Lead Web Application Penetration Tester at M&T Bank

Buffalo, New York, United States

Apply Now
M&T Bank Logo
Not SpecifiedCompensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Banking, FinanceIndustries

Requirements

  • Experience with penetration testing methodologies and tools
  • Understanding of web application vulnerabilities (OWASP Top 10)
  • Knowledge of API security principles
  • Familiarity with red team/adversarial exploitation techniques
  • Ability to document findings and provide clear recommendations for remediation
  • Strong understanding of cybersecurity concepts and trends
  • Ability to educate and train technical teams on security best practices
  • Understanding of breach and attack simulation solutions
  • Ability to adhere to company risk and regulatory standards

Responsibilities

  • Complete penetration testing or red team/adversarial exploitation exercises of web applications, Application Programming Interfaces (APIs), hardware, and mobile
  • Perform reconnaissance, social engineering, initial access, and post-exploitation activities across internal and external environments
  • Develop and deploy custom payloads, exploits, and tools for use during engagements
  • Contribute to purple team exercises by sharing red team findings and collaborating with detection engineering and incident response teams
  • Document detailed findings, attack paths, and security gaps with clear recommendations for mitigation and risk reduction
  • Stay current on emerging TTPs, CVEs, and adversary tradecraft
  • Define testing methods to meet the scope and goals of assigned penetration tests
  • Understand breach and attack simulation solutions and work with the team to validate controls effectiveness
  • Educate and train Cybersecurity teams on new tactics, techniques, and procedures
  • Collaborate across Cybersecurity and Technology teams to leverage intelligence sources and improve monitoring and response capabilities
  • Identify areas of opportunities to advance penetration testing skills and regularly learn new tactics, techniques, procedures
  • Maintain M&T internal control standards and identify risk-related issues needing escalation to management
  • Promote an environment that supports diversity and reflects the M&T Bank brand

Skills

Penetration Testing
OWASP Top 10
API Security
Red Team
Social Engineering
Exploit Development
Purple Team
Breach Simulation
Custom Payloads

M&T Bank

Full-service banking for individuals and businesses

Website

About M&T Bank

M&T Bank provides a variety of banking services to individuals, small businesses, and larger companies. Their offerings include mortgage assistance, personal and business checking accounts, and mobile banking options. The bank primarily operates in the Northeastern and Mid-Atlantic regions of the United States, emphasizing community engagement and a focus on customer service. M&T Bank's business model is based on traditional banking practices, such as loans, deposits, and investment products, and it generates revenue through interest income and service fees. A key aspect that sets M&T Bank apart from its competitors is its commitment to community involvement, which includes allowing employees to volunteer and supporting local organizations. The recent merger with United Bank, N.A. has further expanded their services and market presence.

Buffalo, New YorkHeadquarters
1993Year Founded
IPOCompany Stage
Financial ServicesIndustries
10,001+Employees

Risks

Competition from fintechs could erode M&T Bank's market share among tech-savvy customers.
Integration challenges from the United Bank merger may disrupt operations.
Decreased prime rate could reduce interest income, impacting profitability.

Differentiation

M&T Bank emphasizes community engagement through its charitable foundation and volunteer programs.
The bank offers a wide range of traditional and digital banking services.
Recent merger with United Bank, N.A. expands M&T's market reach and service offerings.

Upsides

M&T Bank's $1.5 billion senior notes offering strengthens its financial position.
Decreased prime rate may attract more borrowers, increasing loan volume.
Shannon Lazare's appointment as New Jersey Regional President enhances local community engagement.

Related Jobs

Remote
Remote iconRemote

Staff Application Security Engineer (Security)

Phantom
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
San Antonio
Remote iconRemote

Senior Penetration Tester

Humana
Salary not specified
San Francisco
Remote iconRemote

Security Operations Lead

Earnest
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
United States
Remote iconRemote

Application Security Lead

Accurate Background
Salary not specified
  • Employment type iconFull Time
  • Experience level iconExpert & Leadership (9+ years)
San Francisco +2 more
Remote iconRemote

Security Engineer: App Sec Lead

Latent AI
Salary not specified
  • Employment type iconFull Time
  • Experience level iconJunior (1 to 2 years)
El Dorado Hills
Remote iconRemote

Senior Vulnerability Manager

Keeper Security
Salary not specified
Remote
Remote iconRemote

Team Lead (Compute Team)

Neon
Salary not specified
  • Employment type iconFull Time
  • Experience level iconJunior (1 to 2 years), Senior (5 to 8 years)
Remote
Remote iconRemote

Senior Engineer, App Security

Healthie
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
Remote
Remote iconRemote

Frontend Engineer - UpDoc

Pear VC
$150,000 - $200,000/year
  • Employment type iconFull Time
  • Experience level iconMid-level (3 to 4 years)

Land your dream remote job 3x faster with AI

Try Jobo Free