Skip Navigation

Cyber Defense Senior Application Security Specialist

Location Johnston, Rhode Island Req. Number201108 Category IT, Corporate Security, Digital Technology, Corporate Full/Part Time F Shift 1st Shift


This position will be part of a smart and collaborative team working to identify, interpret and help drive vulnerability remediation in enterprise applications.

In this role you will be responsible for participating in the coordination and presentation of application vulnerability reviews to development, risk, audit and business teams. This role is technical and will require you to be proficient in the use of state of the art application vulnerability scanning tools and you will support critical efforts within the environment to improve the application security profile of the organization. 

You must possess a passion for finding and fixing application vulnerabilities, and think analytically with the ability to learn fast in order to hit the ground running with whatever task is thrown at you.

Additional responsibilities will be to: 

  • Provide hands on use of automated tools and manual testing techniques to identify flaws, weaknesses, vulnerabilities and attack vectors in web applications (SAST, DAST, & IAST)

  • Create, produce and maintain metrics associated with the application security program

  • Review and coordinate changes to cyber security policies, procedures, and standards

  • Self-audit our application security program in an effort to instill continuous improvement

  • Guide development teams in best practices across all stages of the SDLC process

  • Monitor and respond to Open Source Software weaknesses and exposures

  • Evangelize and drive Application Security inside the company

  • Build a very close working relationship with application development and QA teams

  • Develop and update security patterns aligned with security requirements

Location is not a barrier for this role and while our preference would be to have a chosen candidate with onsite capabilities in one of our corporate headquarters – we are open to remote employment within the United States for an experienced candidate.


Required Skills and Experience: 

  • A minimum of 5 years of strong applicable security or development experience

  • Strong presentation and communication skills (written and oral)

  • Ability to present complex, technical information to a variety of audiences, both technical and non-technical

  • Proven hands on experience with application security testing techniques such as fuzzing, penetration testing and code scanning, ideally with both static (SAST) and dynamic (DAST) tools.

  • Strong experience with manual testing of web applications, API’s, and mobile applications.

  • Ability to write scripts in languages such as Python, BASH, or PowerShell for automation

  • Solid understanding of secure SDLC principles

  • Architecture reviews with software solutions is a plus

  • Hands-on experience with Agile, DevOps and DevSecOps methodologies is a plus

  • Understanding and knowledge of the OWASP top 10

  • Application development background is a plus 

Education, Certifications and/or Other Professional Credentials: 

  • Bachelor’s degree preferred

  • Security related certifications such as CSSLP, GWAPT, GWEB, CEH preferred 

Hours & Work Schedule

Hours per Week: 40

Work Schedule: Monday through Friday

Why Work for Us

At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth.

Equal Employment Opportunity

It is the policy of Citizens Bank to provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to race, color, ethnicity, religion, gender, pregnancy/childbirth, age, national origin, sexual orientation, gender identity or expression, disability or perceived disability, genetic information, citizenship, veteran or military status, marital or domestic partner status, or any other category protected by federal, state and/or local laws.

Equal Employment and Opportunity Employer/Disabled/Veteran

Citizens Bank is a brand name of Citizens Bank, N.A. and each of its respective subsidiaries.