Career Search

Cybersecurity Vulnerability Assessment Analyst - 3DIIK in Amherst, NY at M&T Bank

Date Posted: 5/9/2018

Job Snapshot

  • Employee Type:
  • Location:
    Amherst, NY
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
  • Job ID:

Job Description

M&T Bank
Cybersecurity Vulnerability Assessment Analyst
Location:  Buffalo, NY

Performs security vulnerability assessments to identify, analyze, and report vulnerabilities.  This includes:
Conduct scans of network assets (e.g., hardware, servers, operating systems, and software) associated with applications and systems to identify vulnerabilities
Coordinate penetration testing activities and red team testing to identify and evaluate potential vulnerabilities in various information systems and hardware.
Coordinate static code testing and analysis to identify security flaws in coding.
Conducts scans and tests on a predetermined and adhoc basis.
Identifies critical vulnerabilities within the network, information systems and applications that could be exploited.

Uses automated tools (e.g., Qualys, Nessus) to perform scans.

Validates report findings to reduce false positives.

Uses automated tools (e.g., Archer eGRC) to assign,  track and escalate issues regarding vulnerability remediation.
Tracks and validates remedial actions.
Ensures compliance with information security policy and regulatory requirements.
Compiles and tracks vulnerabilities over time to provide historical trend reporting and key risk indicators.

Performs vulnerability management system administration functions as required.

Adheres to audit requirements.
Facilitates penetration testing with third party service providers on web-based applications, networks and computer systems. 
Provides guidance, recommended controls, and countermeasures regrading risk management (or identified vulnerabilties).
Evaluates findings and associated risks from penetration tests, and communicate findings and recommended remediation with stakeholders.
Tracks findings from static code analysis and ensures coding issues are addressed in a timely manner.
Presents periodic reports to management regarding the security posture of developed application code.
Use of independent judgment and discretion within assigned limits.

Bachelor’s degree in Computer Science, Information Assurance or related discipline and a minimum of 2 years professional experience, or in lieu of a degree, a combined minimum of 6 years higher education and/or work experience including a minimum of 2 years professional experience. Prior cybersecurity experience.

Experience in cryptography, PKI, SSL, Key management, network security, systems security
Exceptional technical writing skills and attention to detail
Exceptional communication and advocacy skills, both verbal and written, with the ability to express complex and technical issues using clear and concise language
Ability to collaborate and communicate effectively and tactful with both business-oriented executives and technology-oriented personnel
Capable of working independently in unstructured situations
Experience with reverse engineering
Programming experience in one or more of the following languages:  Ruby, Python, Perl, C, C , Java, and C#
Knowledge of network protocols and design
CISSP/GSEC/GSLC/GXPN/GPEN/OSCP/GWAPT or similar certifications

M&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer.
M&T Bank Corporation does not sponsor individuals for the purpose of obtaining H-1 Visas.
M&T Bank Corporation has policies and procedures in place to promote a drug free workplace.