Lead Web Application Penetration Tester

This role offers a hybrid work schedule at our Buffalo, NY Tech Hub. Overview: Searches for application and system weaknesses that are exploitable, and partners with technology, cybersecurity, and risk teams to remediate any found weaknesses. Partners with technology leaders to train engineering and infrastructure teams to develop new applications and systems securely to ensure weaknesses are removed prior to implementation or software deployment. Primary Responsibilities: Complete penetration testing or red team/adversarial exploitation exercises of web applications, Application Programming Interfaces (APIs), hardware, and mobile. Perform reconnaissance, social engineering, initial access, and post-exploitation activities across internal and external environments. Develop and deploy custom payloads, exploits, and tools for use during engagements, including client-side, server-side, and lateral movement scenarios. Contribute to purple team exercises by sharing red team findings and collaborating with detection engineering and incident response teams to improve defensive capabilities. Document detailed findings, attack paths, and security gaps with clear recommendations for mitigation and risk reduction. Stay current on emerging TTPs, CVEs, and adversary tradecraft, especially in the context of web and cloud exploitation techniques. Define testing methods to meet the scope and goals of assigned penetration tests. Understand breach and attack simulation solutions and work with the team to validate controls effectiveness. Effectively educate and train Cybersecurity teams on new tactics, techniques, and procedures to ensure technology applications and services are not at risk of compromise or will leak information. Collaborate across Cybersecurity and Technology teams to leverage intelligence sources, identify new threats, improve tool usage and workflow, and mature monitoring and response capabilities. Identify areas of opportunities in daily tasks to advance penetration testing skills and regularly learn new tactics, techniques, procedures to assess risk and implement and validate controls as necessary. Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management. Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable. Complete other related duties as assigned. Scope of Responsibilities: Engages in regular interaction with senior management and associated staff within Internal Audit, Compliance, Risk Management, and Technology. Exercises judgement in selecting methods, techniques, and evaluation criteria in obtaining results. Exerts significant latitude in determining objective of assignment. Work is accomplished with limited direction. Intermediate working knowledge of penetration testing and red team tools. Advanced knowledge of networking and network protocols. Intermediate working knowledge of operating systems and scripting and/or coding. The position provides guidance and mentoring to less experienced team members. Education and Experience Required: Bachelor's degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience. Prior experience penetration testing and red team tools to be able to simulate attacker tactics, techniques, and procedures. Advanced knowledge of networking and network protocols Intermediate working knowledge of operating systems and scripting and/or coding Education and Experience Preferred: Bachelor’s degree in an applicable discipline such as Computer Science, Cybersecurity, or Information Technology Extensive understanding of information security concepts (both technical and organizational requirements) Highly ethical and expected to maintain a level of professionalism at all times Intermediate working knowledge in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture, and a wide array of commercial and bring-your-own (BYO) products. Excellent ability to strategically learn new technical skills, and apply broadly across systems, tools, and processes Experience training penetration tester to ensure they have intermediate knowledge of penetration testing and red team concepts, tools, and ability to simulate attacker tactics, techniques, and procedures Strong ability to analyze and draw reliable conclusions based on large volumes of quantitative data from diverse sources Penetration testing-specific or Cybersecurity domain-related industry-recognized certification M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $121,698.75 - $202,831.26 (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation. Location Wilmington, Delaware, United States of America Great companies have an enduring sense of purpose. At M&T, our purpose is a simple one: make a difference in people’s lives and uplift the communities we serve. M&T Bank Corporation is a financial holding company headquartered in Buffalo, New York. M&T’s affiliates offer advice, guidance, expertise and solutions across the entire financial spectrum, combining M&T Bank’s traditional banking services with the wealth management and institutional capabilities offered by Wilmington Trust. M&T Bank has a network of over 1,000 branches and 2,200 ATMs that span 12 states from Maine to Virginia and Washington, D.C. For more than 165 years, M&T has strived to take an active role in our communities and build long-lasting relationships with our customers. We are a bank for communities—combining the capabilities of a large bank with the care of a locally focused institution. As an employer of choice, we are proud to offer competitive benefits ranging from medical and retirement to forty hours of paid volunteer time, each year. Our core values – integrity, ownership, collaboration, curiosity, and candor – drive the work we do. We seek to further build upon our record of success by bringing in top talent and fresh skill sets while continuing to support the growth and development of all our team members. View M&T’s Human Capital Report to learn more. Ready to join our team? Submit your application today! If you are unable to apply through this site due to technical issues or need an accommodation to apply, please contact us at careersitesupport@mtb.com for assistance. M&T Bank is unwavering when it comes to providing equal employment opportunities to all employees and applicants without regard to race, color, national origin, religion, ethnicity, sex, gender identity, age, disability, citizenship, pregnancy, veteran status, military status, marital status, sexual orientation, genetic information or any other characteristic protected under applicable federal, state or local laws. M&T Bank Corporation has policies and procedures in place to promote a drug free workplace. Career Site Privacy Notice

Salary : $121,699 - $202,831