More jobs:
Principal Penetration Tester
Job in
Johnston, Providence County, Rhode Island, 02919, USA
Listed on 2026-06-03
Listing for:
Citizens Financial Group, Inc.
Full Time
position Listed on 2026-06-03
Job specializations:
-
IT/Tech
Cybersecurity, Data Security, Information Security
Job Description & How to Apply Below
Principal Penetration Tester
Locations:
This role will require an on-site hybrid work schedule in one of our primary organizational hubs including:
Johnston, RI - Pittsburgh, PA - Phoenix, AZ - Westwood or Medford, MA - Plano, TX - Iselin, NJ - Franklin, TN
Role Summary
The Principal Penetration Tester is responsible for strengthening internal security assurance across enterprise technology environments through independent, compliance focused security testing. This role evaluates the design and operating effectiveness of security controls, identifies gaps against regulatory, policy, and risk requirements, and supports audit and regulatory readiness. The position also plays a key role in building and maturing a centralized internal security testing capability with defensible, repeatable outcomes.
Position Overview
This role is centered on internal security and compliance testing, with emphasis on assessing control effectiveness, validating controls through realistic threat scenarios, and producing clear, audit ready results that inform leadership decisions and remediation priorities.
Key Responsibilities
* Plan, execute, and analyze regulatory and internal security testing across applications, cloud platforms, infrastructure, and endpoint environments
* Evaluate security control effectiveness using threat informed methodologies that consider adversary behavior, attack techniques, and architectural context
* Perform scenario based testing to validate controls under realistic operating conditions
* Analyze findings and deliver clear, actionable reporting aligned to business and risk impact
* Partner with technology owners to support remediation planning and validation testing
* Coordinate with internal and external testing teams to manage execution risks and dependencies
* Support internal audit and regulatory examinations by providing testing results, evidence, and assessments
* Partner with leadership to build, formalize, and mature a centralized internal security testing program and governance model
* Mentor and provide technical guidance to other security testing resources
* Contribute to metrics, dashboards, and reporting that demonstrate control maturity and risk reduction
* Identify opportunities to improve efficiency through automation of testing and evidence collection
Required Experience and Skills
* 10+ years of cybersecurity experience with strong focus on security control testing, assurance, or risk based security assessments
* Proven experience evaluating security controls across cloud, application, network, and infrastructure environments
* Strong working knowledge of security frameworks and standards such as NIST, ISO, CIS, OWASP, CVSS, and internal risk models
* Experience supporting internal audit activities, regulatory examinations, or compliance programs
* Demonstrated ability to design defensible test plans, evaluate evidence, and assess control design and operating effectiveness
* Strong written communication skills with experience producing audit ready documentation and executive level reporting
* Ability to collaborate and influence across engineering, risk, audit, and compliance stakeholders
Preferred Experience
* Experience in highly regulated enterprise environments such as financial services
* Familiarity with secure development practices and Dev Sec Ops control validation
* Experience automating security testing or evidence collection using scripting or security tooling
Education and Certifications
* Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field
* Preferred certifications include GPEN, CISSP, CISA, OSCP, or equivalent
Pay Transparency
The salary range for this position is $150,000-$170,000 per year plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience.
We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens' paid time off policy exceeds the mandatory, paid sick or paid time-away policy of very local and state jurisdiction in the United States. For an overview of our benefits, visit
#LI-Citizens1
Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.
Equal Employment Opportunity
Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence,…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×