Lead Web Application Penetration Tester jobs in United States
cer-icon
Apply on Employer Site
company-logo

M&T Bank · 1 month ago

Lead Web Application Penetration Tester

positionWilmington, DE
timeFull-time
remoteHybrid
senioritySenior Level, Lead/Staff
money$122K/yr - $203K/yr
date5+ years exp

M&T Bank is a financial institution seeking a Lead Web Application Penetration Tester to enhance their cybersecurity measures. The role involves conducting penetration tests, collaborating with various teams to improve security protocols, and educating staff on the latest cybersecurity tactics.

Financial Services
check
H1B Sponsor Likelynote

Responsibilities

Complete penetration testing or red team/adversarial exploitation exercises of web applications, Application Programming Interfaces (APIs), hardware, and mobile
Perform reconnaissance, social engineering, initial access, and post-exploitation activities across internal and external environments
Develop and deploy custom payloads, exploits, and tools for use during engagements, including client-side, server-side, and lateral movement scenarios
Contribute to purple team exercises by sharing red team findings and collaborating with detection engineering and incident response teams to improve defensive capabilities
Document detailed findings, attack paths, and security gaps with clear recommendations for mitigation and risk reduction
Stay current on emerging TTPs, CVEs, and adversary tradecraft, especially in the context of web and cloud exploitation techniques
Define testing methods to meet the scope and goals of assigned penetration tests
Understand breach and attack simulation solutions and work with the team to validate controls effectiveness
Effectively educate and train Cybersecurity teams on new tactics, techniques, and procedures to ensure technology applications and services are not at risk of compromise or will leak information
Collaborate across Cybersecurity and Technology teams to leverage intelligence sources, identify new threats, improve tool usage and workflow, and mature monitoring and response capabilities
Identify areas of opportunities in daily tasks to advance penetration testing skills and regularly learn new tactics, techniques, procedures to assess risk and implement and validate controls as necessary
Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management
Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable
Complete other related duties as assigned

Qualification

Penetration TestingRed Team ToolsNetworking ProtocolsOperating SystemsScripting/CodingSocial EngineeringApplication SecurityThreat AnalysisCybersecurity Certification

Required

Bachelor's degree and a minimum of 5 years' relevant work experience, or in lieu of a degree, a combined minimum of 9 years' higher education and/or work experience
Prior experience penetration testing and red team tools to be able to simulate attacker tactics, techniques, and procedures
Advanced knowledge of networking and network protocols
Intermediate working knowledge of operating systems and scripting and/or coding
Intermediate working knowledge of penetration testing and red team tools

Preferred

Bachelor's degree in an applicable discipline such as Computer Science, Cybersecurity, or Information Technology
Extensive understanding of information security concepts (both technical and organizational requirements)
Highly ethical and expected to maintain a level of professionalism at all times
Intermediate working knowledge in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture, and a wide array of commercial and bring-your-own (BYO) products
Excellent ability to strategically learn new technical skills, and apply broadly across systems, tools, and processes
Experience training penetration tester to ensure they have intermediate knowledge of penetration testing and red team concepts, tools, and ability to simulate attacker tactics, techniques, and procedures
Strong ability to analyze and draw reliable conclusions based on large volumes of quantitative data from diverse sources
Penetration testing-specific or Cybersecurity domain-related industry-recognized certification

Company

M&T Bank

twitter
Glassdoor3.6
company-logo
Great companies have an enduring sense of purpose.
dateFounded in 1856
location
Buffalo, New York, US
people-size10001+ employees
web-link
http://www.mtb.com

H1B Sponsorship

M&T Bank has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (116)
2024 (113)
2023 (84)
2022 (103)
2021 (42)

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
René Jones
Chairman & Chief Executive Officer
linkedin
leader-logo
Dan Saper
•Co-Founder/Co-Chairman of Welcome to M&T Bank Affinity Group, Western New York Chapter
linkedin

Recent News

thefly.com
M&T Bank assumed with an Overweight at Piper Sandler
2025-10-07
PR Newswire
M&T Bank Unveils 'Team M&T' to Power Its Sports Marketing Strategy
2025-10-06
vermontbiz.com
Registration now open for the 2026 M&T Bank Vermont City Marathon & Relay and Half Marathon Unplugged
2025-10-03
Company data provided by crunchbase