Apply on Employer Site

M&T Bank · 2 days ago

Senior Application Security Engineer

United States

Full-time

Remote

Mid, Senior Level

$94K/yr - $156K/yr

5+ years exp

M&T Bank is committed to enhancing its cybersecurity capabilities, and they are seeking a Senior Application Security Engineer. This role involves capturing and refining information security requirements, integrating them into IT products, and providing guidance on secure coding and application security practices.

Financial Services

H1B Sponsor Likely

Hiring Manager

Jenna Bissonette

Responsibilities

Develop and implement engineering’s technical security policies and procedures, and performance of security measures

Scan and test applications for potential vulnerabilities and non-compliance with security standards

Partner with engineering teams during code reviews to identify potential security vulnerabilities and advise strategies to develop more secure code

Integrate security tools and processes into the software development and operations (DevOps) pipeline, including automation of security checks and scans to identify and fix vulnerabilities early in the development process

Lead training sessions for technology teams in one-on-one coaching and large team training sessions on secure coding practices and information system security best practices

Configure and manage automated tools and solutions to address security weaknesses in applications, systems, and infrastructure

Partner closely with incident response teams to mitigate the impact of incidents from application security vulnerabilities and identify necessary steps to remediate findings

Proactively recommend process enhancements and implement prioritized improvements within Cybersecurity team to enhance application security capabilities

Track current events, technological advancements, and changes in the secure application development landscape to anticipate how attackers may change their tactics, and implement adjustments to internal technologies, policies, and procedures

Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management

Promote an environment that supports belonging and reflects the M&T Bank brand

Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable

Complete other related duties as assigned

Qualification

Application SecuritySecure CodingVulnerability AssessmentSoftware Development Life CycleCloud SecurityAutomation DevelopmentAgile MethodologiesTraining SkillsCommunication SkillsInterpersonal Skills

Required

Bachelor's degree and a minimum of 3 years' relevant work experience, or in lieu of a degree, a combined minimum of 7 years' higher education and/or work experience, including a minimum of 5 years software development or application security

Prior experience reviewing or fixing vulnerabilities identified using application security tools such as static application security testing (SAST), software composition analysis (SCA), interactive application security testing (IAST), dynamic application security testing (DAST), or application security posture management (ASPM) suite

Intermediate understanding of the Software Development Life Cycle (SDLC)

Ability to train technologist and people leaders at various levels on secure application development, both in person and virtually

Excellent communication and interpersonal skills

Preferred

Intermediate experience reviewing or fixing vulnerabilities identified using application security tools such as static application security testing (SAST), software composition analysis (SCA), interactive application security testing (IAST), dynamic application security testing (DAST), or application security posture management (ASPM) suite

Understanding of common software weaknesses that impact cloud and web applications, beyond the Open Worldwide Application Security Project (OWASP) Top 10

Demonstrable experience developing and maintaining automation for application security tasks and defect identification

Experience developing enterprise applications

Knowledge of secure configuration of cloud-native and containerized apps in one or more Cloud environments

Certifications in the area of Application Security

Proficient persuasive communication skills to gain buy-in of others in cybersecurity and technology teams

Ability to create an effective learning environment that allows for maximum learner results

Must be comfortable with providing 1-1 coaching for all levels of individual contributors and up to SVP management

Ability to build and maintain effective relationships within and across multiple technical teams

Prior experience utilizing continuous integration and continuous deployment (CI/CD) pipeline instrumentation

Highly proficient at coding with one or two programming languages

Highly proficient with Agile development methodologies and version control systems

Experience defining and reviewing software security features and capabilities

Company

M&T Bank

Glassdoor3.6

Great companies have an enduring sense of purpose.

Founded in 1856

Buffalo, New York, US

10001+ employees

http://www.mtb.com

H1B Sponsorship

M&T Bank has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (116)

2024 (113)

2023 (84)

2022 (103)

2021 (42)