The successful applicant will be responsible for participating in the coordination and presentation of vulnerability reviews to development, risk, audit and business teams. This role is hands on and technical.� You will be the Subject Matter Expert (SME) within the team for all matters Cloud and Container Security respective to Vulnerability & Attack Surface Management.
Primary responsibilities include:
- Managing, maintaining, and supporting our Container Security Vulnerability tool(s) to include managing the output and working hands on with the DevOps and Infrastructure teams to drive remediation
- Supporting the building, production and maintenance of metrics associated with the container security program
- Guiding development teams in best practices across all stages of the SDLC
- Monitoring and responding to Open Source Software weaknesses and exposures
- Evangelizing and driving Cyber Security inside the company
- Building a very close working relationship with DevOps, cloud engineering, application development and QA teams.
- Performing research and develop whitepapers/presentations/etc. regarding application security
- Developing and updating security patterns & user stories aligned with security requirements
Location is not a barrier for this role and while our preference would be to have a chosen candidate with onsite capabilities in one of our corporate headquarters � we are open to remote employment within the United States for an experienced candidate.
- 5 years of strong applicable security experience
- Solid understanding of Cloud platforms such as AWS, Azure, and GCP
- Experience with container orchestration technologies such as Docker, Kubernetes, Mesos , Openshift
- Hands-on experience with Agile, DevOps and DevSecOps methodologies is a plus
- Assist in developing an automated framework for Security Tool deployment and development, leveraging various scripting languages and open source solutions
- Understanding of Infrastructure as Code
- Experience moving to a DevOps / DevSecOps environment
- Experience with agile development and CI/CD pipelines
- Experience with container / orchestration tools
- Knowledge of CloudFormation / Terraform
- Hands on experience AWS / Windows / Linux Security
- Highly proficient in at least one major scripting / programming language (Python, Ruby, Node, Java, R, Go�) Proficient in shell scripting (Bash, PowerShell�)
- Deep understanding of container security tools, and experience with products such as Aqua, Twistlock, Qualys Container Security, Layered Insight
- Ability to present complex, technical information to a variety of audiences, both technical and non-technical, in written and/or oral formats
Education, Certifications and/or Other Professional Credentials:
- Bachelor�s degree preferred
- Security related certifications such as CSSLP, GWAPT, GWEB, GPEN, CEH, CCSK, CCSP preferred
Hours & Work Schedule
Hours per Week:� 40
Work Schedule: Monday-Friday 8:00AM - 5:00PM
Why Work for UsAt Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth.
Equal Employment Opportunity
It is the policy of Citizens Bank to provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to race, color, ethnicity, religion, gender, pregnancy/childbirth, age, national origin, sexual orientation, gender identity or expression, disability or perceived disability, genetic information, citizenship, veteran or military status, marital or domestic partner status, or any other category protected by federal, state and/or local laws.Equal Employment and Opportunity Employer/Disabled/VeteranCitizens Bank is a brand name of Citizens Bank, N.A. and each of its respective subsidiaries.