We are looking for an engineer who brings fresh ideas from all areas including distributed computing at scale, data retrieval and persistence, UI design, mobile, security, artificial intelligence, machine learning, natural language processing, and so on.
We need our security engineer to be versatile, data-driven, displaying leadership qualities and being enthusiastic to tackle problems across the full-stack as we continue to push boundaries and advance our platforms.
This role is responsible for full stack security engineering activities and helping ensure that security is “built into” the organization’s core consumer applications and platforms throughout the application and capability lifecycle.
This role supports critical security activities between our security division and core business delivery teams; and will participate in agile/DevOps project work streams as a security SME representing and engineering security solutions.
This role will also analyze, design, propose and help deliver modernized technology solutions that are appropriate for next generation banking applications.
The Full Stack Security Engineer maintains current knowledge of modernized computing paradigms, automation/orchestration frameworks, virtualization platforms, security threats and recommends security enhancements and purchases that allow Citizens Bank to deliver the most secure and robust digital applications deployed within the organization and within the cloud.
Primary responsibilities include:
+ Gaining a comprehensive understanding of the company’s overall digital technology and information systems and capabilities.
+ Participating in Agile meetings and timely delivery of project-related artifacts.
+ Working on significant and unique security issues where analysis of situations or data requires an evaluation of intangibles. Candidate should exercise independent judgment in methods, techniques and evaluation criteria for obtaining risk reduction objectives.
+ Supporting delivery of secure, architecturally sound components, tools, and applications.
+ Infusing Quality of Service characteristics (scalability, manageability, maintainability, etc.) into distributed service-based framework to create or expand business or technical capabilities.
+ Supporting automated and security testing of distributed components and environments
+ Collaborating with peers and other technology teams to raise or exceed the bar in terms of building security natively into applications.
+ Remaining current with technological and security innovations to provide direction for operational efficiency and future products.
+ Deployment and security configuration of complex applications throughout the project and secure software development lifecycle. Project delivery work may include delivery of AWS solutions, CI/CD tool sets, automation/orchestration platforms, micro-services, cryptographic safeguards, J2E platform software, and deployment of software artifacts, web server setup and configuration, coordination of network and database connectivity.
+ Securing integration of internally developed components (API's, web services, broker services, MQ and Data Power artifacts).
+ Remediation of vulnerabilities, close coordination with project testing teams for performance analysis, creation of documentation, and knowledge transfer to support staff.
+ Researching and evaluating proposed security and business solutions for adherence to documented company standards, policies and regulatory responsibilities.
+ Acting as a security SME with regards to strengths and weaknesses of the security capabilities systems and being able to recommend improvements to both software and hardware.
+ Assessing emerging security technologies against security architecture standards to determine where they fill gaps, overlap with existing solutions or extend capabilities.
While our preference would be to have a chosen candidate with onsite capabilities in our Nashville, TN offices – we are open to remote employment within the United States for an experienced candidate.
+ 8 or more years of systems/platform security engineering experience
+ 5 or more years of experience with Java, Go, Python, Ruby or other object oriented languages and software development environments
+ 3 or more years of experience in Continuous Integration, build management and automated deployments, TravisCI, Jenkins, or GitlabCI
+ End to end understanding of the secure software development lifecycle (SSDLC) and DevOps/DevSecOps process integration.
+ Knowledge of Integration Brokers like Zuul and Rabbit MQ is a strong plus, as is understanding of JIRA, Nexus, Subversion, Rapid Deploy and shell scripting.
+ Experience with Open Source Application stacks like Nginx and NodeJS.
+ Familiarity with security industry and regulatory standards (ISO 17799, ISO 27001/2, ISO 31000, NIST 800 series, PCI, SOX, GLBA. etc.)
+ Demonstrated experience with cloud-based solutions. This should include administration, architecture, and security of web services.
+ Candidate should have an understanding of APIs, methods of automated deployment, and API security management in a corporate setting.
+ Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing
+ Influencing experience at senior levels within an organization
+ Excellent verbal and written communication skills
+ Knowledge of ISO and NIST security standards preferred
Education, Certifications and/or Other Professional Credentials:
+ Bachelor's degree required ( Degree in Computer Science or Computer Engineering preferred)
+ CISSP or other relevant industry certifications (TOGAF, ITIL).
Hours & Work Schedule
Hours per Week: 40
Work Schedule: Monday - Friday 8:30AM - 5:00PM
Why Work for Us
At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth.
Equal Employment Opportunity
It is the policy of Citizens Bank to provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to race, color, ethnicity, religion, gender, pregnancy/childbirth, age, national origin, sexual orientation, gender identity or expression, disability or perceived disability, genetic information, citizenship, veteran or military status, marital or domestic partner status, or any other category protected by federal, state and/or local laws.
Equal Employment and Opportunity Employer/Disabled/Veteran
Citizens Bank is a brand name of Citizens Bank, N.A. and each of its respective subsidiaries.