Description
Senior Vulnerability Specialist
Location: Phoenix, AZ; Johnston, RI; Westwood, MA; Iselin, NJ; Plano, TX
Work Arrangement: Hybrid (4 days onsite, 1 day remote)
Schedule: Monday through Friday, 40 hours per week
Job Summary:
We are seeking a motivated, detail-oriented, and customer-focused professional to join our Cyber Defense – Infrastructure Vulnerability Management Team. This role is responsible for performing vulnerability and compliance scanning and analysis to assess the enterprise vulnerability posture and reduce the attack surface. You will work closely with business lines and infrastructure teams to identify, track, and remediate vulnerabilities and compliance deviations on systems that store, process, or display Citizens’ data.
Key Responsibilities:
Continuously improve processes to deliver a best-in-class vulnerability management programCommunicate security issues to technical teams, executives, risk groups, vendors, and regulatorsMaintain deep knowledge of current threats, vulnerabilities, attacks, and countermeasuresProvide training to team members on emerging threats and mitigation strategiesDevelop meaningful metrics to reflect the true security posture of the environmentEnhance the maturity of the Vulnerability Management Program through technology, policy, and stakeholder engagementRequired Experience and Skills:
Minimum 5 years of progressive experience in the security industry1 to 2 years of experience with QualysGuard (VM, PC, CloudView, AssetView, Cloud Agent, API) preferredExperience with other vulnerability management tools (Tenable, Rapid7) acceptable with expectation to become a Qualys expert within 3 to 6 monthsStrong understanding of CVSS, CVE, CWE, CPE, CCE, OVAL, SCAP, and related standardsExperience developing automation scripts or applications in Python, PowerShell, Java, C/C++, Go, or similarExpertise in at least one operating system (Windows, UNIX, Linux, AIX) with a focus on vulnerability assessment and hardeningKnowledge of security hardening, configuration management, change control, and security baselines (CIS, NIST, vendor STIGs)Practical knowledge of securing cloud environments (AWS, Azure)Basic understanding of networking fundamentalsProven ability to build and maintain relationships with stakeholders and business partnersSelf-motivated and able to work independentlyExperience with manual testing and OWASP Top 10Familiarity with tools such as nmap, Wireshark, Nessus, NeXpose, Kali, Metasploit, AppScan, WebInspect, Burp Suite, Acunetix, Arachni, w3af, NTOSpider, ZAP Proxy, IronWASP is a plusPreferred Education and Certifications:
Bachelor’s degree or equivalent experienceOne or more relevant certifications (GEVA, GCIH, GCIA, OSCP, GPEN, GXPN, GWAPT, GWEB, GSNA, LPT, Security+, CISSP, CISM, CISA)Compensation:
Salary range: $120,000 to $140,000 annuallyEligible for annual discretionary bonusActual compensation based on location, skills, and experienceBenefits:
Comprehensive medical, dental, and vision coverageRetirement benefitsPaid maternity and paternity leaveFlexible work arrangementsEducation reimbursementWellness programsPaid time off exceeding local and state requirementsFor more information on our benefits, visit: https://jobs.citizensbank.com/benefits
#LI-Citizens1
Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.
Equal Employment Opportunity
Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.