
Job Information
Citizens Senior Manager - Head of Attack Surface Management in Westwood, Massachusetts
Description
This role requires working in a hybrid capacity from one of our primary Citizens Hubs located in Johnston, RI; Pittsburgh, PA; Phoenix, AZ; Westwood or Medford, MA; Charlotte, NC; or Plano, TX.
Position Overview
The Senior Manager, Head of Attack Surface Management will lead the bank’s offensive security initiatives, including Penetration Testing, Red Teaming, and Purple Team exercises. This role is responsible for building and evolving the bank’s offensive security capabilities to proactively identify risks, validate defenses, and enhance the overall security posture.
The ideal candidate is a hands-on leader with deep expertise in offensive security techniques and tools, as well as a strong understanding of the attack lifecycle, threat modeling, and risk analysis. This leader will also collaborate cross-functionally to communicate offensive security results to regulators, audit, and risk stakeholders.
Key Responsibilities
Offensive Security Strategy:
Lead and develop a comprehensive offensive security program, including Penetration Testing, Red Teaming, and Purple Team exercises.
Identify, test, and validate vulnerabilities across infrastructure, applications, and container environments.
Establish a proactive threat identification strategy aligned with MITRE ATT&CK and the cyber kill chain.
Testing and Validation:
Oversee and coordinate offensive security assessments to uncover gaps in defenses.
Partner with defensive security and vulnerability management teams to ensure findings are prioritized and remediated.
Building Capabilities:
Develop and expand internal offensive testing capabilities, including wireless security assessments and advanced penetration testing techniques.
Implement automated testing tools and integrate offensive testing into agile and DevSecOps pipelines.
Collaboration and Metrics:
Develop meaningful metrics to measure and communicate offensive security results and trends.
Liaise with Federal Regulators, Internal and external audit, enterprise risk, compliance, and executives to provide transparency of the bank's security posture.
Present offensive security findings to both technical and non-technical audiences.
Leadership:
Manage and mentor a team of penetration testers and offensive security specialists, driving innovation and continuous improvement.
Serve as the escalation point for all offensive security matters across the bank.
Required Experience and Skills
15+ years of cybersecurity experience, with at least 5+ years focused on penetration testing and offensive security leadership.
Demonstrated expertise in Red Team, Purple Team, and advanced Penetration Testing.
Hands-on experience with tools like Metasploit, Burp Suite, Nessus, Cobalt Strike, or similar.
Strong knowledge of offensive testing methodologies, including MITRE ATT&CK, CVE, CWE, and the cyber kill chain.
Experience building and scaling offensive security programs within large enterprise environments.
Ability to communicate offensive testing results to technical and non-technical audiences, including executive leadership and regulators.
Solid understanding of CVSS, CVE, CWE, and security assessment techniques.
Preferred Certifications
- OSCP, OSCE, GPEN, GXPN, LPT, CISSP, or equivalent certifications
Education and Certifications
A bachelor’s degree in Computer Science, Computer Engineering or a related discipline
Preferred: Master's degree in Software Engineering, Computer Science, Engineering, Mathematics or related discipline
Hours & Work Schedule
Hours per Week: 40
Work Schedule: M-F
Pay Transparency
The salary range for this position is $175,000 - $225,000 per year plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience.
We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of very local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits.
Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.
Equal Employment Opportunity
Citizens, its parent, subsidiaries, and related companies (Citizens), provides equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability, or history or record of a disability, ethnicity, gender, gender identity or expression, transgendered and transitioning individuals, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens we are committed to fostering an inclusive culture that enables colleagues to bring their best selves to work every day and where all are expected to be treated with respect and professionalism. Employment decisions are based solely on experience, performance, and ability. We perform our best so we can do more for our customers, colleagues, communities and shareholders.
Why Work for Us
At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth
Background Check
Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.
05/03/2025
Citizens
-
- Citizens Jobs