Cyber Defense Senior Application Security SpecialistLocation Johnston, Rhode Island Req. Number201108 Category IT, Corporate Security, Digital Technology, Corporate Full/Part Time F Shift 1st Shift
This position will be part of a smart and collaborative team working to identify, interpret and help drive vulnerability remediation in enterprise applications.
In this role you will be responsible for participating in the coordination and presentation of application vulnerability reviews to development, risk, audit and business teams. This role is technical and will require you to be proficient in the use of state of the art application vulnerability scanning tools and you will support critical efforts within the environment to improve the application security profile of the organization.
You must possess a passion for finding and fixing application vulnerabilities, and think analytically with the ability to learn fast in order to hit the ground running with whatever task is thrown at you.
Additional responsibilities will be to:
Provide hands on use of automated tools and manual testing techniques to identify flaws, weaknesses, vulnerabilities and attack vectors in web applications (SAST, DAST, & IAST)
Create, produce and maintain metrics associated with the application security program
Review and coordinate changes to cyber security policies, procedures, and standards
Self-audit our application security program in an effort to instill continuous improvement
Guide development teams in best practices across all stages of the SDLC process
Monitor and respond to Open Source Software weaknesses and exposures
Evangelize and drive Application Security inside the company
Build a very close working relationship with application development and QA teams
Develop and update security patterns aligned with security requirements
Location is not a barrier for this role and while our preference would be to have a chosen candidate with onsite capabilities in one of our corporate headquarters – we are open to remote employment within the United States for an experienced candidate.
Required Skills and Experience:
A minimum of 5 years of strong applicable security or development experience
Strong presentation and communication skills (written and oral)
Ability to present complex, technical information to a variety of audiences, both technical and non-technical
Proven hands on experience with application security testing techniques such as fuzzing, penetration testing and code scanning, ideally with both static (SAST) and dynamic (DAST) tools.
Strong experience with manual testing of web applications, API’s, and mobile applications.
Ability to write scripts in languages such as Python, BASH, or PowerShell for automation
Solid understanding of secure SDLC principles
Architecture reviews with software solutions is a plus
Hands-on experience with Agile, DevOps and DevSecOps methodologies is a plus
Understanding and knowledge of the OWASP top 10
Application development background is a plus
Education, Certifications and/or Other Professional Credentials:
Bachelor’s degree preferred
Security related certifications such as CSSLP, GWAPT, GWEB, CEH preferred
Hours & Work Schedule
Hours per Week: 40
Work Schedule: Monday through Friday
Why Work for Us
At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth.
Equal Employment Opportunity
It is the policy of Citizens Bank to provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to race, color, ethnicity, religion, gender, pregnancy/childbirth, age, national origin, sexual orientation, gender identity or expression, disability or perceived disability, genetic information, citizenship, veteran or military status, marital or domestic partner status, or any other category protected by federal, state and/or local laws.
Equal Employment and Opportunity Employer/Disabled/Veteran
Citizens Bank is a brand name of Citizens Bank, N.A. and each of its respective subsidiaries.