Manager Vulnerability Management

Join to apply for the Manager Vulnerability Management role at Citizens
.

Hybrid work arrangement required: 4 days on-site, 1 remote in one of our organizational hubs including:
Johnston, RI;
Phoenix, AZ;
Westwood OR;
Medford, MA;
Plano, TX;
Iselin, NJ;
Pittsburgh, PA;
Franklin, TN;
Cleveland OR;
Columbus, OH;
Chicago, IL.

We are currently seeking a highly motivated, detail oriented, and customer focused individual to play a key role on the team. In this role on the Cyber Defense – Infrastructure Vulnerability Management Team, you will be responsible for performing vulnerability and compliance scanning and analysis to aid Citizens in assessing the enterprise vulnerability posture and reducing the attack surface.

Working closely with business lines and infrastructure teams, you will directly contribute to the effort to identify, track, and remediate the open vulnerabilities on systems that store, process, or display Citizen’s data. This role requires understanding technology operations as well as security operations, with a keen understanding of mitigating and compensating controls.

• Actively look for ways to improve processes around the program to provide a best of breed, world class service
• Communicate security issues to a wide variety of internal and external customers, including technical teams, executives, risk groups, vendors and regulators
• Maintain a deep understanding of current threat, vulnerabilities, attacks, countermeasures and how to respond effectively to them while providing training to the rest of the team on these items
• Develop meaningful metrics to reflect the true posture of the environment, allowing the organization to make educated decisions based on risk
• Improve the capabilities and maturity of the Citizens Vulnerability Management Program by identifying appropriate technologies, policies, communication channels, organizational structures and relationships with third parties

• 8+ years of progressive security industry experience, including 2+ years in a leadership or management role
• 5 years of progressive security industry experience
• 1-2 years of experience with Qualys Guard Vulnerability Scanner including its API, Vulnerability Management (VM), Policy Compliance (PC), Cloud View, Asset View, Cloud Agent, and other modules (highly preferred)
• 1-2 years of experience with other vulnerability management solutions such as Tenable, Rapid7, and others acceptable with expectation to become a domain expert with Qualys in 3-6 months
• Recall level understanding of CVSS, CVE, CWE, CPE, CCE, OVAL, SCAP and other standards
• Experience developing applications, automation scripts, or other solutions in at least one modern language (Python, Powershell, Java, C/C++, Go, etc)
• Expert understanding of operating systems (Windows, UNIX, Linux, AIX, etc.) with emphasis on vulnerability assessment and hardening; subject matter expertise in at least one OS is required
• Practical knowledge of security hardening, configuration management, change control/problem management, exception management, and security baselines (e.g., CIS Baselines, NIST, vendor security technical implementation guides)
• Practical knowledge of Cloud (AWS, Azure, etc.) and how to secure them
• Associate level knowledge of networking fundamentals
• Experience fostering and maintaining relationships with key stakeholders and business partners
• Self‑motivation with the ability to work under minimal supervision
• Ability to demonstrate manual testing experience including all of OWASP Top 10
• Demonstrated experience with common penetration testing and vulnerability assessment tools such as nmap, Wireshark, Nessus, NeXpose, Kali, Metasploit, App Scan, Web Inspect, Burp Suite Professional, Acunetix, Arachni, w3af, NTOSpider, ZAP Proxy, IronWASP (plus)

• One or more relevant security certifications (GEVA, GCIH, GCIA, OSCP, GPEN, GXPN, GWAPT, GWEB, GCIA, GSNA, LPT, Security+, CISSP, CISM, CISA)
• Bachelor’s Degree or equivalent combination of experience

Mon–Fri, 40 hours per week.

The salary range for this position is…