Cybersecurity Vulnerability Assessment Specialist
Buffalo, NY, United States
Full Time Mid-level / Intermediate USD 79K - 131K
M&T Bank
With a community bank approach, M&T Bank helps people reach their personal and business goals with banking, mortgage, loan and investment services.This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Buffalo, NY Tech Hub.
Overview:Responsible for analyzing and identifying potential vulnerabilities through complex analysis on vulnerability management tools, and responsible for creating risk-based remediation plans that maintain the security of the organization's information systems and business processes.
Primary Responsibilities:
- Design and execute comprehensive scans on vulnerability management tools, and document findings to provide a risk-based approach to remediation of simple and complex vulnerabilities.
- Scan configuration of assigned systems and networks to ensure compliance with internal policies and best practices, document findings, and develop remediation plan.
- Analyze database activities and performance to identify anomalous or suspicious behavior, and partner with cross-functional teams to investigate and remediate these activities accordingly.
- Analyze results from active and network vulnerability scans to identify potential exploits, misconfigurations, and attacks; prioritize validated vulnerabilities for remediation.
- In partnership with technology and risk, create vulnerability management policies and standards for technology teams to use when developing, deploying, and monitoring infrastructure.
- Conduct infrastructure testing efforts and analyze results to ensure technology teams are compliant with vulnerability policies and standards for development and deployment of infrastructure.
- Create and recommend best practices to technology teams on how to improve or implement new security practices, tools, and techniques based on assessment outcomes and industry standards to protect the bank from vulnerabilities.
- Generate and analyze detailed metrics to provide insights to cybersecurity leadership and teams, including but not limited to rate of recurrence, scan coverage, and reports identifying technical and procedural findings.
- Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
- Promote an environment that supports diversity and reflects the M&T Bank brand.
- Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
- Complete other related duties as assigned.
Scope of Responsibilities:
- Partners with peers, manager, cybersecurity organization, and technology teams
- Leverages established directions, policies, and guidelines to accomplish work. Work is reviewed for accuracy and overall quality.
- Intermediate knowledge of all vulnerability scanning and assessment tools
- Advanced understanding of multiple vulnerability scanning and assessment tools
- Advanced understanding of industry best practices related to vulnerability and patch management.
- Trains analyst to intermediate level knowledge of vulnerability scanning and assessment tools, and industry best practices.
Manager Responsibilities:
No supervisory responsibilities.
Education and Experience Required:
- Bachelor's degree and a minimum of 2 years’ relevant work experience, or in lieu of a degree, a combined minimum of 6 years’ higher education and/or work experience
- Strong written and verbal communication skills
- Ability to effectively communicate technical information to technical stakeholders.
- Experience effectively collaborating with peers and leaders within department and with peers across the organization.
- Prior experience quickly learning new technical skills.
Education and Experience Preferred:
- Intermediate Cybersecurity certifications such as Cybersecurity Analyst (CySA+), Certified Ethical Hacker (CEH), or Cybersecurity domain-related industry-recognized certification (DoD Level I)
- Demonstrated experience working in a highly regulated industry (e.g., finance, healthcare, government)
- Experience evaluating, analyzing, and synthesizing large quantities of data (which may be fragmented and contradictory) and accurately determining the potential range and scope of threats.
- Proven experience thinking critically and solving problems.
- Intermediate understanding of vulnerability concepts and practices, such as attack surfaces, network monitoring, and patch management
- Experience training analysts to ensure they have basic knowledge of and how to use security monitoring systems.
Tags: CEH Compliance DoD Exploits Finance Monitoring Vulnerabilities Vulnerability management Vulnerability scans
Perks/benefits: Competitive pay
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.