Manager Vulnerability Management

Hybrid work arrangement required: 4 days on-site, 1 remote in one of our organizational hubs including: Johnston, RI - Phoenix, AZ - Westwood OR Medford, MA - Plano, TX - Iselin, NJ - Pittsburgh, PA - Franklin, TN - Cleveland OR Columbus, OH - Chicago, IL

We are currently seeking a highly motivated, detail oriented, and customer focused individual to play a key role on the team. In this role on the Cyber Defense – Infrastructure Vulnerability Management Team, you will be responsible for performing vulnerability and compliance scanning and analysis to aid Citizens in assessing the enterprise vulnerability posture and reducing the attack surface.

Working closely with business lines and infrastructure teams, you will directly contribute to the effort to identify, track, and remediate the open vulnerabilities (technical Vulnerabilities or build compliance deviations) on systems that store, process, or display Citizen’s data. In this role, it is critical that you must understand technology operations as well as security operations, with a keen understanding of the concept of mitigating and compensating controls is required.

Responsibilities (but not limited to)

• Actively looking for ways to improve the processes around the program to provide a best of breed, world class service

• Communicating security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators

• Maintaining a deep understanding of current threat, vulnerabilities, attacks, countermeasures and how to respond effectively to them while providing training to the rest of the team on these items

• Developing meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk

• Improving the capabilities and maturity of the Citizens Vulnerability Management Program by identifying appropriate technologies, policies, communication channels, organizational structures and relationships with third parties

Required Experience and Skills

• 8+ years of progressive security industry experience, including 2+ years in a leadership or management role.

• 5 years of progressive security industry experience

• 1-2 years of experience with with QualysGuard Vulnerability Scanner including its API, Vulnerability Management (VM), Policy Compliance (PC), CloudView, AssetView, Cloud Agent, and other modules highly preferred

• 1-2 years of experience with other vulnerability management solutions such as Tenable, Rapid7, and others is acceptable with the understanding that you will be expected to be a domain expert with this Qualys in 3-6 months.

• Recall level of understanding of CVSS, CVE, CWE, CPE, CCE, CWE, OVAL, SCAP and other standards

• Experience developing applications, automation scripts, or other solutions in at least one modern language (Python, Powershell, Java, C/C++, Go, etc)

• Expert understanding of various operating systems (Window, UNIX, Linux, AIX, etc.) with an emphasis on vulnerability assessment and hardening. Subject matter expertise in at least one of the operating systems is required

• Practical knowledge of security hardening, configuration management, change control/problem management, exception management and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.)

• Practical knowledge of Cloud (AWS, Azure, etc.) and how to secure them

• Associate level knowledge of networking fundamentals

• Experience fostering and maintaining relationships with key stakeholders and business partners

• Self-motivation with the ability to work under minimal supervision is a must

• Ability to demonstrate manual testing experience including all of OWASP Top 10

• Demonstrated experience with common penetration testing and vulnerability assessment tools such as nmap, Wireshark, Nessus, NeXpose, Kali, Metasploit, AppScan, WebInspect, Burp Suite Professional, Acunetix, Arachni, w3af, NTOSpider, ZAP Proxy, IronWASP is a plus

Education and Certifications

• One or more relevant security certifications (GEVA, GCIH, GCIA, OSCP, GPEN, GXPN, GWAPT, GWEB, GCIA, GSNA, LPT, Security +, CISSP, CISM, CISA)

• Bachelor’s Degree in relevant field 

Hours & Work Schedule

• Hours & Work Schedule: M-F

• Hours per Week: 40

Pay Transparency

The salary range for this position is $175,000-$205,000 per year plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience. 

We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of very local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits.

#LI-Citizens1

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.

Equal Employment and Opportunity Employer

Job Applicant Data Privacy Policy

Background Check

Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.