Citizens Bank

Full Stack Security Engineer

Citizens Bank

Remote, US

April 3, 2022

The Full Stack Security Engineer is a key resource within the Corporate Security and Resilience (CS&R) Security Engineering and Architecture (SEA) team. In this role, you are the subject matter expert (SME) who, through independent project engagements and collaboration with internal and external partners, will secure next generation digital Banking and Mortgage solutions. This includes, but is not limited to, critical technologies and capabilities like consumer Banking and Mortgage platforms, commercial Banking and Mortgage platforms, middleware platforms, CI/CD platforms, API driven orchestration and business-centric platforms.

You will be responsible for security engineering activities and helping ensure that security is built into the organization s core digital Banking and Mortgage applications and platforms throughout the application and capability lifecycle. You will support critical security activities between CS&R and technology delivery teams and will participate in agile/DevOps project work streams as a security SME representing and engineering digital Banking and Mortgage security solutions. You will also analyze, design, propose and help deliver modernized technology solutions that are appropriate for next generation Banking and Mortgage applications.

This Full Stack Security Engineer maintains current knowledge of modernized computing paradigms, automation/orchestration frameworks, virtualization platforms, security threats and recommends security enhancements and purchases that allow Citizens Bank to deliver the most secure and robust digital Banking and Mortgage applications deployed within the organization and within the cloud.

Responsibilities Include:

  • Gaining a comprehensive understanding of the company s digital Banking and Mortgage technology and information systems and capabilities.

  • Participation in Agile meetings and timely delivery of project-related artifacts.

  • Working on significant and unique issues where analysis of situations or data requires an evaluation of intangibles. Candidate should exercise independent judgment in methods, techniques and evaluation criteria for obtaining results.

  • Deployment and configuration of complex applications throughout the project and secure software development lifecycle. Project delivery work may include delivery of AWS solutions, CI/CD tool sets, automation/orchestration platforms, micro-services, cryptographic safeguards, J2E platform software, and deployment of software artifacts, web server setup and configuration, coordination of network and database connectivity.

  • Integration of internally developed components (API’s, web services, broker services, MQ and Data Power artifacts).

  • Remediation of vulnerabilities, close coordination with project testing teams for performance analysis, creation of documentation, and knowledge transfer to support staff.

  • Providing guidance and recommendations related to digital security engineering efforts and lead proof of concept (POC) projects.

  • Leading in the development and providing guidance during security architecture design activities of new and existing applications.

  • Researching and evaluating proposed digital security and business solutions for adherence to documented company standards, policies and regulatory responsibilities.

  • Acting as a security SME with regards to strengths and weaknesses of security capabilities and being able to recommend improvements to both software and hardware.

  • Assessing emerging digital Banking and Mortgage security technologies against security architecture standards to determine where they fill gaps, overlap with existing solutions or extend capabilities.

Location is not a barrier for this role and while our preference would be to have a chosen candidate with onsite capabilities in one of our corporate headquarters we are open to remote employment within the United States for an experienced candidate.


Experience and Skills:

  • 5 or more years in system security engineering, controls or information management experience and/or Security Engineer/Architect/Consultant

  • 8 or more years of systems/platform engineering experience

  • Experience with building and maintaining effective relationships with stakeholders, clients, peers, supervisors, subordinates and other internal company staff

  • End to end understanding of the secure software development lifecycle (SSDLC) and DevOps/DevSecOps process integration.

  • Demonstrated ability to think strategically about business, product and technical challenges.

  • Demonstrated experience with cloud-based solutions. This should include administration, architecture, and security of web services. Candidate should understand APIs, methods of automated deployment, and API management in a corporate setting.

  • Experience with Open-Source Application stacks like Nginx and NodeJS

  • Knowledge of Integration Brokers like Zuul and Rabbit MQ is a strong plus, as is understanding of JIRA, Nexus, Subversion, Rapid Deploy and shell scripting.

  • Familiarity with security industry and regulatory standards (ISO 17799, ISO 27001/2, ISO 31000, NIST 800 series, PCI, SOX, GLBA. etc.)

  • Experienced with industry standard technologies and database management platforms.

  • Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing

  • Demonstrated ability leading programs

  • Influencing experience at senior levels within an organization

  • Excellent verbal and written communication skills

  • Industry experiences in financial services, high-tech, and /or healthcare preferred

Education and Certifications:

  • Bachelor’s degree (Degree in Computer Science or Computer Engineering preferred)

  • CISSP or other relevant industry certifications (TOGAF, ITIL).

  • Knowledge of ISO and NIST security standards preferred

Hours & Work Schedule

Hours per Week: 40

Work Schedule: Monday-Friday 8am-5pm

Position is not available in Colorado