Cybersecurity Vulnerability Assessment Specialist II 9/19/2017
M & T Bank
JOB DESCRIPTIONAPPLY M&T Bank
Cybersecurity Vulnerability Assessment Specialist II
Location: Buffalo, NY
Perform complex security vulnerability assessments to identify, analyze, and report vulnerabilities. Back-up team lead as needed.
Conduct scans of network assets (e.g., hardware, servers, operating systems, and software) associated with applications and systems to identify vulnerabilities and assist team with complex scans where guidance and development may be needed.
Coordinate penetration testing activities and red team testing to identify and evaluate potential vulnerabilities in various information systems and hardware.
Coordinate static code testing and analysis to identify security flaws in coding.
Conducts scans and tests on a predetermined and adhoc basis and work with team to assist in training, development as it relates to cybersecurity vulnerability assessment
Identifies critical vulnerabilities within the network, information systems and applications that could be exploited.
Uses automated tools (e.g., Qualys, Nessus) to perform scans. Mentor junior analysts on cybersecurity vulnerability tools.
Validates report findings to reduce false positives.
Uses automated tools (e.g., Archer eGRC) to assign, track and escalate issues regarding vulnerability remediation.
Provides subject matter expertise regarding vulnerability management to asset owners.
Tracks and validates remedial actions.
Ensures compliance with information security policy and regulatory requirements.
Compiles and tracks vulnerabilities over time to provide historical trend reporting and key risk indicators.
Performs vulnerability management system administration functions as required.
Adheres to audit requirements.
Facilitates penetration testing with third party service providers on web-based applications, networks and computer systems.
Provides guidance, recommended controls, and countermeasures regarding risk management (or identified vulnerabilties)
Evaluates findings and associated risks from penetration tests, and communicate findings and recommended remediation with stakeholders.
Coordinates red team testing including results reporting, tracking findings, and remediation follow-up and escalation.
Manages security code reviews through SaaS.
Tracks findings from static code analysis and ensures coding issues are addressed in a timely manner.
Present periodic reports to management regarding the security posture of developed application code.
Use of independent judgment and discretion within assigned limits.
Act in place of team lead when needed.
Assist with training, development of junior resources.
Bachelors and 7 years of professional experience or in lieu of a Bachelor degree, a minimum of 11 years of professional experience.
2 years of experience in a Cybersecurity or Risk Management industry.
Experience with vulnerability management including scoring and categorizing vulnerabilities as they relate to various business applications.
Hands-on experience with security tools such as scanners, monitoring and detection, malware protection, security analysis tools and compliance tools (both network and host-based solutions).
Experience with static code analysis and common tool sets.
Current knowledge of the latest vulnerabilities and programming exploits.
Excellent written and oral communication and presentation skills
Ability to work as a team and relate to coworkers
Experience in cryptography, PKI, SSL, Key management, network security, systems security
Exceptional technical writing skills and attention to detail
Exceptional communication and advocacy skills, both verbal and written, with the ability to express complex and technical issues using clear and concise language
Ability to collaborate and communicate effectively and tactful with both business-oriented executives and technology-oriented personnel
Capable of working independently in unstructured situations
Experience with reverse engineering
Programming experience in one or more of the following languages: Ruby, Python, Perl, C, C , Java, and C#
Knowledge of network protocols and design
CISSP/GSEC/GSLC/GXPN/GPEN/OSCP/GWAPT or similar certifications
M&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer. M&T Bank Corporation does not sponsor individuals for the purpose of obtaining H-1 Visas. M&T Bank Corporation has policies and procedures in place to promote a drug free workplace.