Digital Security EngineerLocation Johnston, Rhode Island Job ID/ Req. Number191672 Category Corporate Security Full/Part Time F Regular/Temporary 1st Shift
The Digital Security Engineer is a key resource within the Corporate Security and Resilience (CS&R) Security Engineering and Architecture (SEA) Digital Security team. The is a subject matter expert (SME) who, through independent project engagements and collaboration with business and technology partners, as well as third party vendors, develops, engineers and documents secure, next generation digital solutions. This includes, but is not limited to, critical technologies and capabilities like consumer banking platforms, commercial banking platforms, middleware platforms, CI/CD platforms, and programmable, API driven orchestration and business-centric platforms.
This role is responsible for security engineering activities and helping ensure that security is “built into” the organization’s core digital applications and platforms throughout the application and capability lifecycle. This role supports critical security activities between CS&R and digital/middleware delivery teams, and will participate in agile/DevOps project work streams as a security SME representing and engineering digital security solutions. This role will also analyze, design, propose, and help deliver modernized technology solutions that are appropriate for next generation banking applications.
The Digital Security Engineer maintains current knowledge of modernized computing paradigms, automation/orchestration frameworks, virtualization platforms, security threats, and recommends security enhancements and purchases that allow Citizens Bank to deliver the most secure and robust digital applications deployed within the organization and within the cloud.
Primary responsibilities include:
- Gaining a comprehensive understanding of the company’s digital technology and information systems and capabilities (Online Banking, Mobile Banking, core Commercial applications).
- Participation in Agile meetings and timely delivery of project-related artifacts.
- Working on significant and unique issues where analysis of situations or data requires an evaluation of intangibles. Candidate should exercise independent judgment in methods, techniques and evaluation criteria for obtaining results.
- Deployment and configuration of complex applications throughout the project and secure software development lifecycle. Project delivery work may include delivery of AWS solutions, CI/CD tool sets, automation/orchestration platforms, micro-services, cryptographic safeguards, J2E platform software, and deployment of software artifacts, web server setup and configuration, coordination of network and database connectivity.
- Integration of internally developed components (API's, web services, broker services, MQ and Data Power artifacts).
- Remediation of vulnerabilities, close coordination with project testing teams for performance analysis, creation of documentation, and knowledge transfer to support staff.
- Providing guidance and recommendations related to digital security engineering efforts and lead proof of concept (POC) projects.
- Leading in the development and providing guidance during digital architecture design activities of new and existing applications.
- Researching and evaluating proposed digital security and business solutions for adherence to documented company standards, policies and regulatory responsibilities.
- Acting as the digital security SME with regards to strengths and weaknesses of the security capabilities systems and being able to recommend improvements to both software and hardware.
- Assessing emerging digital security technologies against security architecture standards to determine where they fill gaps, overlap with existing solutions or extend capabilities.
Location is not a barrier for this role and while our preference would be to have a chosen candidate with onsite capabilities in one of our corporate headquarters – we are open to remote employment within the United States for an experienced candidate.
- 5 or more years in system security engineering, controls or information management experience and/or Security Engineer/Architect/Consultant
- 8 or more years of systems/platform engineering experience
- Experience with building and maintaining effective relationships with stakeholders, clients, peers, supervisors, subordinates and other internal company staff
- End to end understanding of the secure software development lifecycle (SSDLC) and DevOps/DevSecOps process integration.
- Demonstrated ability to think strategically about business, product and technical challenges.
- Demonstrated experience with cloud-based solutions. This should include administration, architecture, and security of web services. Candidate should have an understanding of APIs, methods of automated deployment, and API management in a corporate setting.
- Experience with Open Source Application stacks like Nginx and NodeJS
- Knowledge of Integration Brokers like Zuul and Rabbit MQ is a strong plus, as is understanding of JIRA, Nexus, Subversion, Rapid Deploy and shell scripting.
- Familiarity with security industry and regulatory standards (ISO 17799, ISO 27001/2, ISO 31000, NIST 800 series, PCI, SOX, GLBA. etc.)
- Experienced with industry standard technologies and database management platforms.
- Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing
- Demonstrated ability leading programs
- Influencing experience at senior levels within an organization
- Excellent verbal and written communication skills
- Industry experiences in financial services, high-tech, and /or healthcare preferred
Education, Certifications and/or Other Professional Credentials:
- Bachelor's degree ( Degree in Computer Science or Computer Engineering preferred)
- CISSP or other relevant industry certifications (TOGAF, ITIL).
- Knowledge of ISO and NIST security standards preferred
Hours & Work Schedule
Hours per Week: 40
Work Schedule: Monday through Friday 8:00 am-5:00 pm
Why Work for Us
At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth.
Equal Employment Opportunity
It is the policy of Citizens Bank to provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to race, color, ethnicity, religion, gender, pregnancy/childbirth, age, national origin, sexual orientation, gender identity or expression, disability or perceived disability, genetic information, citizenship, veteran or military status, marital or domestic partner status, or any other category protected by federal, state and/or local laws.
Equal Employment and Opportunity Employer/Disabled/Veteran
Citizens Bank is a brand name of Citizens Bank, N.A. and each of its respective subsidiaries.