"Alerted.org

Description

Senior Vulnerability Specialist

Work Arrangement: Hybrid (4 days onsite, 1 day remote)

Schedule: Monday through Friday, 40 hours per week

Job Summary:

We are seeking a motivated, detail-oriented, and customer-focused professional to join our Cyber Defense – Infrastructure Vulnerability Management Team. This role is responsible for performing vulnerability and compliance scanning and analysis to assess the enterprise vulnerability posture and reduce the attack surface. You will work closely with business lines and infrastructure teams to identify, track, and remediate vulnerabilities and compliance deviations on systems that store, process, or display Citizens’ data.

Key Responsibilities:

+ Continuously improve processes to deliver a best-in-class vulnerability management program

+ Communicate security issues to technical teams, executives, risk groups, vendors, and regulators

+ Maintain deep knowledge of current threats, vulnerabilities, attacks, and countermeasures

+ Provide training to team members on emerging threats and mitigation strategies

+ Develop meaningful metrics to reflect the true security posture of the environment

+ Enhance the maturity of the Vulnerability Management Program through technology, policy, and stakeholder engagement

Required Experience and Skills:

+ Minimum 5 years of progressive experience in the security industry

+ 1 to 2 years of experience with QualysGuard (VM, PC, CloudView, AssetView, Cloud Agent, API) preferred

+ Experience with other vulnerability management tools (Tenable, Rapid7) acceptable with expectation to become a Qualys expert within 3 to 6 months

+ Strong understanding of CVSS, CVE, CWE, CPE, CCE, OVAL, SCAP, and related standards

+ Experience developing automation scripts or applications in Python, PowerShell, Java, C/C++, Go, or similar

+ Expertise in at least one operating system (Windows, UNIX, Linux, AIX) with a focus on vulnerability assessment and hardening

+ Knowledge of security hardening, configuration management, change control, and security baselines (CIS, NIST, vendor STIGs)

+ Practical knowledge of securing cloud environments (AWS, Azure)

+ Basic understanding of networking fundamentals

+ Proven ability to build and maintain relationships with stakeholders and business partners

+ Self-motivated and able to work independently

+ Experience with manual testing and OWASP Top 10

+ Familiarity with tools such as nmap, Wireshark, Nessus, NeXpose, Kali, Metasploit, AppScan, WebInspect, Burp Suite, Acunetix, Arachni, w3af, NTOSpider, ZAP Proxy, IronWASP is a plus

Preferred Education and Certifications:

+ Bachelor’s degree or equivalent experience

+ One or more relevant certifications (GEVA, GCIH, GCIA, OSCP, GPEN, GXPN, GWAPT, GWEB, GSNA, LPT, Security+, CISSP, CISM, CISA)

Compensation:

+ Salary range: $120,000 to $140,000 annually

+ Eligible for annual discretionary bonus

+ Actual compensation based on location, skills, and experience

Benefits:

+ Comprehensive medical, dental, and vision coverage

+ Retirement benefits

+ Paid maternity and paternity leave

+ Flexible work arrangements

+ Education reimbursement

+ Wellness programs

+ Paid time off exceeding local and state requirements

For more information on our benefits, visit: https://jobs.citizensbank.com/benefits

#LI-Citizens1

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.

Why Work for Us

At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth

Background Check

Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.