Manager - Offensive Security
Cyber Security
Johnston, Rhode Island; Iselin, New Jersey; Westwood, Massachusetts; Plano, Texas; Charlotte, North Carolina; Phoenix, Arizona; Pittsburgh, Pennsylvania
Description
Locations: This role will require a hybrid work schedule in one of our primary Citizens hubs including: Johnston, RI - Pittsburg, PA - Phoenix, AZ - Westwood or Medford MA - Charlotte, NC - Plano, TX - Iselin, NJ
Position Overview
The Manager - Offensive Security will lead the bank’s offensive security initiatives, including Penetration Testing, Red Teaming, and Purple Team exercises. This role is responsible for building and evolving the bank’s offensive security capabilities to proactively identify risks, validate defenses, and enhance the overall security posture.
The ideal candidate is a hands-on professional with deep expertise in offensive security techniques and tools, as well as a strong understanding of the attack lifecycle, threat modeling, and risk analysis. This individual will also collaborate cross-functionally to communicate offensive security results to regulators, audit, and risk stakeholders.
Key Responsibilities
Offensive Security Strategy:
- Develop and implement a comprehensive offensive security program, including Penetration Testing, Red Teaming, and Purple Team exercises.
- Identify, test, and validate vulnerabilities across infrastructure, applications, and container environments.
- Establish a proactive threat identification strategy aligned with MITRE ATT&CK and the cyber kill chain.
Testing and Validation:
- Coordinate offensive security assessments to uncover gaps in defenses.
- Partner with defensive security and vulnerability management teams to ensure findings are prioritized and remediated.
Building Capabilities:
- Expand internal offensive testing capabilities, including wireless security assessments and advanced penetration testing techniques.
- Implement automated testing tools and integrate offensive testing into agile and DevSecOps pipelines.
Collaboration and Metrics:
- Develop meaningful metrics to measure and communicate offensive security results and trends.
- Liaise with Federal Regulators, Internal and external audit, enterprise risk, compliance, and executives to provide transparency of the bank's security posture.
- Present offensive security findings to both technical and non-technical audiences.
Leadership:
- Manage and mentor a team of penetration testers and offensive security specialists, driving innovation and continuous improvement.
- Serve as the escalation point for all offensive security matters across the bank.
Required Experience and Skills
- 10+ years of cybersecurity experience, with at least 3+ years focused on penetration testing and offensive security.
- Demonstrated expertise in Red Team, Purple Team, and advanced Penetration Testing.
- Hands-on experience with tools like Metasploit, Burp Suite, Nessus, Cobalt Strike, or similar.
- Strong knowledge of offensive testing methodologies, including MITRE ATT&CK, CVE, CWE, and the cyber kill chain.
- Experience building and scaling offensive security programs within large enterprise environments.
- Ability to communicate offensive testing results to technical and non-technical audiences, including executive leadership and regulators.
- Solid understanding of CVSS, CVE, CWE, and security assessment techniques.
Preferred Certifications
- OSCP, OSCE, GPEN, GXPN, LPT, CISSP, or equivalent certifications
Education and Certifications
- A bachelor’s degree in Computer Science, Computer Engineering, or a related discipline
- Preferred: Master's degree in Software Engineering, Computer Science, Engineering, Mathematics, or related discipline
Hours & Work Schedule
- Hours per Week: 40
- Work Schedule: M-F
Pay Transparency
The salary range for this position is $175,000 - $205,000 per year plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience.
We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of very local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits.
#LI-Citizens1
Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.
Equal Employment Opportunity
Citizens, its parent, subsidiaries, and related companies (Citizens), provides equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability, or history or record of a disability, ethnicity, gender, gender identity or expression, transgendered and transitioning individuals, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens we are committed to fostering an inclusive culture that enables colleagues to bring their best selves to work every day and where all are expected to be treated with respect and professionalism. Employment decisions are based solely on experience, performance, and ability. We perform our best so we can do more for our customers, colleagues, communities and shareholders.
Background Check
Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.
Benefits
We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more.
View BenefitsAwards We've Received

Age-Friendly Institute's Certified Age-Friendly Employer

Human Rights Campaign Corporate Equality Index 100 Award

Dave Thomas Foundation’s Best Adoption-Friendly Workplace

Disability:IN Best Places to Work for People with Disabilities

Fair360 Top Regional Company

FORTUNE’s World’s Most Admired Companies

Military Friendly® Employer
- Senior Software Engineer - Observability - SRE (Hybrid) Johnston, Rhode Island; Phoenix, Arizona; Plano, Texas; Iselin, New Jersey; Charlotte, North Carolina Johnston, Rhode Island, Phoenix, Arizona, Plano, Texas, Iselin, New Jersey, Charlotte, North Carolina
- Principal Software Engineer - AIOPS (Hybrid) Johnston, Rhode Island; Charlotte, North Carolina; Phoenix, Arizona; Plano, Texas; Iselin, New Jersey Johnston, Rhode Island, Charlotte, North Carolina, Phoenix, Arizona, Plano, Texas, Iselin, New Jersey
- Fraud Operations Sr Manager- Claims Workflow & Recovery Pittsburgh, Pennsylvania; Riverside, Rhode Island; Remote Pittsburgh, Pennsylvania, , Riverside, Rhode Island, Remote