M&T Bank

Senior Application Security Engineer

United States

Not SpecifiedCompensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Banking, Financial ServicesIndustries

Overview

Responsible for capturing and refining information security requirements and ensures their integration into information technology component products and information systems through purposeful security design or configuration. Provides advanced working guidance to technology teams and leadership in the areas of secure coding, application authentication, encryption, and quickly research and become competent in other areas as needed.

Primary Responsibilities

  • Develop and implement engineering’s technical security policies and procedures, and performance of security measures.
  • Scan and test applications for potential vulnerabilities and non-compliance with security standards.
  • Partner with engineering teams during code reviews to identify potential security vulnerabilities and advise strategies to develop more secure code.
  • Integrate security tools and processes into the software development and operations (DevOps) pipeline, including automation of security checks and scans to identify and fix vulnerabilities early in the development process.
  • Lead training sessions for technology teams in one-on-one coaching and large team training sessions on secure coding practices and information system security best practices.
  • Configure and manage automated tools and solutions to address security weaknesses in applications, systems, and infrastructure.
  • Partner closely with incident response teams to mitigate the impact of incidents from application security vulnerabilities and identify necessary steps to remediate findings.
  • Proactively recommend process enhancements and implement prioritized improvements within Cybersecurity team to enhance application security capabilities.
  • Track current events, technological advancements, and changes in the secure application development landscape to anticipate how attackers may change their tactics, and implement adjustments to internal technologies, policies, and procedures.
  • Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
  • Promote an environment that supports belonging and reflects the M&T Bank brand.
  • Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
  • Complete other related duties as assigned.

Scope of Responsibilities

  • Partners primarily with individual contributors and leaders within Cybersecurity and Technology, and occasionally senior leaders within Cybersecurity.
  • Determines and develops approach to solutions. Work is accomplished with periodic check-ins for alignment and limited direction. Work is evaluated upon completion to ensure objectives have been met.
  • Proficient ability to use multiple Cybersecurity tools, specific to function.
  • This role is used within Cybersecurity, typically in one of the following ways:
    • Application Security – partners with engineers and developers to secure first-party and third-party code by reviewing the application, data, and systems it interacts with.
    • Product Security – secures products by ensuring they are designed, developed, and delivered in a secure manner.

Manager Responsibilities

  • No supervisory responsibilities

Education and Experience Required

  • Bachelor's degree and a minimum of 3 years’ relevant work experience, or in lieu of a degree, a combined minimum of 7 years’ higher education and/or work experience, including a minimum of 5 years software development or application security.
  • Prior experience reviewing or fixing vulnerabilities identified using application security tools such as static application security testing (SAST), software composition analysis (SCA), interactive application security testing (IAST), dynamic application sec.

Skills

Application Security
Secure Coding
Vulnerability Scanning
DevOps
Security Policies
Incident Response
Risk Management
Information Security

M&T Bank

Full-service banking for individuals and businesses

About M&T Bank

M&T Bank provides a variety of banking services to individuals, small businesses, and larger companies. Their offerings include mortgage assistance, personal and business checking accounts, and mobile banking options. The bank primarily operates in the Northeastern and Mid-Atlantic regions of the United States, emphasizing community engagement and a focus on customer service. M&T Bank's business model is based on traditional banking practices, such as loans, deposits, and investment products, and it generates revenue through interest income and service fees. A key aspect that sets M&T Bank apart from its competitors is its commitment to community involvement, which includes allowing employees to volunteer and supporting local organizations. The recent merger with United Bank, N.A. has further expanded their services and market presence.

Buffalo, New YorkHeadquarters
1993Year Founded
IPOCompany Stage
Financial ServicesIndustries
10,001+Employees

Risks

Competition from fintechs could erode M&T Bank's market share among tech-savvy customers.
Integration challenges from the United Bank merger may disrupt operations.
Decreased prime rate could reduce interest income, impacting profitability.

Differentiation

M&T Bank emphasizes community engagement through its charitable foundation and volunteer programs.
The bank offers a wide range of traditional and digital banking services.
Recent merger with United Bank, N.A. expands M&T's market reach and service offerings.

Upsides

M&T Bank's $1.5 billion senior notes offering strengthens its financial position.
Decreased prime rate may attract more borrowers, increasing loan volume.
Shannon Lazare's appointment as New Jersey Regional President enhances local community engagement.

Land your dream remote job 3x faster with AI