Senior Infrastructure Security Engineer

DescriptionIn this role, you will be a hands on senior individual contributor role on the Cyber Defense – Infrastructure Vulnerability Management Team, responsible for performing vulnerability and compliance scanning and analysis to aid Citizens in assessing the enterprise vulnerability posture and reducing the attack surface. This job can be done remotely anywhere in the US. Working closely with business lines and infrastructure teams, you will directly contributes to the effort to identify, track, and remediate the open vulnerabilities (technical vulnerabilities or build compliance deviations) on systems that store, process, or display Citizens data. You will understand technology operations as well as security operations and will have a keen understanding of the concept of mitigating and compensating controls. Responsibilities (but not limited to): Working across development teams within an Agile development environment using standard collaboration tools such as the Atlassian tool suite

Hands-on code/script development experience with distributed version control systems such as Git

Communicating security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators

Maintaining a deep understanding of current threat, vulnerabilities, attacks, countermeasures and how to respond effectively to them while providing training to the rest of the team on these items

Developing meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk

Improving the capabilities and maturity of the Citizens Vulnerability Management Program by identifying appropriate technologies, policies, communication channels, organizational structures and relationships with third parties

QualificationsThis job can be done remotely anywhere in the US. Required Experience and Skills: 5 years of progressive security industry experience

1-2 years of experience with with QualysGuard Vulnerability Scanner including its API, Vulnerability Management (VM), Policy Compliance (PC), CloudView, AssetView, Cloud Agent, and other modules highly preferred

1-2 years of experience with other vulnerability management solutions such as Tenable, Rapid7, and others is acceptable with the understanding that you will be expected to be a domain expert with this Qualys in 3-6 months.

Recall level of understanding of CVSS, CVE, CWE, CPE, CCE, CWE, OVAL, SCAP and other standards

Experience developing applications, automation scripts, or other solutions in at least one modern language (Python, JavaScript, Powershell, Java, C/C, Go, etc)

Proficient understanding of various operating systems (Window, UNIX, Linux, AIX, etc.) with an emphasis on vulnerability assessment and hardening. Subject matter expertise in at least one of the operating systems is required

Practical knowledge of security hardening, configuration management, change control/problem management, exception management and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.)

Practical knowledge of Cloud (AWS, Azure, etc.) and how to secure them

Associate level knowledge of networking fundamentals

Experience fostering and maintaining relationships with key stakeholders and business partners

Ability to demonstrate manual testing experience including all of OWASP Top 10

Demonstrated experience with common penetration testing and vulnerability assessment tools such as nmap, Wireshark, Nessus, NeXpose, Kali, Metasploit, AppScan, WebInspect, Burp Suite Professional, Acunetix, Arachni, w3af, NTOSpider, ZAP Proxy, IronWASP is a plus

Education and Certifications:

One or more relevant security certifications (LPT, OSCP, GWAPT, GWEB, GCIA, GSNA, GCIH, CISSP, CISM, CISA, CEH, GIAC, GPEN, GCED, Security +)

Bachelor’s Degree or equivalent combination of experience

Hours and Work ScheduleHours per Week: 40 Work Schedule: Monday through Friday This position is not available in Colorado Why Work for UsAt Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth.Equal Employment OpportunityCitizens, its parent, subsidiaries, and related companies provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability or perceived disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws.Equal Employment and Opportunity Employer/Disabled/VeteranCitizens is a brand name of Citizens Bank, N.A. and each of its respective affiliates.