Cyber Defense Principal Application Security Engineer

Location: Johnston, RI (02919)
Company: Citizens
Industry: IT
Job Type: Full Time
Posted: 4 days ago


In this role, you will be part of a smart and collaborative team working to identify, interpret, and help drive vulnerability remediation in enterprise applications. Specifically, you will be responsible for participating in the coordination and presentation of application vulnerability reviews to development, risk, audit, and business teams.

This role is technical and will require you to be proficient in the use of state-of-the-art application vulnerability scanning tools and will support critical efforts within the environment to improve the application security profile of the organization, so you must possess a passion for finding and fixing application vulnerabilities.

Responsibilities (but will not be limited to):

  • Hands on use of automated tools and manual testing techniques to identify flaws, weaknesses, vulnerabilities and attack vectors in web applications (SAST, DAST, IAST, SCA)
  • Automating application security solutions across the enterprise
  • Innovative thinking and ideas to drive continuous improvement across Attack Surface Management
  • Monitoring and responding to Open-Source Software weaknesses and exposures
  • Review and coordinate changes to cyber security policies, procedures, and standards
  • Self-audit our application security program to instill continuous improvement
  • Guiding development teams in best practices across all stages of the SDLC process
  • Evangelizing and driving Application Security inside the company
  • Building a very close working relationship with application development and QA teams
  • Developing and updating security patterns aligned with security requirements
  • Creating, producing and maintaining metrics associated with the application security program
  • Good time management skills and the ability to commit and adhere to time-sensitive deliverables
  • Advising and educating development teams in best practices across all stages of the SDLC
  • Developing and updating security patterns & user stories aligned with security requirements


Required Skills and Experience:

  • Knowledge and understanding of the OWASP top 10 and OWASP ASVS
  • 5 or more years of strong applicable security or development experience
  • Hands-on experience operating in an Agile/DevSecOps oriented environments
  • Experience implementing and supporting application security tools in automated build pipelines
  • Demonstrable experience with application security testing techniques such as automated static (SAST) and dynamic (DAST), Interactive (IAST), Source Composition Analysis(SCA), API scanning, Serverless scanning, etc.
  • Highly proficient in at least one major scripting/programming language (Python, Java, Node, Java, Go, etc.)
  • Ability to present complex, technical information to a variety of audiences, both technical and non-technical, in written and/or oral formats

Preferred Skills:

  • Application development background
  • Manual security testing and analysis of web applications, API's, and mobile applications
  • Experience working with Groovy
  • Threat modeling and/or participation in secure design or architecture reviews
  • Experience working with and implementing IAST/RASP technologies

Education and Certifications:

  • Bachelor's degree preferred
  • Security related certifications such as OSCP, OSWE, CSSLP, GWAPT, GWEB, CEH preferred

Hours & Work Schedule:

  • Hours per Week: 40
  • Work Schedule: Monday through Friday

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Why Work for Us

At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth.

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability or perceived disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws.

Equal Employment and Opportunity Employer/Disabled/Veteran

Citizens is a brand name of Citizens Bank, N.A. and each of its respective affiliates.

Web Reference : AJF/416829603-202
Posted Date : Fri, 23 Sep 2022

Please note, to apply for this position you will complete an application form on another website provided by or on behalf of Citizens. Any external website and application process is not under the control or responsibility of IT JobServe

Search for more IT Jobs