The Senior Penetration Tester conducts penetration tests on web applications and APIs, identifies vulnerabilities, reports findings, and collaborates with cybersecurity teams to enhance security measures.
This role offers a hybrid work schedule at our Buffalo, NY Tech Hub.
Overview:Searches for application weaknesses that are exploitable, and partners with technology, cybersecurity, and risk teams to remediate any found weaknesses. Collaborates with technology teams when implementing new applications to help the team identify weaknesses before an attacker does.
Primary Responsibilities:- Complete penetration testing (primarily Grey & White Box testing) of web applications, Application Programming Interfaces (APIs), network, hardware, and mobile.
- Define testing methods to meet the scope and goals of assigned penetration tests.
- Gather intelligence to better understand how target works and its potential vulnerabilities.
- Understand breach and attack simulation solutions and work with the team to validate controls effectiveness.
- Document and formally report testing initiative findings.
- Maintain tools and scripts used in penetration testing and red team processes.
- Effectively educate and train Cybersecurity teams on new tactics, techniques, and procedures to ensure technology applications and services are not at risk of compromise or will leak information.
- Collaborate across Cybersecurity and Technology teams to leverage intelligence sources, identify new threats, improve tool usage and workflow, and mature monitoring and response capabilities.
- Identify areas of opportunities in daily tasks to advance penetration testing skills and regularly learn new tactics, techniques, procedures to assess risk and implement and validate controls as necessary.
- Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
- Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
- Complete other related duties as assigned.
- Engages in regular interaction with middle management within Internal Audit, Compliance, Risk Management, and Technology.
- Determines and develops approach to solutions. Work is evaluated upon completion to ensure objectives have been met. Work is accomplished with periodic check-ins for alignment and limited direction.
- Basic knowledge of all penetration testing and red team tools.
- Intermediate working knowledge of Web Application Penetration Testing tools such as Burp Suite Pro, and Open Source Tooling.
- Strong knowledge of networking and network protocols.
- Strong knowledge of web application attacks and best practices.
- Intermediate working knowledge of operating systems and scripting and/or coding.
- Bachelor's degree and a minimum of 3 years’ relevant work experience, or in lieu of a degree, a combined minimum of 7 years’ higher education and/or work experience.
- Intermediate working knowledge of penetration testing and red team tools to be able to simulate attacker tactics, techniques, and procedures
- Strong knowledge of networking and network protocols
- Intermediate working knowledge of operating systems and scripting and/or coding
- Bachelor’s degree in an applicable discipline such as Computer Science, Cybersecurity, or Information Technology
- Strong understanding of information security concepts (both technical and organizational requirements)
- Understanding and working knowledge of the OWASP Top 10 and other Security Testing Frameworks.
- Highly ethical and expected to maintain a level of professionalism at all times
- Intermediate working knowledge in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products
- Prior experience with and demonstrable aptitude for quickly learning new technical skills
- Experience training others to ensure they have basic knowledge of and ability to use function-specific tools and systems
- Ability to analyze and draw conclusions based on quantitative data from multiple sources
- Penetration testing-specific or Cybersecurity domain-related industry-recognized certification
#LI-JB3 #Hybrid
M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $97,100.00 - $161,800.00 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.LocationBuffalo, New York, United States of AmericaTop Skills
Burp Suite Pro
Penetration Testing Tools
Red Team Tools
Web Application Testing Tools
Similar Jobs
eCommerce • Food • Pet
The Supplier Quality Manager ensures high-quality raw materials by managing supplier qualification, conducting audits, and resolving quality issues through root cause analysis and risk assessment.
Top Skills:
Erp SoftwareQuality Management Systems (Qms)Statistical Process Control (Spc)
AdTech • Enterprise Web • Information Technology • Machine Learning • Marketing Tech • Sales
The Associate Account Manager drives revenue for mid-market publishers, optimizes yield, resolves issues, and engages with clients strategically while leveraging data insights from the OpenX platform.
Top Skills:
ExcelPowerPoint
Artificial Intelligence • Cloud • Computer Vision • Hardware • Internet of Things • Software
Sales Engineers at Samsara engage customers in logistics and IoT applications, bridging product management with field engineering to drive sales and ensure successful adoption of technology solutions.
Top Skills:
APIsDatabricksDelta LakeIotMlflowPythonSpark
What you need to know about the NYC Tech Scene
As the undisputed financial capital of the world, New York City is an epicenter of startup funding activity. The city has a thriving fintech scene and is a major player in verticals ranging from AI to biotech, cybersecurity and digital media. It also has universities like NYU, Columbia and Cornell Tech attracting students and researchers from across the globe, providing the ecosystem with a constant influx of world-class talent. And its East Coast location and three international airports make it a perfect spot for European companies establishing a foothold in the United States.
Key Facts About NYC Tech
- Number of Tech Workers: 549,200; 6% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Capgemini, Bloomberg, IBM, Spotify
- Key Industries: Artificial intelligence, Fintech
- Funding Landscape: $25.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Greycroft, Thrive Capital, Union Square Ventures, FirstMark Capital, Tiger Global Management, Tribeca Venture Partners, Insight Partners, Two Sigma Ventures
- Research Centers and Universities: Columbia University, New York University, Fordham University, CUNY, AI Now Institute, Flatiron Institute, C.N. Yang Institute for Theoretical Physics, NASA Space Radiation Laboratory
