Product Security Engineer
ClerkSalary not specified
- Full Time
- Internship
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Financial ServicesIndustries
Requirements
Candidates should possess a Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related discipline and a minimum of 5 years of relevant work experience. They must demonstrate experience developing and maintaining automation for product security tasks and defect identification, along with advanced knowledge of industry standards and frameworks such as OWASP, ISO 27001, GDPR, PCI DSS, and NIST. Strong experience with security testing tools and techniques, including fixing vulnerabilities, is required, as well as a background in cybersecurity, manual code review, static/dynamic code analysis, threat modeling, and vulnerability management. Familiarity with at least 2-3 programming languages – Java, C#, JavaScript, Python, PHP, Ruby, or Scala – is also necessary.
Responsibilities
As the Lead Product Security Engineer, you will collaborate with cross-functional teams to integrate security measures into the software development process, conducting code reviews, providing secure code guidance, and performing threat modeling. You will stay up to date on emerging threats and vulnerabilities, proactively recommending security enhancements, and partner with engineering teams to provide guidance and support to developers on secure coding practices and security best practices. Additionally, you will mentor product security engineers and DevSecOps professionals, assist in the development of software security processes, configure security tools, manage solutions for addressing vulnerabilities, build and support security documentation, utilize product security scanning tools, and develop analytics to evaluate and enhance the effectiveness of the vulnerability management program. Finally, you will communicate effectively with organizational leadership, conveying complex technical concepts clearly and concisely.
Skills
Security automation
OWASP
ISO 27001
GDPR
PCI DSS
NIST
Security testing tools
Vulnerability fixing
Code review
Static code analysis
Dynamic code analysis
Threat modeling
Bug bounty research
Vulnerability management
Java
C#
JavaScript
Python
PHP
Ruby
Scala
SAST
DAST
IAST
SCA
M&T Bank
Full-service banking for individuals and businesses
About M&T Bank
M&T Bank provides a variety of banking services to individuals, small businesses, and larger companies. Their offerings include mortgage assistance, personal and business checking accounts, and mobile banking options. The bank primarily operates in the Northeastern and Mid-Atlantic regions of the United States, emphasizing community engagement and a focus on customer service. M&T Bank's business model is based on traditional banking practices, such as loans, deposits, and investment products, and it generates revenue through interest income and service fees. A key aspect that sets M&T Bank apart from its competitors is its commitment to community involvement, which includes allowing employees to volunteer and supporting local organizations. The recent merger with United Bank, N.A. has further expanded their services and market presence.
Key Metrics
Buffalo, New YorkHeadquarters
1993Year Founded
IPOCompany Stage
Financial ServicesIndustries
10,001+Employees