Senior Application Security Engineer
M&T BankFull Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Candidates should have over 7 years of professional experience in application security, product security, or offensive security roles. A deep understanding of common application vulnerabilities like the OWASP Top 10 and their mitigation techniques is required, along with strong proficiency in auditing code in Python, Go, or JavaScript/TypeScript. Hands-on experience with SAST, DAST, IAST, and SCA security tools, solid understanding of security principles for cloud environments (GCP & AWS) and containerized services (Docker, Kubernetes), and proven experience integrating security into the SDLC are necessary. Strong analytical, problem-solving, incident response, and communication skills are also essential.
The Senior Application Security Engineer will perform security code reviews, vulnerability assessments, and penetration tests on web applications, mobile applications, and APIs. They will integrate and manage security tools within CI/CD pipelines, conduct threat modeling for new features, and triage, validate, and prioritize vulnerabilities. Responsibilities also include collaborating with engineering and product teams on secure solutions and remediation, developing security standards and documentation, managing security training for developers, developing custom scripts for security testing automation, and assisting in application security incident response activities.
Fraud prevention and compliance platform
Sardine.ai focuses on fraud prevention and compliance for banks, retailers, and fintech companies. Its platform offers tools for risk scoring, transaction monitoring, and customer due diligence, helping clients detect fraud and prevent money laundering. What sets Sardine.ai apart is its ability to monitor customer interactions for fraud signals, using data from over 35 providers to generate accurate risk scores. The company's goal is to enhance security and compliance for financial institutions and retailers.