Lead Cybersecurity Engineer - Identity Access

This role is four days onsite at our Seneca One Buffalo, NY location, with the flexibility to work from home one day per week

Overview:   

The Lead Cybersecurity Engineer provides technical leadership for enterprise application infrastructure and platform operations, ensuring secure, reliable, and resilient environments across on‑premises and SaaS platforms. This role leads modernization efforts, supports Windows and Linux deployments, collaborates with security and infrastructure teams, and provides operational oversight, incident support, and audit readiness for critical systems.

Primary Responsibilities:

• Serve as the technical lead and subject matter expert for enterprise application infrastructure and platform operations
• Lead modernization initiatives for the application platform, including:
  • Infrastructure modernization
  • Platform upgrades and version migrations
  • Architecture improvements for scalability, performance, and resiliency
• Maintain and support the existing on‑premises environment, ensuring uptime, reliability, and security
• Mentors, trains, and coaches team members, providing hands‑on technical leadership, incident support, and audit readiness for critical systems
• Support deployments across Windows Server and Linux environments
• Install, configure, manage, and tune its supporting components, including - Application servers, Databases, Connectors, and integrations
• Plan and execute upgrades, patches, and hotfixes, including impact analysis, testing, and rollback planning
• Collaborate with IAM, security, and infrastructure teams to align architecture with enterprise security standards
• Support the operational management of SaaS application, including - Platform configuration and administration, Integration with internal teams, coordination with the SaaS vendor for support, upgrades, and issue resolution
• Performs SQL queries and analysis to support troubleshooting, reporting, and operational insights
• Troubleshoot complex and infrastructure issues across development, test, and production environments
• Develop and maintain runbooks, alert response procedures, dashboards, and operational documentation
• Lead and mentor other engineers supporting operations
• Develop and maintain technical documentation, standards, and operational procedures
• Support audit, compliance, and risk management activities related to identity systems
• Participate in on‑call or escalation support as required for critical IAM services

• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
• Promote an environment that supports belonging and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Scope of Responsibilities:

• This role is used in one or more of the following cybersecurity function:
  • Identity and Access Engineering – develops and manages the architecture, automation, and control mechanisms for provisioning of least privilege access for employees and contractors to internal and 3rd party systems, applications, and data sources.
• Partners primarily with individual contributors and leaders within Cybersecurity and Technology, occasionally senior leaders within Cybersecurity
• Exercises judgement in selecting methods, techniques, and criteria in executing objectives. Exerts significant latitude in determining objective of assignment. Work is accomplished with limited direction.
• Advanced ability to use multiple Cybersecurity tools, specific to function.

Education and Experience Required:

• Bachelor's degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience

Education and Experience Preferred:

• Strong hands‑on experience with:
  • Infrastructure setup and maintenance
  • Platform upgrades and migrations
  • Performance tuning and troubleshooting
• Experience supporting on‑premises enterprise applications in production environments
• Solid understanding of IAM concepts, including:
  • Authentication and authorization
  • Identity lifecycle management
  • Role‑based access control (RBAC)
  • Access certifications and governance
• Experience working with application servers (e.g., Tomcat, WebLogic, WebSphere)
• Strong understanding of Linux/Unix environments
• Experience working with relational databases (Oracle, SQL Server, PostgreSQL)
• Experience administering or supporting SaaS‑based security platforms
• Ability to lead technical initiatives and coordinate across multiple teams
• Strong written and verbal communication skills

What Success Looks Like in This Role

• Stable, secure, and well‑maintained on‑prem environment
• Successful execution of IIQ modernization and upgrade initiatives
• Reduced operational risk and improved platform resilience
• Clear technical standards and documentation for Infrastructure
• Trusted technical leadership within the cybersecurity and WIAM teams

#LI-JB3 #Hybrid

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $116,400.00 - $194,000.00 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationBuffalo, New York, United States of America