Citizens
Senior Vulnerability Specialist
We are currently seeking a highly motivated, detail oriented, and customer focused individual to play a key role on the Cyber Defense – Infrastructure Vulnerability Management Team. You will be responsible for performing vulnerability and compliance scanning and analysis to aid Citizens in assessing the enterprise vulnerability posture and reducing the attack surface.
Working closely with business lines and infrastructure teams, you will directly contribute to the effort to identify, track, and remediate the open vulnerabilities (technical Vulnerabilities or build compliance deviations) on systems that store, process, or display Citizen’s data. It is critical that you understand technology operations as well as security operations, with a keen understanding of mitigating and compensating controls.
Responsibilities (not limited to)
Actively look for ways to improve the processes around the program to provide a best-of-breed, world-class service
Communicate security issues to a wide variety of internal and external customers, including technical teams, executives, risk groups, vendors, and regulators
Maintain a deep understanding of current threats, vulnerabilities, attacks, countermeasures and how to respond effectively, while providing training to the team on these items
Develop meaningful metrics to reflect the true posture of the environment to enable risk-based decision making
Improve the capabilities and maturity of the Citizens Vulnerability Management Program by identifying appropriate technologies, policies, communication channels, organizational structures, and relationships with third parties
Required Experience And Skills
5 years of progressive security industry experience
1–2 years of experience with QualysGuard Vulnerability Scanner (including API, VM, PC, CloudView, AssetView, Cloud Agent, and other modules) highly preferred
1–2 years of experience with other vulnerability management solutions (e.g., Tenable, Rapid7); ability to become a domain expert with Qualys within 3–6 months
Understanding of CVSS, CVE, CWE, CPE, CCE, OVAL, SCAP and other standards
Experience developing applications, automation scripts, or other solutions in at least one modern language (Python, PowerShell, Java, C/C++, Go, etc.)
Expert understanding of operating systems (Windows, UNIX, Linux, AIX, etc.) with emphasis on vulnerability assessment and hardening; subject matter expertise in at least one OS
Knowledge of security hardening, configuration management, change control/problem management, exception management and security baselines (e.g., CIS, NIST, vendor guides)
Practical knowledge of cloud security (AWS, Azure) and how to secure them
Fundamental networking knowledge
Experience fostering and maintaining relationships with key stakeholders and business partners
Self-motivation with the ability to work under minimal supervision
Ability to demonstrate manual testing experience including all of OWASP Top 10
Experience with common penetration testing and vulnerability assessment tools (e.g., nmap, Nessus, Burp Suite, Metasploit, ZAP) is a plus
Preferred Education And Certifications
One or more relevant security certifications (GEVA, GCIH, GCIA, OSCP, GPEN, GXPN, GWAPT, GWEB, CISSP, CISM, CISA, Security+ etc.)
Bachelor’s Degree or equivalent experience
Hours & Work Schedule Hours: Monday through Friday; 40 hours per week
Work arrangement: 4 days on-site, 1 remote
Pay Transparency The salary range for this position is $150,000-$175,000 per year plus the opportunity to earn an annual discretionary bonus. Actual pay is based on location, skills, and experience. We offer competitive pay and comprehensive benefits including medical, dental, vision, retirement, paid time off, and more. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits.
Equal Employment Opportunity Citizens, its parent, subsidiaries, and related companies provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, disability, race, gender, gender identity or expression, national origin, pregnancy, or any other category protected by law. Employment decisions are based on merit and qualifications.
Why Work for Us: At Citizens, you’ll find a customer-centric culture built around helping our customers and giving back to local communities. You’ll be part of a supportive and collaborative workforce with access to training and tools to grow your potential.
#J-18808-Ljbffr
Working closely with business lines and infrastructure teams, you will directly contribute to the effort to identify, track, and remediate the open vulnerabilities (technical Vulnerabilities or build compliance deviations) on systems that store, process, or display Citizen’s data. It is critical that you understand technology operations as well as security operations, with a keen understanding of mitigating and compensating controls.
Responsibilities (not limited to)
Actively look for ways to improve the processes around the program to provide a best-of-breed, world-class service
Communicate security issues to a wide variety of internal and external customers, including technical teams, executives, risk groups, vendors, and regulators
Maintain a deep understanding of current threats, vulnerabilities, attacks, countermeasures and how to respond effectively, while providing training to the team on these items
Develop meaningful metrics to reflect the true posture of the environment to enable risk-based decision making
Improve the capabilities and maturity of the Citizens Vulnerability Management Program by identifying appropriate technologies, policies, communication channels, organizational structures, and relationships with third parties
Required Experience And Skills
5 years of progressive security industry experience
1–2 years of experience with QualysGuard Vulnerability Scanner (including API, VM, PC, CloudView, AssetView, Cloud Agent, and other modules) highly preferred
1–2 years of experience with other vulnerability management solutions (e.g., Tenable, Rapid7); ability to become a domain expert with Qualys within 3–6 months
Understanding of CVSS, CVE, CWE, CPE, CCE, OVAL, SCAP and other standards
Experience developing applications, automation scripts, or other solutions in at least one modern language (Python, PowerShell, Java, C/C++, Go, etc.)
Expert understanding of operating systems (Windows, UNIX, Linux, AIX, etc.) with emphasis on vulnerability assessment and hardening; subject matter expertise in at least one OS
Knowledge of security hardening, configuration management, change control/problem management, exception management and security baselines (e.g., CIS, NIST, vendor guides)
Practical knowledge of cloud security (AWS, Azure) and how to secure them
Fundamental networking knowledge
Experience fostering and maintaining relationships with key stakeholders and business partners
Self-motivation with the ability to work under minimal supervision
Ability to demonstrate manual testing experience including all of OWASP Top 10
Experience with common penetration testing and vulnerability assessment tools (e.g., nmap, Nessus, Burp Suite, Metasploit, ZAP) is a plus
Preferred Education And Certifications
One or more relevant security certifications (GEVA, GCIH, GCIA, OSCP, GPEN, GXPN, GWAPT, GWEB, CISSP, CISM, CISA, Security+ etc.)
Bachelor’s Degree or equivalent experience
Hours & Work Schedule Hours: Monday through Friday; 40 hours per week
Work arrangement: 4 days on-site, 1 remote
Pay Transparency The salary range for this position is $150,000-$175,000 per year plus the opportunity to earn an annual discretionary bonus. Actual pay is based on location, skills, and experience. We offer competitive pay and comprehensive benefits including medical, dental, vision, retirement, paid time off, and more. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits.
Equal Employment Opportunity Citizens, its parent, subsidiaries, and related companies provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, disability, race, gender, gender identity or expression, national origin, pregnancy, or any other category protected by law. Employment decisions are based on merit and qualifications.
Why Work for Us: At Citizens, you’ll find a customer-centric culture built around helping our customers and giving back to local communities. You’ll be part of a supportive and collaborative workforce with access to training and tools to grow your potential.
#J-18808-Ljbffr