|Published||June 25, 2021|
Location: This position will sit in Buffalo, NY or Millsboro, DE or has the ability to work remotely anywhere within the USA.
The Senior Cybersecurity Infrastructure Engineer provides designs, information systems solutions and highly technical direction in development of new or existing programs to solve basic to complex problems or enhancements. Serves as principal designer for major infrastructure modifications using analytical skills, technical skills, available technology, and tools in evaluation of client requirements and processes. Provides solutions that are technologically sound. May complete daily support activities and special projects. Often directs and monitors activities of less experienced staff. Coordinates with Cybersecurity teams, stakeholders, and leadership to provide framework, design, threat, posture analysis, and reporting. Provides advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.
- Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources and develop proactive solutions to maintain or improve security posture.
- Implement security policies to decrypt, inspect, protect, and defend web applications from external attack
- Support development, implementation, and execution of various operational risk and compliance-related initiatives, systems, and processes.
- With collaboration from senior team members, provide guidance, testing plans and/or survey documents used by business units ensuring conformance to established compliance, regulatory, best practice, and risk management programs.
- Identify potential conformance issues, review with supervisor or senior professionals and provide to functional areas requiring improvements.
- Responsible for extensive contact with Operations, Technology and business unit personnel in a training and auditing capacity.
- Support functions, systems and processes critical to meet regulatory, legal, and risk mitigation requirements and reduce risk of fines and penalties resulting from non-compliance impacting profitability.
- May interact with various internal and external audit and regulatory examination personnel.
- May assist with replies to questionnaires sent to the Bank and follow-up on questions or comments to external agencies when required.
- Provide guidance and mentoring to less experienced team members up to and including development and training efforts.
- Responsible for regular interaction with middle management, supervisors, associated staff, Internal Audit, Compliance, Risk Management, the Corporate Information Security Officer (CISO), Chief Counsel's Office (CCO), and/or other technology personnel, clients, and vendors.
- May interact, coordinate and lead initiatives with internal and outside teams and external professional organizations supporting areas of expertise.
- Oversee documentation and communication efforts through proposed new approaches, methods, technologies, or breakthroughs in area of expertise and coordinate efforts with less experienced team members to ensure accuracy and timeliness.
- May conduct, oversee and lead governance, compliance, and risk management functions, ad-hoc projects as a technical representative and subject matter expert (SME) on information security as assigned.
- Oversee, coordinate and leads activities of other Cybersecurity Network Defense team members on projects ranging in scope from small to large, with prior project lead activities.
- Monitor staff performance on assigned projects regarding overall abilities and effectiveness in completing projects within schedules and provides oversight and guidance to ensure timely and accurate project completion.
- Provide backup to higher management and may act on behalf or as a surrogate leader as required.
- Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite. Identify risk-related issues needing escalation to management.
- Promote an environment that supports diversity and reflects the M&T Bank brand.
- Complete other related duties as assigned.
Education and Experience Required:
- Associates’ degree in an applicable discipline and a minimum of 6 years’ relevant work experience in two (2) or more of the following Cybersecurity domains: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing, and Security Operations, or in lieu of a degree, a combined minimum of 8 years’ higher education and/or work experience, including a minimum of 6 years’ relevant experience in two (2) or more of the following Cybersecurity domains: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing, and Security Operations
- Detailed technical experience with Web Application Firewalls (WAF), Web Application and API Protection systems (WAAP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), attack methodologies, and traffic flows for threats and vulnerabilities
- Understanding of the System Development Life Cycle (SDLC), networking concepts and protocols, and network security methodologies
- Experience researching and recommending application development support software and hardware platforms through an understanding of client area function and deliverable requirements for current and future-state planning
- Detailed technical experience with mainframe, distributed computing environments, and network security architecture concepts including topology, protocols, components, and principles
- Prior experience and demonstrated aptitude for quickly learning multiple new technical skills and supporting multiple systems, tools, and processes
- Experience actively leading complex problem and technical analysis walkthroughs
- Detailed technical knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
- Experience acting as a surrogate team leader to assign, review, evaluate, and prioritize team efforts
- Education and Experience Preferred:
- Bachelor’s degree in an applicable discipline
- Experience with the Bank's application development support software and hardware platforms
- Experience introducing application development alternatives through an understanding of client area function and deliverable requirements for current and future-state planning
- Extensive technical experience with mainframe, virtual, and/or distributed computing environments
- CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified Risk and Information Systems Control) certification, and one or more Cybersecurity domain-related industry-recognized certification or concentration specialties
- Experience supporting multiple systems, tools, and processes
Buffalo, New York, United States of America