This role is four days onsite at our Wilmington Center, Wilmington, DE location, with the flexibility to work from home one day per week

Overview:   

Responsible for gathering, analyzing, and interpreting intelligence data to identify potential threats to M&T Bank's security. Uses this information to proactively to inform how Cybersecurity should strengthen defenses, mitigate threats, and enhance security posture. Manages the end-to-end indicator of compromise (IOC) lifecycle (intake, normalization, enrichment, scoring, dissemination, and retirement) to ensure high-fidelity intelligence reaches security controls quickly and safely. 

Primary Responsibilities:

• Independently collect and analyze intelligence data from various sources 

• identify relevant information, and report findings to senior analysts and leaders for further review. 

• Define and maintain indicator quality standards (source reliability, scoring, false-positive handling, freshness/decay) and ensure governance is applied consistently 

• Monitor the IOC lifecycle: intake, normalization, de-duplication, enrichment, confidence scoring, deconfliction, expiration/TTL, and feedback loops. 

• Operationalize IOCs by partnering with Cybersecurity Operations Center/Hunt/Detection Engineering teams to convert intelligence into detections, blocklists, and response actions. 

• Document clear and concise threat intelligence findings into standardized format to incorporate into threat intelligence briefings for broader Cybersecurity team or leadership. 

• Contribute insights from internal analysis for intelligence sharing initiatives with other organizations, information sharing groups, and industry groups. 

• Analyze historical data and patterns to anticipate future threats and recommend proactive techniques to strengthen defenses. 

• Attribute observed activities to a specific threat actor or group based on known tactics, techniques, and procedures. 

• Monitor current events and emerging technologies to recognize potential correlations with evolving threat landscape, and communicate to cybersecurity teams to adjust internal technologies, policies, and procedures. 

• Engage with vendors for routine security products or solutions support. 

• Identify opportunities for tuning and development of threat intelligence platform’s rules, alerts, and correlation logic and share with security engineering. 

• Manage day-to-day operations of threat intelligence systems, ensuring they are calibrated and functioning as needed. 

• Collaborate across Cybersecurity and Technology to ensure appropriate threat intelligence is received and shared. 

• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management. 

• Complete other related duties as assigned

Scope of Responsibilities:

• Partners with peers, manager, and Cybersecurity team. 

• Leverages established directions, policies, and guidelines to accomplish work. Work is reviewed for accuracy and overall quality. 

• Determines and develops approaches to solutions. Work is evaluated upon completion to ensure objectives have been met. Work is accomplished with periodic check-ins for alignment and limited direction. 

• Working knowledge of Open-Source Intelligence (OSINT) and social monitoring tools, Threat Intelligence Platform (TIP), Darkweb and malware research tools and understands how intelligence is processed and distributed through an IOC pipeline into downstream security controls. 

Education and Experience Required:

• Bachelor's degree and a minimum of 3 years’ relevant work experience, or in lieu of a degree, a combined minimum of 7 years’ higher education and/or work experience

• Minimum of 1 years' experience utilizing tools, techniques, and methodologies analyzing and mitigating cyber-attack stages, including reconnaissance, scanning, enumeration, access escalation, privilege escalation, exploitation, and obfuscation

• Intermediate understanding of cyber-attack stages, including reconnaissance, scanning, enumeration, access escalation, privilege escalation, exploitation, and obfuscation  

Education and Experience Preferred:

• Understanding of different types of threat actors, and intermediate understanding of motivations and methodologies 

• Industry recognized cybersecurity or technology certifications 

• Technical understanding of networking and routing protocols, services, structures, architecture, and designs supporting modern communication networks 

• Experience evaluating, analyzing, and synthesizing large quantities of data which may be fragmented and contradictory and accurately determining the potential range and scope of threats. 

• Experience designing or operating IOC processing pipelines 

• Experience integrating intelligence with Security Incident and Event Management (SIEM) and Endpoint Detection and Response (EDR) workflows and validating efficacy via telemetry (hits, false positives, decay). 

• Experience establishing IOC governance and measurement. 

• Understanding of financial crimes and how threat intelligence can assist in its mitigation. 

#LI-JB3 #Hybrid

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $106,700.00 - $177,900.00 (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

Location

Wilmington, Delaware, United States of America