Citizens Bank

Title: Cloud and Container Cyber Security Specialist



The successful applicant will be responsible for participating in the coordination and presentation of vulnerability reviews to development, risk, audit and business teams. This role is hands-on and technical. You will be the Subject Matter Expert (SME) within the team for all matters Cloud and Container Security respective to Vulnerability & Attack Surface Management.

Primary responsibilities include:

  • Managing, maintaining, and supporting our Container Security Vulnerability tool(s) to include managing the output and working hands-on with the DevOps and Infrastructure teams to drive remediation
  • Supporting the building, production and maintenance of metrics associated with the container security program
  • Guiding development teams in best practices across all stages of the SDLC
  • Monitoring and responding to Open Source Software weaknesses and exposures
  • Evangelizing and driving Cyber Security inside the company
  • Building a very close working relationship with DevOps, cloud engineering, application development, and QA teams.
  • Performing research and develop whitepapers/presentations/etc. regarding application security
  • Developing and updating security patterns & user stories aligned with security requirements

Location is not a barrier for this role and while our preference would be to have a chosen candidate with onsite capabilities in one of our corporate headquarters – we are open to remote employment within the United States for an experienced candidate.


Required Skills/Experience:

  • 5 years of strong applicable security experience
  • Solid understanding of Cloud platforms such as AWS, Azure, and GCP
  • Experience with container orchestration technologies such as Docker, Kubernetes, Mesos, Openshift
  • Hands-on experience with Agile, DevOps and DevSecOps methodologies is a plus
  • Assist in developing an automated framework for Security Tool deployment and development, leveraging various scripting languages and open source solutions
  • Understanding of Infrastructure as Code
  • Experience moving to a DevOps / DevSecOps environment
  • Experience with agile development and CI/CD pipelines
  • Experience with container / orchestration tools
  • Knowledge of CloudFormation / Terraform
  • Hands on experience AWS / Windows / Linux Security
  • Highly proficient in at least one major scripting / programming language (Python, Ruby, Node, Java, R, Go…) Proficient in shell scripting (Bash, PowerShell…)
  • Deep understanding of container security tools, and experience with products such as Aqua, Twistlock, Qualys Container Security, Layered Insight
  • Ability to present complex, technical information to a variety of audiences, both technical and non-technical, in written and/or oral formats

Education, Certifications and/or Other Professional Credentials:

  • Bachelor’s degree required
  • Security related certifications such as CSSLP, GWAPT, GWEB, GPEN, CEH, CCSK, CCSP preferred

Hours & Work Schedule

  • Hours per Week: 40
  • Work Schedule: Monday-Friday 8:00AM – 5:00PM

Job Type: 1st Shift
C: 8.33