Application Security Manager

As the Manager of Application Security Management at M&T Bank, you will lead the implementation and management of enterprise security controls in all stages of the application development life cycle  and provide strategic technical leadership while  fostering a culture of operational excellence among the teams you lead. This role is integral to our technology transformation journey, ensuring the security posture of our bank-wide infrastructure and applications.
 

Key Responsibilities:

• Lead the Cybersecurity Application Security team to develop a comprehensive strategy and roadmap to improve application security and enable M&T to shift left to an integrated DevSecOps model

• Collaborate with cross-functional teams to integrate security measures into the software development process.

• Provide guidance and support to developers on secure coding practices and security best practices.

• Stay up to date on emerging threats and vulnerabilities, and proactively recommend security enhancements.

• Lead and mentor a team of application security and DevSecOps professionals to ensure a strong security posture across all applications and deployments.

• Own and manage Application Security Testing metric and remediation-related dashboards and reports.

• Own and manage application security scanning tools and vendor relationships.

• Develop analytics to evaluate and enhance the effectiveness of the vulnerability management program including, tools, technologies, policies.

• Communicate effectively with all levels of organizational leadership, conveying complex technical concepts in a clear and concise manner.

Minimum Required Qualifications:

• Bachelor’s degree and a minimum of 10 years’ of application development and cybersecurity domain experience, or in lieu of a degree, a combined minimum of 13 years’ higher education and/or work experience, including a minimum of 10 years’ of application development and cybersecurity experience.

• At least 5 years of technical supervisory or management experience, demonstrating the ability to lead and inspire cross-functional teams including management experience within application development and application security

Preferred Qualifications:

• Proven experience in application development and application security, including threat modeling, secure coding, and vulnerability management.

• Strong understanding of web application architectures, technologies, and protocols.

• Familiarity with industry standards and frameworks such as OWASP, ISO 27001, and NIST.

• Experience with security testing tools and techniques.

• Excellent communication and leadership skills.

• Strong background in software development, operations, and security.

• Hands-on experience with application security tools and technologies.

• Familiarity with cloud security principles and practices.

• Hands-on experience with application security testing tools such as SAST, DAST, IAST, SCA, and SBOM as well as experience with DevOps technologies such as CI/CD pipelines, repos, etc.