Lead Product Security Engineer

February 10

🏈 Alabama – Remote

Although this job is listed in Alabama, this company may be open to hiring remote in other states.

💵 $110.6k - $184.4k / year

⏰ Full Time

🟠 Senior

👮‍♂️ Security Engineer

Apply Now

Receive Emails with Similar Jobs

M&T Bank

WebsiteLinkedInAll Job Openings

M&T Bank is a leading regional bank that provides a range of financial services including personal and business banking, mortgages, lines of credit, investment services, and more. It is known for its customer satisfaction, especially with mobile banking, and provides educational resources to enhance financial literacy. M&T Bank is committed to community support, offering loans and grants to local businesses and housing assistance programs, reflecting its dedication to fostering local growth and diversity.

10,000+ employees

🏦 Banking

💸 Finance

💳 Fintech

📋 Description

• Support and participate in the building and implementation of software security controls in all stages of the product development life cycle. • Identify and mitigate software vulnerabilities through code reviews, security assessments, and threat modeling. • Ensure the security posture of our bank-wide infrastructure and products. • Collaborate with cross-functional teams to integrate security measures into the software development process. • Stay up to date on emerging threats and vulnerabilities, and proactively recommend security enhancements. • Partner with engineering teams and provide guidance and support to developers on secure coding practices. • Mentor product security engineers and DevSecOps professionals to ensure a strong security posture across all software development and deployments. • Assist in the development of software security processes, configuration of tools, and management of solutions to address vulnerabilities. • Build and support high quality security documentation for product security best practices. • Communicate effectively with all levels of organizational leadership.

🎯 Requirements

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity or applicable discipline and a minimum of 5 years of relevant work experience. • Demonstrable experience developing and maintaining automation for product security tasks and defect identification. • Advanced knowledge with industry standards and frameworks such as OWASP, ISO 27001, GDPR, PCI DSS, and NIST. • Advanced experience with security testing tools and techniques and fixing vulnerabilities. • Strong background in cybersecurity, manual code review, static/dynamic code analysis, threat modeling, bug bounty research and vulnerability management. • Experience with at least 2-3 of the following programming languages – Java, C#, JavaScript, Python, PHP, Ruby, Scala. • Hands-on experience with product security tools and exploit tools and methods. • Hands-on experience with product security testing tools such as SAST, DAST, IAST, SCA, and SBOM as well as experience with DevOps technologies such as CI/CD pipelines, repos, etc. • Excellent communication and leadership skills. • Capable of working on multiple projects of a complex nature. • Excellent problem-solving skills to assist in issue resolution. • Detail-oriented with excellent verbal and written communication skills, with prior experience presenting to the target audience. • Excellent organizational, teamwork, and time management skills. • Strong vertical thinking skills. • Experience recommending and implementing security solutions. • Experience driving project milestones and delivery dates. • Proven mentoring and leadership capabilities.

🏖️ Benefits

• Competitive benefits ranging from medical and retirement to forty hours of paid volunteer time, each year. • Promotes a drug free workplace.