Citizens Bank Application Security Senior Specialist in Johnston, Rhode Island

Description

This position will be part of a collaborative team working to identify, interpret and help drive vulnerability remediation in enterprise applications.

The successful applicant will be responsible for participating in the coordination and presentation of application vulnerability reviews to development, risk, audit and business teams. This role will require the applicant to be proficient in the use of state of the art application vulnerability scanning tools and will support critical efforts within the environment to improve the application security profile of the organization. You must possess a passion for finding and fixing application vulnerabilities and staying on industry trends up to date in order to effectively convey risks to technical and non-technical audiences.

Responsibilities will include (but will not be limited to):

  • Using automated tools to perform source code security analysis to identify vulnerabilities and attack vectors in web applications (SAST & DAST)

  • Supporting the building, production and maintenance of metrics associated with the application security program

  • Reviewing and coordinating changes to information security policies, procedures, standards and audit work programs in a continuous improvement model

  • Guiding development teams in best practices across all stages of the SDLC

  • Monitoring and responding to Open Source Software weaknesses and exposures

  • Evangelizing and driving Application Security inside the company

  • Performing research and develop whitepapers/presentations/etc. regarding application security

  • Developing and updating security patterns aligned with security requirements

Qualifications

Experience and Skills:

  • 3 or more years of applicable security or development experience

  • Experience with one or more common programming languages, frameworks, and libraries (VB, Java, .Net, Ruby, C++, Python, Struts, Spring, Groovy, JSON, Node.js, etc.)

  • Knowledge of vulnerabilities associated with the OWASP Top 10 & SANS Top 25

  • Ability to write scripts in languages such as Python, BASH, or PowerShell for automation

  • Experience with application security testing techniques such as fuzzing, penetration testing and code scanning, ideally with both static (SAST) and dynamic (DAST) tools for client-server, web, mobile, and cloud applications

  • Experience with common programming concepts

  • Knowledge of secure SDLC principles

  • Strong presentation & communication skills (written and oral)

  • Understanding of risk management practices with emphasis on risk assessment and interpretation and application of corporate information security policies

  • Ability to analyze data using Excel including use of complex Excel macros / scripts for reporting purposes; some development experience is preferable

Education and Certifications:

  • Bachelor’s degree preferred

  • Security related certifications such as CSSLP, CISSP, GIAC, preferred

Hours & Work Schedule

Hours per Week: 40

Work Schedule: Monday through Friday 8:30AM - 5:00PM