• Hands-on Development Support: Work day-to-day with developers and DevOps teams to integrate security into the application lifecycle, including design, refactoring, and re-engineering of applications in cloud environments.
• Security Best Practices: Lead the development and implementation of secure coding and development practices, including threat modeling, secure code reviews, and risk-based security assessments.
• Cloud Security Expertise: Provide deep technical guidance on cloud security, including identity and access management (IAM), encryption, network security, container security, and more.
• Leadership & Mentoring: Act as a player-coach by leading by example in technical engagements while mentoring junior security engineers and developers on secure coding and development practices.
• Compliance & Regulation: Ensure all application development meets the rigorous standards of the banking industry and adheres to regulatory requirements (e.g., FFIEC, NIST, GDPR, SOX).
• Risk Management: Identify, assess, and mitigate security risks throughout the application development lifecycle, ensuring proactive measures are in place to protect sensitive data and services.
• Collaboration: Work closely with cross-functional teams including product owners, system architects, and infrastructure teams to ensure security is built into the organization’s cloud solutions from the ground up.
• Security Automation: Champion the use of automation in security testing, secure CI/CD pipelines, and DevSecOps practices to enhance security posture and streamline processes.
• Incident Response: Be part of the team that develops response protocols for application security incidents and helps manage incident resolution, including root cause analysis and remediation.
• Continuous Improvement: Stay up-to-date on emerging security threats, security features across multiple cloud providers, and regulatory changes to continuously improve the security of applications and systems.
• Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite. Identify risk-related issues needing escalation to management.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Required Qualifications:

​

• Combined minimum of 10 years’ higher education and/or experience in systems design, management, and/or architecture
• Thorough understanding of the system development and infrastructure lifecycle and architecture, vendor best practices, IT Service Management, and systems design

​

Preferred Qualifications:

​

• Bachelor’s degree in Computer Science or Computer Engineering
• Minimum 10 years’ professional experience in a technical engineering position involving infrastructure design technologies, data management and interchange, system design and/or development for complex applications
• Ability to translate complex business/functional requirements into structured high quality implementations using any variety of industry standard approaches
• Demonstrated ability to develop alternative solutions to complex problems and recommend the best solution to the technology business, and project teams
• Deep expertise in cloud provider environments (Azure (preferred), AWS, and GCP)

The Bank sponsors individuals for TN and H-1B transfers on a case by case basis. Please note that this position is not open to anyone on an F-1 student visa including those eligible for CPT/OPT or the Stem OPT extension.

​

This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Buffalo, NY Tech Hub.

​

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $130,795.52 - $217,992.53 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.