Citizens
Description
Senior Vulnerability Specialist
Location: Phoenix, AZ; Johnston, RI; Westwood, MA; Iselin, NJ; Plano, TX
Work Arrangement: Hybrid (4 days onsite, 1 day remote)
Schedule: Monday through Friday, 40 hours per week
Job Summary:
We are seeking a motivated, detail-oriented, and customer-focused professional to join our Cyber Defense - Infrastructure Vulnerability Management Team. This role is responsible for performing vulnerability and compliance scanning and analysis to assess the enterprise vulnerability posture and reduce the attack surface. You will work closely with business lines and infrastructure teams to identify, track, and remediate vulnerabilities and compliance deviations on systems that store, process, or display Citizens' data.
Key Responsibilities:
Continuously improve processes to deliver a best-in-class vulnerability management program
Communicate security issues to technical teams, executives, risk groups, vendors, and regulators
Maintain deep knowledge of current threats, vulnerabilities, attacks, and countermeasures
Provide training to team members on emerging threats and mitigation strategies
Develop meaningful metrics to reflect the true security posture of the environment
Enhance the maturity of the Vulnerability Management Program through technology, policy, and stakeholder engagement
Required Experience and Skills:
Minimum 5 years of progressive experience in the security industry
1 to 2 years of experience with QualysGuard (VM, PC, CloudView, AssetView, Cloud Agent, API) preferred
Experience with other vulnerability management tools (Tenable, Rapid7) acceptable with expectation to become a Qualys expert within 3 to 6 months
Strong understanding of CVSS, CVE, CWE, CPE, CCE, OVAL, SCAP, and related standards
Experience developing automation scripts or applications in Python, PowerShell, Java, C/C++, Go, or similar
Expertise in at least one operating system (Windows, UNIX, Linux, AIX) with a focus on vulnerability assessment and hardening
Knowledge of security hardening, configuration management, change control, and security baselines (CIS, NIST, vendor STIGs)
Practical knowledge of securing cloud environments (AWS, Azure)
Basic understanding of networking fundamentals
Proven ability to build and maintain relationships with stakeholders and business partners
Self-motivated and able to work independently
Experience with manual testing and OWASP Top 10
Familiarity with tools such as nmap, Wireshark, Nessus, NeXpose, Kali, Metasploit, AppScan, WebInspect, Burp Suite, Acunetix, Arachni, w3af, NTOSpider, ZAP Proxy, IronWASP is a plus
Preferred Education and Certifications:
Bachelor's degree or equivalent experience
One or more relevant certifications (GEVA, GCIH, GCIA, OSCP, GPEN, GXPN, GWAPT, GWEB, GSNA, LPT, Security+, CISSP, CISM, CISA)
Compensation:
Salary range: $120,000 to $140,000 annually
Eligible for annual discretionary bonus
Actual compensation based on location, skills, and experience
Benefits:
Comprehensive medical, dental, and vision coverage
Retirement benefits
Paid maternity and paternity leave
Flexible work arrangements
Education reimbursement
Wellness programs
Paid time off exceeding local and state requirements
For more information on our benefits, visit: https://jobs.citizensbank.com/benefits
#LI-Citizens1
Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.
Equal Employment Opportunity
Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.
Why Work for Us
At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth
Background Check
Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.
Senior Vulnerability Specialist
Location: Phoenix, AZ; Johnston, RI; Westwood, MA; Iselin, NJ; Plano, TX
Work Arrangement: Hybrid (4 days onsite, 1 day remote)
Schedule: Monday through Friday, 40 hours per week
Job Summary:
We are seeking a motivated, detail-oriented, and customer-focused professional to join our Cyber Defense - Infrastructure Vulnerability Management Team. This role is responsible for performing vulnerability and compliance scanning and analysis to assess the enterprise vulnerability posture and reduce the attack surface. You will work closely with business lines and infrastructure teams to identify, track, and remediate vulnerabilities and compliance deviations on systems that store, process, or display Citizens' data.
Key Responsibilities:
Continuously improve processes to deliver a best-in-class vulnerability management program
Communicate security issues to technical teams, executives, risk groups, vendors, and regulators
Maintain deep knowledge of current threats, vulnerabilities, attacks, and countermeasures
Provide training to team members on emerging threats and mitigation strategies
Develop meaningful metrics to reflect the true security posture of the environment
Enhance the maturity of the Vulnerability Management Program through technology, policy, and stakeholder engagement
Required Experience and Skills:
Minimum 5 years of progressive experience in the security industry
1 to 2 years of experience with QualysGuard (VM, PC, CloudView, AssetView, Cloud Agent, API) preferred
Experience with other vulnerability management tools (Tenable, Rapid7) acceptable with expectation to become a Qualys expert within 3 to 6 months
Strong understanding of CVSS, CVE, CWE, CPE, CCE, OVAL, SCAP, and related standards
Experience developing automation scripts or applications in Python, PowerShell, Java, C/C++, Go, or similar
Expertise in at least one operating system (Windows, UNIX, Linux, AIX) with a focus on vulnerability assessment and hardening
Knowledge of security hardening, configuration management, change control, and security baselines (CIS, NIST, vendor STIGs)
Practical knowledge of securing cloud environments (AWS, Azure)
Basic understanding of networking fundamentals
Proven ability to build and maintain relationships with stakeholders and business partners
Self-motivated and able to work independently
Experience with manual testing and OWASP Top 10
Familiarity with tools such as nmap, Wireshark, Nessus, NeXpose, Kali, Metasploit, AppScan, WebInspect, Burp Suite, Acunetix, Arachni, w3af, NTOSpider, ZAP Proxy, IronWASP is a plus
Preferred Education and Certifications:
Bachelor's degree or equivalent experience
One or more relevant certifications (GEVA, GCIH, GCIA, OSCP, GPEN, GXPN, GWAPT, GWEB, GSNA, LPT, Security+, CISSP, CISM, CISA)
Compensation:
Salary range: $120,000 to $140,000 annually
Eligible for annual discretionary bonus
Actual compensation based on location, skills, and experience
Benefits:
Comprehensive medical, dental, and vision coverage
Retirement benefits
Paid maternity and paternity leave
Flexible work arrangements
Education reimbursement
Wellness programs
Paid time off exceeding local and state requirements
For more information on our benefits, visit: https://jobs.citizensbank.com/benefits
#LI-Citizens1
Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.
Equal Employment Opportunity
Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.
Why Work for Us
At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth
Background Check
Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.