The Principal Cyber Defense Ops Specialist will be a resident technical expert within the Security Operations Center (SOC). This role is for a senior level individual contributor role on the Cyber Defense – Computer Security Incident Response Team (CSIRT) and will be working closely with the Threat Intelligence, Attack Surface Management, and Detection Engineering teams.

This role will have responsibility for one or more of the security systems aligned with their specific function, either directly or indirectly; and will be a technical authority for critical operational decisions having significant impact to the organization with authority extending beyond the team to include both technology and business line areas in security-related decisions. 

This role will also help mature an existing CSIRT incident response, malware analysis, and advanced threat detection programs.

The individual would be responsible for (but not limited to):

• Conducting network forensics, log analysis, and malware triage in support of incident response investigations
• Utilizing current and future tools to perform hunting for complex insider and outsider threats
• Analyzing vulnerability assessment and penetration testing results to help identify stealthy threats and drive remedial action of critical threats
• Supporting proactive deep malware analysis, and recommending defensive actions to effectively defend against malware related attacks
• Recommend how to optimize security monitoring tools based on threat hunting discoveries
• Facilitating the evaluation, selection and implementation of supporting SOC systems and tools
• Helping develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk
• Exercising analytical skills and knowledge of supervision regulations

Experience and Skills:

• 7 or more years of progressive security industry experience
• Demonstrated understanding of various operating systems (Window, Unix, Linux, AIX, etc) with an emphasis on Security Operations
• Hands on experience with:
  • Security Information and Event Management Tools (QRadar, Arcsight, Splunk, etc.)
  • Intrusion Prevention Tools
  • Database Security Tools (Guardium)
  • Data Loss Prevention Tools (Symantec, Websense, etc.)
  • Firewalls (Cisco, Palo Alto, Check Point etc.)
  • Application Security Tools
  • Vulnerability tools
  • Cyber Security Incident Response
  • Network Intrusion Detection Systems (SourceFire, McAfee, etc.)
  • Host Intrusion Detection Systems
  • Packet Capture tools
• Experience with threat taxonomies, models (e.g. MITRE ATT&CK), and Indicators of Compromise (IOCs)
• Experience with one or more scripting language (Bash, Python, Perl, PowerShell, etc.)
• Experience with malware reverse Analyzing and tools such as IDA Pro, OllyDbg, PEID etc.
• Knowledge of Advanced Persistent Threat (APT) actors and associated tools, techniques, and procedures (TTPs)
• Excellent oral and written communications skills 
• Strong analytical and critical thinking skills
• Self-motivation with the ability to work under minimal supervision
• Experience with computer security incident handling, coordination and response
• Knowledge and experience required in the areas of security assessment and vulnerability scanning, risk based threat analysis, and security mitigation techniques 

Education, Certifications and/or Other Professional Credentials:

• Bachelor’s Degree (Security / IT Related) or equivalent combination of experience
• A combination of relevant industry certifications including, but not limited to CISSP, GREM, GCIH, GCIA, CEH, GCED, CISA, etc

Hours & Work Schedule

Hours per Week: 40

Work Schedule:  Monday through Friday 8:30AM - 5:00PM

Pay Transparency

The salary range for this position is $112,000 - $148,000 per year plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience.

We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of every local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits .

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.

Equal Employment and Opportunity Employer

Job Applicant Data Privacy Policy

Background Check

Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.