M&T Bank
Global Security Operations Center Manager (Buffalo, NY)
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About M&T Bank
M&T Bank is a full-service commercial bank based in the U.S., founded in 1856 in Buffalo, New York. Originally established to serve the local manufacturing sector, it has grown into a super-regional bank with over 960 branches across 12 states and Washington, D.C. The bank employs approximately 22,000 people and has total assets of $208 billion, making it one of the top 20 U.S. commercial banks by assets. M&T Bank offers a range of traditional banking services, including personal and business banking, wealth management, and institutional services. The bank emphasizes straightforward products and responsible lending, focusing on customer experience and community needs. It is committed to community reinvestment, sustainability, and supporting local organizations. M&T Bank operates several subsidiaries, including Wilmington Trust and M&T Equipment Finance Corporation, to provide comprehensive financial solutions.
Security at M&T Bank
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“M&T Bank's Application Security (AppSec) mission involves "capturing and refining information security requirements". The team partners with engineers and developers to secure both first-party and third-party code, integrating security tools and processes into the DevOps pipeline. Their risk philosophy focuses on identifying risks to systems, data, and assets to prioritize information security activities. Key goals include the "automation of security checks and scans to identify and fix vulnerabilities early"and proactively recommending and implementing process enhancements. A consolidated, public statement of the AppSec team's formal mission beyond role-level job descriptions is not publicly available.”
Security Team
The organizational structure and reporting line for M&T Bank's AppSec team are not publicly available. The key public-facing leader is Tim Byrd, who "joined M&T Bank in 2023 as the Chief Information Security Officer (CISO)". The estimated team size is not publicly available, as LinkedIn searches returned individual profiles but no authoritative count. As of, there is 1 active AppSec-specific job posting (Senior Application Security Engineer, Job ID: R78522). Common skill and tool patterns from job postings include experience with SAST, SCA, IAST, DAST, continuous integration and continuous deployment (CI/CD) pipeline instrumentation, and proficiency in one or two programming languages. Publicly available information lacks an organizational chart, a published list of AppSec leaders beyond the enterprise CISO, and an enumerated team headcount.
Key Initiatives
M&T Bank does not have publicly available evidence of a Security Champions Program. Their "Shift Left"practices involve integrating security tools and processes into the DevOps pipeline and automating security checks and scans to identify and fix vulnerabilities early. The vulnerability management process includes a HackerOne bug bounty program covering "any public-facing system owned, operated, or controlled by M&T Bank", with a 1-day first response and 2-day triage SLA. Time to resolution depends on severity and complexity. The AppSec team also partners with incident response teams to mitigate incident impact. Secure SDLC artifacts are indicated by an "Intermediate understanding of the Software Development Life Cycle (SDLC)"and the integration of "security checks and scans"and "CI/CD pipeline instrumentation". No public announcements or blog posts describing new AppSec programs, tool rollouts, or policy changes in the past six months were found, though hiring for AppSec (job posting R78522) occurred in December 2025. There is no public evidence for a formal Security Champions program, detailed SLAs beyond HackerOne, or named AppSec tooling vendors.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.