Job details

Senior Penetration Tester – Offensive Security - job 2 of 2

Get a free resume review

This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Buffalo, NY Tech Hub.

Overview:

Searches for application weaknesses that are exploitable, and partners with technology, cybersecurity, and risk teams to remediate any found weaknesses. Collaborates with technology teams when implementing new applications to help the team identify weaknesses before an attacker does.

Primary Responsibilities:

Complete penetration testing (primarily Grey & White Box testing) of web applications, Application Programming Interfaces (APIs), hardware, and mobile.
Define testing methods to meet the scope and goals of assigned penetration tests.
Gather intelligence to better understand how target works and its potential vulnerabilities.
Understand breach and attack simulation solutions and work with the team to validate controls effectiveness.
Document and formally report testing initiative findings.
Maintain tools and scripts used in penetration testing and red team processes.
Effectively educate and train Cybersecurity teams on new tactics, techniques, and procedures to ensure technology applications and services are not at risk of compromise or will leak information.
Collaborate across Cybersecurity and Technology teams to leverage intelligence sources, identify new threats, improve tool usage and workflow, and mature monitoring and response capabilities.
Identify areas of opportunities in daily tasks to advance penetration testing skills and regularly learn new tactics, techniques, procedures to assess risk and implement and validate controls as necessary.
Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.

Promote an environment that supports diversity and reflects the M&T Bank brand.
Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
Complete other related duties as assigned.

Scope of Responsibilities:

Engages in regular interaction with middle management within Internal Audit, Compliance, Risk Management, and Technology.
Determines and develops approach to solutions. Work is evaluated upon completion to ensure objectives have been met. Work is accomplished with periodic check-ins for alignment and limited direction.
Basic knowledge of all penetration testing and red team tools.
Strong knowledge of networking and network protocols.
Intermediate working knowledge of operating systems and scripting and/or coding.

Education and Experience Required:

Bachelor's degree and a minimum of 3 years’ relevant work experience, or in lieu of a degree, a combined minimum of 7 years’ higher education and/or work experience.
Intermediate working knowledge of penetration testing and red team tools to be able to simulate attacker tactics, techniques, and procedures
Strong knowledge of networking and network protocols
Intermediate working knowledge of operating systems and scripting and/or coding

Education and Experience Preferred:

Bachelor’s degree in an applicable discipline such as Computer Science, Cybersecurity, or Information Technology
Strong understanding of information security concepts (both technical and organizational requirements)
Highly ethical and expected to maintain a level of professionalism at all times
Intermediate working knowledge in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products
Prior experience with and demonstrable aptitude for quickly learning new technical skills
Experience training others to ensure they have basic knowledge of and ability to use function-specific tools and systems
Ability to analyze and draw conclusions based on quantitative data from multiple sources
Penetration testing-specific or Cybersecurity domain-related industry-recognized certification

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $93,581.10 - $155,968.51 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

Location

Buffalo, New York, United States of America

Average salary estimate

$124774.5 / YEARLY (est.)

min

max

$93581K

$155968K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Senior Penetration Tester – Offensive Security, MTB

Are you ready to take the next step in your career as a Senior Penetration Tester with M&T Bank? Located in Buffalo, NY, this hybrid position offers the flexibility you need to work two days remotely, while also providing ample opportunity for in-person collaboration at our vibrant Tech Hub. In this dynamic role, you will dive deep into discovering application weaknesses that could be exploited, collaborating with tech, cybersecurity, and risk teams to reinforce defenses. Your day-to-day responsibilities will include executing penetration tests, primarily using Grey & White Box methodologies on a variety of platforms, including web applications, APIs, and mobile devices. You’ll be instrumental in defining testing approaches that align perfectly with project goals while gathering vital intelligence to spot potential vulnerabilities. Apart from documenting findings and working closely with cybersecurity teams to bolster defenses, you will have the unique opportunity to educate and train your peers in the latest tactics and techniques. Your input will drive continuous improvements in processes and tools, while you share ideas that enhance overall cybersecurity posture. With your strong background in networking and systems, along with a Bachelor's degree or equivalent experience, you'll be a key player in foundational security efforts. Join M&T Bank, where we promote an environment that values diversity and supports our brand ethos while keeping security at the forefront. Explore a challenging yet rewarding career path with competitive pay ranging from $93,581.10 to $155,968.51 annually – your contributions will truly matter here!

Frequently Asked Questions (FAQs) for Senior Penetration Tester – Offensive Security Role at MTB

What responsibilities will a Senior Penetration Tester at M&T Bank have?

As a Senior Penetration Tester at M&T Bank, you'll be responsible for executing penetration tests, primarily utilizing Grey & White Box methodologies on web applications, APIs, and mobile platforms. You'll define testing methods, gather intelligence on target vulnerabilities, validate control effectiveness through breach and attack simulations, and document your findings thoroughly. Your collaboration with technology and cybersecurity teams will enhance security protocols and also include educating your colleagues on the latest trends and tactics.