Senior Vulnerability Spec

Description

Citizens Financial Group, Inc. (CFG) seeks a Senior Vulnerability Specialist for its Johnston, RI location.

Duties: Develops and implements application security processes, including identifying application security weaknesses, and developing security strategies. Utilizes automated tools and manual testing techniques to analyze code, identify flaws, vulnerabilities, and attack vectors in web applications (SAST, DAST, & IAST). Guides development teams in best practices across all stages of the SDLC process. Performs regular vulnerability assessments on applications to identify potential weaknesses. Establishes and promotes a secure development framework that includes secure coding standards and guidelines. Integrates security testing tools into automated build and deployment pipelines. Conducts penetration testing to simulate real-world attacks and identify vulnerabilities. Monitors and responds to Open-Source Software weaknesses and exposures. Evaluates and ensure the security of third-party components and services integrated into applications. Establishes security requirements for third-party vendors.

Requirements: Bachelor's degree Information Technology or a related field and three (3) years of experience in the role or in a related position. Full term of experience must include: Utilizing UEBA.UBA, SIEM to detect insider threat theft and sabotage activities; Querying data using SQL for fraud analysis; Utilizing Splunk to create dashboards and alerts; Utilizing Java and Python for coding, scripting, and automation tasks; Utilizing OWASP Top 10 to identify web application vulnerabilities; Utilizing SAST tools, including Fortify and Contrast for code analysis, early detection, and identification of vulnerabilities; Utilizing DAST tools, including ZAP and Qualys for application security testing, identifying vulnerabilities, continuous testing, and prioritizing fixes; Utilizing penetration testing tools and methodologies, including Metasploit, Burp Suite, Nmap, Wireshark, and SQLMap; and Utilizing CI/CD pipelines and automation tools.

May telecommute from any U.S. location.

Direct applicants only.

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

At Citizens we value diversity, equity and inclusion, and treat everyone with respect and professionalism. Employment decisions are based solely on experience, performance, and ability. Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression (including transgender individuals who are transitioning, have transitioned, or are perceived to be transitioning to the gender with which they identify), genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws.

Equal Employment and Opportunity Employer

Citizens is a brand name of Citizens Bank, N.A. and each of its respective affiliates.

Background Check

Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.