Cyber Defense Application Security Specialist

Description

The Application Security Specialist will be responsible for participating in the coordination and presentation of application vulnerability reviews to development, risk, audit, and business teams.

This role is technical and will require you to be proficient in the use of state-of-the-art application vulnerability scanning tools and will support critical efforts within the environment to improve the application security profile of the organization. You must possess a passion for finding and fixing application vulnerabilities and a desire to stay up to date with CWEs & CVEs in order to effectively convey risks to technical and non-technical audiences.

Responsibilities (but not be limited to):

• Hands-on use of automated tools to perform source code security analysis to identify flaws, weaknesses, vulnerabilities and attack vectors in web applications (SAST/DAST/IAST)

• Supporting the building, production, and maintenance of metrics associated with the application security program

• Reviewing and coordinating changes to information security policies, procedures, standards, and audit work programs in a continuous improvement model

• Guiding development teams in best practices across all stages of the SDLC

• Monitoring and responding to Open-Source Software weaknesses and exposures

• Performing research and developing presentations etc. regarding application security

• Developing and updating security patterns aligned with security requirements

Required Skills and Experience

• 2 years of security experience, application security-specific experience preferred

• Strong presentation and communication skills (written and oral)

• Ability to present complex, technical information to a variety of audiences, both technical and non-technical, in written and/or oral formats

• Experience with one or more common programming languages, frameworks, and libraries (VB, Java, .Net, C#, Python, Struts, Spring, Groovy, JSON, ~~~, etc.)

• Entry-level knowledge of Burp, Kali, Samurai, Metasploit, Cobalt Strike, and other security testing tools

• Working knowledge of OWASP Top 10, the OWASP Testing Guide, NIST SP 800-115, PTES, OSSTMM, and SANS Top 25 and other application security frameworks

• Ability to write scripts in languages such as Python (Preferred), bash, or PowerShell for automation

• Basic Linux and/or networking knowledge

• Proven hands-on experience with application security testing techniques such as fuzzing, penetration testing, and code scanning, ideally with both static (SAST) and dynamic (DAST) tools. IAST knowledge is a plus.

• Experience with testing web applications, thick clients, APIs, web services, and mobile applications, and performing source code reviews in multiple programming languages

• Solid understanding of secure SDLC principles

• Any experience with Agile, DevOps, and DevSecOps methodologies is a plus

Preferred Education and Certifications

• Bachelor's degree preferred

• Security related certifications such as CSSLP, GWAPT, GWEB, CEH preferred

Pay Transparency

The salary range for this position is $79,600 - $91,500 per year. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience.

We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens' paid time off policy exceeds the mandatory, paid sick or paid time-away policy of every local and state jurisdiction in the United States. For an overview of our benefits, visit ~~~.

#LI - Sourcer 3

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

At Citizens we value diversity, equity and inclusion, and treat everyone with respect and professionalism. Employment decisions are based solely on experience, performance, and ability. Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression (including transgender individuals who are transitioning, have transitioned, or are perceived to be transitioning to the gender with which they identify), genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws.

Equal Employment and Opportunity Employer

Citizens is a brand name of Citizens Bank, N.A. and each of its respective affiliates.

Why Work for Us

At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth

04/29/2024