Citizens Financial Group, Inc.
Senior Vulnerability Specialist
Location: Phoenix, AZ; Johnston, RI; Westwood, MA; Iselin, NJ; Plano, TX Work Arrangement: Hybrid (4 days onsite, 1 day remote) Schedule: Monday through Friday, 40 hours per week Job Summary
We are seeking a motivated, detail-oriented, and customer-focused professional to join our Cyber Defense Infrastructure Vulnerability Management Team. This role is responsible for performing vulnerability and compliance scanning and analysis to assess the enterprise vulnerability posture and reduce the attack surface. You will work closely with business lines and infrastructure teams to identify, track, and remediate vulnerabilities and compliance deviations on systems that store, process, or display Citizens' data. Key Responsibilities
Continuously improve processes to deliver a best-in-class vulnerability management program Communicate security issues to technical teams, executives, risk groups, vendors, and regulators Maintain deep knowledge of current threats, vulnerabilities, attacks, and countermeasures Provide training to team members on emerging threats and mitigation strategies Develop meaningful metrics to reflect the true security posture of the environment Enhance the maturity of the Vulnerability Management Program through technology, policy, and stakeholder engagement Required Experience and Skills
Minimum 5 years of progressive experience in the security industry 1 to 2 years of experience with QualysGuard (VM, PC, CloudView, AssetView, Cloud Agent, API) preferred Experience with other vulnerability management tools (Tenable, Rapid7) acceptable with expectation to become a Qualys expert within 3 to 6 months Strong understanding of CVSS, CVE, CWE, CPE, CCE, OVAL, SCAP, and related standards Experience developing automation scripts or applications in Python, PowerShell, Java, C/C++, Go, or similar Expertise in at least one operating system (Windows, UNIX, Linux, AIX) with a focus on vulnerability assessment and hardening Knowledge of security hardening, configuration management, change control, and security baselines (CIS, NIST, vendor STIGs) Practical knowledge of securing cloud environments (AWS, Azure) Basic understanding of networking fundamentals Proven ability to build and maintain relationships with stakeholders and business partners Self-motivated and able to work independently Experience with manual testing and OWASP Top 10 Familiarity with tools such as nmap, Wireshark, Nessus, NeXpose, Kali, Metasploit, AppScan, WebInspect, Burp Suite, Acunetix, Arachni, w3af, NTOSpider, ZAP Proxy, IronWASP is a plus Preferred Education and Certifications
Bachelor's degree or equivalent experience One or more relevant certifications (GEVA, GCIH, GCIA, OSCP, GPEN, GXPN, GWAPT, GWEB, GSNA, LPT, Security+, CISSP, CISM, CISA) Compensation
Salary range: $120,000 to $140,000 annually Eligible for annual discretionary bonus Actual compensation based on location, skills, and experience Benefits
Comprehensive medical, dental, and vision coverage Retirement benefits Paid maternity and paternity leave Flexible work arrangements Education reimbursement Wellness programs Paid time off exceeding local and state requirements For more information on our benefits, visit: https://jobs.citizensbank.com/benefits
Location: Phoenix, AZ; Johnston, RI; Westwood, MA; Iselin, NJ; Plano, TX Work Arrangement: Hybrid (4 days onsite, 1 day remote) Schedule: Monday through Friday, 40 hours per week Job Summary
We are seeking a motivated, detail-oriented, and customer-focused professional to join our Cyber Defense Infrastructure Vulnerability Management Team. This role is responsible for performing vulnerability and compliance scanning and analysis to assess the enterprise vulnerability posture and reduce the attack surface. You will work closely with business lines and infrastructure teams to identify, track, and remediate vulnerabilities and compliance deviations on systems that store, process, or display Citizens' data. Key Responsibilities
Continuously improve processes to deliver a best-in-class vulnerability management program Communicate security issues to technical teams, executives, risk groups, vendors, and regulators Maintain deep knowledge of current threats, vulnerabilities, attacks, and countermeasures Provide training to team members on emerging threats and mitigation strategies Develop meaningful metrics to reflect the true security posture of the environment Enhance the maturity of the Vulnerability Management Program through technology, policy, and stakeholder engagement Required Experience and Skills
Minimum 5 years of progressive experience in the security industry 1 to 2 years of experience with QualysGuard (VM, PC, CloudView, AssetView, Cloud Agent, API) preferred Experience with other vulnerability management tools (Tenable, Rapid7) acceptable with expectation to become a Qualys expert within 3 to 6 months Strong understanding of CVSS, CVE, CWE, CPE, CCE, OVAL, SCAP, and related standards Experience developing automation scripts or applications in Python, PowerShell, Java, C/C++, Go, or similar Expertise in at least one operating system (Windows, UNIX, Linux, AIX) with a focus on vulnerability assessment and hardening Knowledge of security hardening, configuration management, change control, and security baselines (CIS, NIST, vendor STIGs) Practical knowledge of securing cloud environments (AWS, Azure) Basic understanding of networking fundamentals Proven ability to build and maintain relationships with stakeholders and business partners Self-motivated and able to work independently Experience with manual testing and OWASP Top 10 Familiarity with tools such as nmap, Wireshark, Nessus, NeXpose, Kali, Metasploit, AppScan, WebInspect, Burp Suite, Acunetix, Arachni, w3af, NTOSpider, ZAP Proxy, IronWASP is a plus Preferred Education and Certifications
Bachelor's degree or equivalent experience One or more relevant certifications (GEVA, GCIH, GCIA, OSCP, GPEN, GXPN, GWAPT, GWEB, GSNA, LPT, Security+, CISSP, CISM, CISA) Compensation
Salary range: $120,000 to $140,000 annually Eligible for annual discretionary bonus Actual compensation based on location, skills, and experience Benefits
Comprehensive medical, dental, and vision coverage Retirement benefits Paid maternity and paternity leave Flexible work arrangements Education reimbursement Wellness programs Paid time off exceeding local and state requirements For more information on our benefits, visit: https://jobs.citizensbank.com/benefits