Lead Product Security Engineer

Overview

Remote
USD 110,635.01 - 184,391.68 per year
Full Time

Skills

Product Development
IT Transformation
Software Development Methodology
DevSecOps
Software Security
Documentation
Analytics
Organizational Leadership
Computer Science
Information Systems
OWASP
ISO/IEC 27001:2005
PCI DSS
Code Review
Threat Modeling
Research
Vulnerability Management
Programming Languages
Java
C#
JavaScript
Python
PHP
Ruby
Scala
Security QA
SCA
DevOps
Continuous Integration
Continuous Delivery
Conflict Resolution
Problem Solving
Issue Resolution
Attention To Detail
Communication
Presentations
Target Audience
Collaboration
Teamwork
Management
Mentorship
Leadership
Cyber Security
Penetration Testing
OSCP
Cisco Certifications
Software Development
Mobile Security
Testing
Mainframe
Encryption
Cloud Security
Cloud Computing
Amazon Web Services
Google Cloud Platform
Google Cloud
Microsoft Azure
Oracle

Job Details

Overview:

As the Lead Product Security Engineer at M&T Bank, you will support and participate in the building and implementation of software security controls in all stages of the product development life cycle. This role will offer you the opportunity to be involved with a wide range of responsibilities in transforming the software security culture and technologies. We are looking for a highly motivated, talented, and hands-on engineer who will be responsible for identifying and mitigating software vulnerabilities through code reviews, security assessments, threat modeling, and providing secure coding guidance to software engineers. This role is integral to our technology transformation journey, ensuring the security posture of our bank-wide infrastructure and products.

Primary Responsibilities:
  • Collaborate with cross-functional teams to integrate security measures into the software development process including conducting code reviews, secure code guidance, threat modeling
  • Stay up to date on emerging threats and vulnerabilities, and proactively recommend security enhancements.
  • Partner with engineering teams and provide guidance and support to developers on secure coding practices and security best practices.
  • Mentor product security engineers and DevSecOps professionals to ensure a strong security posture across all software development and deployments.
  • Assist in the development of software security processes, configuration of tools, and management of solutions to tactically address software security vulnerabilities.
  • Build and support high quality security documentation for product security best practices.
  • Utilize product security scanning tools to track, analyze, and manage vulnerabilities.
  • Develop analytics to evaluate and enhance the effectiveness of the vulnerability management program including, tools, technologies, policies.
  • Communicate effectively with all levels of organizational leadership, conveying complex technical concepts in a clear and concise manner.

Education and Experience Required:

Bachelor's degree in Computer Science, Information Systems, Cybersecurity or applicable discipline and a minimum of 5 years of relevant work experience.

Demonstrable experience developing and maintaining automation for product security tasks and defect identification.

Advanced knowledge with industry standards and frameworks such as OWASP, ISO 27001, GDPR, PCI DSS, and NIST.

Advanced experience with security testing tools and techniques and fixing vulnerabilities.

Strong background in cybersecurity, manual code review, static/dynamic code analysis, threat modeling, bug bounty research and vulnerability management. Experience with at least 2-3 of the following programming languages - Java, C#, JavaScript, Python, PHP, Ruby, Scala.

Hands-on experience with product security tools and exploit tools and methods.

Hands-on experience with product security testing tools such as SAST, DAST, IAST, SCA, and SBOM as well as experience with DevOps technologies such as CI/CD pipelines, repos, etc.

Excellent communication and leadership skills.

Capable of working on multiple projects of a complex nature

Excellent problem-solving skills to assist in issue resolution.

Detail-oriented with excellent verbal and written communication skills, with prior experience presenting to the target audience.

Excellent organizational, teamwork, and time management skills

Strong vertical thinking skills.

Experience recommending and implementing security solutions.

Experience driving project milestones and delivery dates.

Proven mentoring and leadership capabilities.

Education and Experience Preferred:

Cyber security certifications in the domain of product security or penetration testing (such as GWAPT, Google Cloud PlatformEN, OSCP, CSSLP, CCSP).

Proven experience in software development including architecture review & secure coding.

Familiarity with mobile security testing.

Strong understanding of mainframe, web productarchitectures, security protocols, and encryption.

Familiarity with cloud security principles and practices.

Experience running a bug bounty program.

Knowledge of Cloud platforms such as AWS, Google Cloud Platform, Azure, Oracle.

#LI-JB3 #Remote

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $110,635.01 - $184,391.68 Annual (USD). The successful candidate's particular combination of knowledge, skills, and experience will inform their specific compensation. The range listed above corresponds to our national pay range for this role. The specific pay range applicable to you may vary based on your location.

Location
Clanton, Alabama, United States of America
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.