance personnel.
- Responsible for regular interaction with non-management, middle management, certain senior management, and business units and partners.
- May interact and coordinate initiatives with outside teams and external professional organizations supporting areas of expertise.
- Assist with documenting and communicating proposed new approaches, methods, technologies, or breakthroughs in area of expertise.
- Represents Information Security Governance, Compliance, and Risk Management function on committees, ad-hoc projects, etc. as assigned.
- Work independently on all high-level systems analysis and technical phases of development.
- Understand and adhere to the Company's risk and regulatory standards, policies and controls in accordance with the Company's Risk Appetite. Identify risk-related issues needing escalation to management.
- Promote an environment that supports diversity and reflects the M&T Bank brand.
- Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
- Complete other related duties as assigned.
- Combined minimum of 6 years' higher education and/or work experience, including a minimum of 3 years' relevant work experience in two or more of the following Cybersecurity domains: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and/or Security Operations
- Understanding of the System Development Life Cycle (SDLC)
- Detailed knowledge of Enterprise Information Security Architecture (EISA) and security strategy planning
- Detailed knowledge of tools, techniques, and methodologies analyzing and mitigating cyber attack stages, including reconnaissance, scanning, enumeration, access escalation, privilege escalation, exploitation, and obfuscation
- Prior experience completing complex problem analysis and problem resolution across multiple disciplines
- Prior experience with and demonstrable aptitude for quickly learning new technical skills and supporting systems, tools, and processes
- Experience with active participation in technical analysis walkthroughs
- Technical understanding of common networking and routing protocols, services, structures, architecture, and designs supporting modern communication networks
- Detailed knowledge of evaluating, analyzing, and synthesizing large quantities of data (which may be fragmented and contradictory) and accurately determining the potential range and scope of threats and contributing towards intelligence reporting
- Bachelor's degree in an applicable discipline
- Minimum of 4 years' relevant work experience in two or more of the following Cybersecurity domains: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and/or Security Operations
- Experience with tools, techniques, and methodologies analyzing and mitigating cyber attack stages, including: reconnaissance, scanning, enumeration, access escalation, privilege escalation, exploitation, and obfuscation
- Technical experience with common networking and routing protocols, services, structures, architecture, and designs supporting modern communication networks
- Experience with evaluating, analyzing, and synthesizing large quantities of data (which may be fragmented and contradictory) and accurately determining the potential range and scope of threats and assisting with development of high-quality intelligence reporting
- GCED (Certified Enterprise Defender), CEH (Certified Ethical Hacker), or platform-specific or Cybersecurity domain-related industry-recognized certification
- Competitive compensation
- Health, welfare, and retirement benefits
- 401(k) match at 5%
- Work-life balance and flexible work arrangements
- Up to 25 days PTO plus 12 paid holidays
Vacancy expired!