Cybersecurity Operations Center (CSOC) Defense Analyst

  • M&T Bank
  • Buffalo, NY, USA
  • Oct 26, 2020
Full time Banking Engineering Information Technology

Job Description

  • M&T Bank’s Cybersecurity Operations Center provides 24x7x365 cyber monitoring for the enterprise.  It is the first line for all monitoring and defensive activities, simultaneously serving as a hub and coordinator for critical events.  The Cybersecurity Operations Defense Analyst will monitor industry standard tools, including SIEM, IPS/IDS, user behavioral analytics, endpoint detection and response (EDR), among others to maintain M&T Bank’s security posture.  Events will be analyzed and correlated to identify trends, impacts, and potential compromises for escalation and remediation.  The Analyst will also be asked to act as an event coordinator for routine and critical incident calls, linking areas throughout Cybersecurity to mitigate potential or realized threats.   

    Primary Responsibilities:

    • Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
    • Support development, implementation and execution of various operational risk and compliance-related initiatives, systems and processes.
    • Assist in providing centralized governance, compliance and risk management expertise to business lines, support functions and managers concerning information security and privacy regulatory compliance and/or risk management and Information Technology and Bank Operations on applicable information security and privacy regulations concerning financial institutions.
    • With collaboration from senior team members, provide guidance, testing plans and/or survey documents to be used by all business units ensuring conformance to established compliance, regulatory, best practice and risk management programs.
    • Identify potential conformance issues, review with supervisor or senior professionals and provide to functional areas requiring improvements.
    • Responsible for extensive contact with Operations, Technology and business unit personnel in a
    • training and auditing capacity.
    • Support functions, systems and processes critical to meet regulatory, legal and risk mitigation requirements to reduce risk of fines and penalties resulting from non-compliance impacting profitability.
    • Interact with various internal and external audit and regulatory examination personnel.
    • May assist with replies to questionnaires sent to the Bank and follow-up on questions or comments to external agencies when required.
    • Work under general supervision of more experienced personnel while being afforded opportunity to exercise independent judgment and discretion.
    • Responsible for regular interaction with non-management, middle management, certain senior management, business units and partners.
    • May interact with outside teams and external professional organizations supporting areas of expertise.
    • Assist with documenting and communicating proposed new approaches, methods, technologies or breakthroughs in area of expertise.
    • Represent information security governance, compliance and risk management function on committees, ad-hoc projects as assigned.
    • Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite.  Identify risk-related issues needing escalation to management.
    • Promote an environment that supports diversity and reflects the M&T Bank brand.
    • Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
    • Complete other related duties as assigned.

    Education and Experience Required:

    Combined minimum of 4 years’ higher education and/or work experience, including a minimum of 1 years’ relevant work experience in two (2) or more of these Cybersecurity domains: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security Operations

    Understanding of System Development Life Cycle (SDLC), networking concepts and protocols and network security methodologies

    Knowledge of application development support software and hardware platforms

    Knowledge of mainframe, distributed computing environments and network security architecture concepts including topology, protocols, components and principles

    Problem analysis and problem resolution skills

    Experience quickly learning new technical skills

    Knowledge of cybersecurity, privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)

    Knowledge of Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), attack methodologies and traffic flows for threats and vulnerabilities

    Education and Experience Preferred:

    Associates’ degree in an applicable discipline

    Minimum of 2 years’ relevant work experience in two (2) or more of these Cybersecurity domains: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security Operations

    Knowledge of the Bank's application development support software and hardware platforms

    Technical understanding of mainframe and/or distributed computing environments

    Prior experience with and demonstrated aptitude for quickly learning new technical skills, supporting systems, tools and processes

    Experience participating in technical analysis walkthroughs


    Amherst, New York, United States of America