Cyber Defense Principal Application Security Engineer

DescriptionIn this role, you will be part of a smart and collaborative team working to identify, interpret, and help drive vulnerability remediation in enterprise applications. Specifically, you will be responsible for participating in the coordination and presentation of application vulnerability reviews to development, risk, audit, and business teams. This role is technical and will require you to be proficient in the use of state-of-the-art application vulnerability scanning tools and will support critical efforts within the environment to improve the application security profile of the organization, so you must possess a passion for finding and fixing application vulnerabilities. Responsibilities (but will not be limited to):Hands on use of automated tools and manual testing techniques to identify flaws, weaknesses, vulnerabilities and attack vectors in web applications (SAST, DAST, IAST, SCA)Automating application security solutions across the enterpriseInnovative thinking and ideas to drive continuous improvement across Attack Surface ManagementMonitoring and responding to Open-Source Software weaknesses and exposuresReview and coordinate changes to cyber security policies, procedures, and standardsSelf-audit our application security program to instill continuous improvementGuiding development teams in best practices across all stages of the SDLC processEvangelizing and driving Application Security inside the companyBuilding a very close working relationship with application development and QA teamsDeveloping and updating security patterns aligned with security requirementsCreating, producing and maintaining metrics associated with the application security programGood time management skills and the ability to commit and adhere to time-sensitive deliverablesAdvising and educating development teams in best practices across all stages of the SDLCDeveloping and updating security patterns & user stories aligned with security requirementsQualificationsRequired Skills and Experience:Knowledge and understanding of the OWASP top 10 and OWASP ASVS5 or more years of strong applicable security or development experienceHands-on experience operating in an Agile/DevSecOps oriented environmentsExperience implementing and supporting application security tools in automated build pipelinesDemonstrable experience with application security testing techniques such as automated static (SAST) and dynamic (DAST), Interactive (IAST) , Source Composition Analysis(SCA), API scanning, Serverless scanning, etc.Highly proficient in at least one major scripting / programming language (Python, Java, Node, Java, Go, etc.)Ability to present complex, technical information to a variety of audiences, both technical and non-technical, in written and/or oral formatsPreferred Skills:Application development backgroundManual security testing and analysis of web applications, API''s, and mobile applicationsExperience working with GroovyThreat modeling and/or participation in secure design or architecture reviewsExperience working with and implementing IAST / RASP technologiesEducation and Certifications:Bachelor''s degree preferredSecurity related certifications such as OSCP, OSWE, CSSLP, GWAPT, GWEB, CEH preferredHours & Work Schedule:Hours per Week: 40Work Schedule: Monday through Friday Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.Why Work for UsAt Citizens, you''ll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth.Equal Employment OpportunityCitizens, its parent, subsidiaries, and related companies provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability or perceived disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague''s or a dependent''s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws.Equal Employment and Opportunity Employer/Disabled/VeteranCitizens is a brand name of Citizens Bank, N.A. and each of its respective affiliates.

Created: 2025-10-04