This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Buffalo, NY Tech Hub.Overview:Searches for application, system, and infrastructure weaknesses that are exploitable, and partners with technology, cybersecurity, and risk teams to remediate any found weaknesses. Creates secure development strategies in partnership with cybersecurity teams and technology leaders to enhance ability to improve organizational security posture.Primary Responsibilities:
Guide the development of red team strategy, long-term planning, and capability growth aligned with organizational risk priorities.
Lead complex, multi-vector red team operations simulating advanced persistent threats (APTs) to assess the organization’s detection, prevention, and response capabilities.
Develop and execute full-scope adversary emulation scenarios, leveraging MITRE ATT&CK and threat intelligence to replicate real-world threat actor TTPs.
Design and maintain custom tooling, scripts, and infrastructure for red team campaigns while adhering to strict operational security (OPSEC) practices.
Mentor junior and mid-level red teamers, setting technical direction, establishing standards, and conducting after-action reviews.
Perform stealth assessments using techniques to evade detection by modern security controls (e.g., EDR, SIEM, NDR).
Serve as a subject matter expert for adversarial tradecraft, staying current with evolving TTPs, red team frameworks, and industry trends.
Develop strategic framework for tools and scripts used in penetration testing and red team processes.
Foster strong partnerships with Cybersecurity and Technology teams to ensure technology applications and services are not at risk of compromise or will leak information.
Lead collaboration efforts with Cybersecurity and Technology teams and leadership to leverage intelligence sources, identify new threats, improve tool usage and workflow, and mature monitoring and response capabilities.
Lead improvement initiatives within Cybersecurity team, implementing industry best practices and optimizing processes to enhance penetration testing and overall security capabilities.
Promote an environment that supports diversity and reflects the M&T Bank brand. Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable. Complete other related duties as assigned. Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.Scope of Responsibilities:
Engages in regular interaction with senior management and associated staff within Internal Audit, Compliance, Risk Management, and Technology.
Exercises judgement in selecting methods, techniques, and criteria in executing objectives. Exerts significant latitude in determining objective of assignment. Takes calculated risks with consultation from other subject matter experts. Work is accomplished with minimal direction.
Advanced working knowledge of penetration testing and red team tools.
Advanced working knowledge of networking and network protocols.
Advanced working knowledge of operating systems and scripting and/or coding.
The position provides guidance and mentoring to less experienced and peer team members up to and including development and training efforts.
Education and Experience Required:
Bachelor's degree and a minimum of 7 years’ relevant work experience, or in lieu of a degree, a combined minimum of 11 years’ higher education and/or work experience.
Prior experience with advanced penetration testing and red team tools to be able to simulate attacker complex tactics, techniques, and procedures.
Advanced working knowledge of networking and network protocols
Advanced working knowledge of operating systems and scripting and/or coding
Education and Experience Preferred:
Master's degree in an applicable discipline such as Computer Science, Cybersecurity, or other science, technology, engineering, and mathematics (STEM) function
Extensive knowledge and experience in information security concepts (both technical and organizational requirements)
Highly ethical and expected to maintain a level of professionalism at all times.
Advanced working knowledge in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products
Excellent ability to strategically learn new technical skills, and apply broadly across systems, tools, and processes.
Experience training penetration tester to ensure they have advanced knowledge of penetration testing and red team concepts, tools, and ability to simulate attacker complex tactics, techniques, and procedures.
Advanced ability to analyze large datasets through statistical techniques and draw valuable conclusions.
Experience in engagement of communities of interest, to include publication and presentation of research and work.
Penetration testing-specific or Cybersecurity domain-related industry-recognized certification
M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $130,795.52 - $217,992.53 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.LocationBuffalo, New York, United States of AmericaM&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer, including disabilities and veterans.