Job ID/ Req. Number184370
We are currently seeking a highly motivated, detail oriented, and customer focused individual to play a key hands-on role on the Cyber Defense team. This role requires a high degree of technical security expertise with static/dynamic code scanning tools, software threat modeling, and modern cloud development and delivery platforms (i.e. AWS). The selected candidate will be responsible for progressing Security Capabilities within DevOps, including automated security testing, continuous integration, and automated build deployments.
As a member of a high-performing security team, this individual will directly work with development teams and act as a security subject matter expert (SME). The selected candidate must be passionate about their trade and have a high degree of ethics, ownership, and motivation.
Responsibilities include (but not limited to):
- Developing and deploying the right automated solutions that inject security activities, at the right time/depth, into the CI/CD pipelines during builds, testing and deployment.
- Optimizing security-related rules/configurations for effectiveness and to reduce false positives.
- Serving as a security expert in application development, cloud, database, microservice design and container technologies.
- Developing security-related user-stories and software-centric threat models.
- Triaging security issues with development teams and providing guidance on how best to resolve them.
- Leading the day-to-day administration of the CI/CD security infrastructure.
- Maintaining a deep understanding of current threat, vulnerabilities, attacks, countermeasures and how to respond effectively to them while providing training to the rest of the team on these items.
- Taking ownership and driving forward the capabilities and maturity of the Secure CI/CD program by identifying appropriate technologies, policies, communication channels, and relationships with internal partners.
- Developing meaningful metrics to enable rapid developer feedback and metrics for business stakeholders and software managers.
Location is not a barrier for this role and while our preference would be to have a chosen candidate with onsite capabilities in one of our corporate headquarters – we are open to remote employment within the Eastern United States for an experienced candidate.
Experience and Skills:
- 2 or more years of hand-on experience implementing/maintaining security in CI/CD pipelines, and solid understanding of best practices.
- Experience with designing and automating security tools and processes.
- Experience with distributed cloud architecture and implementations. Specifically AWS services such as EC2, ECS, Lambda, API Gateway, Cloud Front, Cloud Watch.
- 2 or more years of experience with Docker and Docker Compose
- Experience designing and delivering security-driven testing to support agile software development processes (Jira/Confluence/HipChat/Jenkins).
- Experience with tools that do vulnerability scanning, risk based threat analysis, and other security mitigation techniques.
- Experience with one or more of the main stream scripting languages such as Python, Powershell, Bash etc….
- Exposure developing solutions for Web and Mobile applications.
- Knowledge of security technology topics including cloud security, API security, application security, logging & monitoring, infrastructure hardening, and database security.
- Ability to present technical concepts to non-technical audiences.
- Self-motivated with the ability to be adaptable and work under minimal supervision.
- Excellent oral and written communications skills.
Education and Certifications:
- Any recognized security certifications, i.e. CCSP, CCSK, CSSLP, CISSP, CISA, CEH, GIAC, etc…preferred
- Bachelor’s Degree or equivalent combination of experience.
Hours & Work Schedule
Hours per Week: 40
Work Schedule: Monday through Friday
Why Work with Us
At Citizens, you’ll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth.
Equal Employment and Opportunity Employer/Disabled/Veteran
It is the policy of Citizens Bank and Citizens Securities, Inc. to provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to race, color, ethnicity, religion, gender, pregnancy/childbirth, age, national origin, sexual orientation, gender identity or expression, disability or perceived disability, genetic information, citizenship, veteran or military status, marital or domestic partner status, or any other category protected by federal, state and/or local laws.
Equal Opportunity & Affirmative Action Employer Disabled/Veteran
Citizens Bank is a brand name of Citizens Bank, N.A. and each of its respective subsidiaries, and Citizens Bank of Pennsylvania.