Manager - Offensive Security

Locations: This role will require a hybrid work schedule in one of our primary Citizens hubs including: Johnston, RI - Pittsburg, PA - Phoenix, AZ - Westwood or Medford MA - Charlotte, NC - Plano, TX - Iselin, NJ

Position Overview

The Manager - Offensive Security will lead the bank’s offensive security initiatives, including Penetration Testing, Red Teaming, and Purple Team exercises. This role is responsible for building and evolving the bank’s offensive security capabilities to proactively identify risks, validate defenses, and enhance the overall security posture.

The ideal candidate is a hands-on professional with deep expertise in offensive security techniques and tools, as well as a strong understanding of the attack lifecycle, threat modeling, and risk analysis. This individual will also collaborate cross-functionally to communicate offensive security results to regulators, audit, and risk stakeholders.

Key Responsibilities

Offensive Security Strategy:

• Develop and implement a comprehensive offensive security program, including Penetration Testing, Red Teaming, and Purple Team exercises.
• Identify, test, and validate vulnerabilities across infrastructure, applications, and container environments.
• Establish a proactive threat identification strategy aligned with MITRE ATT&CK and the cyber kill chain.

Testing and Validation:

• Coordinate offensive security assessments to uncover gaps in defenses.
• Partner with defensive security and vulnerability management teams to ensure findings are prioritized and remediated.

Building Capabilities:

• Expand internal offensive testing capabilities, including wireless security assessments and advanced penetration testing techniques.
• Implement automated testing tools and integrate offensive testing into agile and DevSecOps pipelines.

Collaboration and Metrics:

• Develop meaningful metrics to measure and communicate offensive security results and trends.
• Liaise with Federal Regulators, Internal and external audit, enterprise risk, compliance, and executives to provide transparency of the bank's security posture.
• Present offensive security findings to both technical and non-technical audiences.

Leadership:

• Manage and mentor a team of penetration testers and offensive security specialists, driving innovation and continuous improvement.
• Serve as the escalation point for all offensive security matters across the bank.

Required Experience and Skills

• 10+ years of cybersecurity experience, with at least 3+ years focused on penetration testing and offensive security.
• Demonstrated expertise in Red Team, Purple Team, and advanced Penetration Testing.
• Hands-on experience with tools like Metasploit, Burp Suite, Nessus, Cobalt Strike, or similar.
• Strong knowledge of offensive testing methodologies, including MITRE ATT&CK, CVE, CWE, and the cyber kill chain.
• Experience building and scaling offensive security programs within large enterprise environments.
• Ability to communicate offensive testing results to technical and non-technical audiences, including executive leadership and regulators.
• Solid understanding of CVSS, CVE, CWE, and security assessment techniques.

Preferred Certifications

• OSCP, OSCE, GPEN, GXPN, LPT, CISSP, or equivalent certifications

Education and Certifications

• A bachelor’s degree in Computer Science, Computer Engineering, or a related discipline
• Preferred: Master's degree in Software Engineering, Computer Science, Engineering, Mathematics, or related discipline

Hours & Work Schedule

• Hours per Week: 40
• Work Schedule: M-F

Pay Transparency

The salary range for this position is $175,000 - $205,000 per year  plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience.  

We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of very local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits.

#LI-Citizens1

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens), provides equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability, or history or record of a disability, ethnicity, gender, gender identity or expression, transgendered and transitioning individuals, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens we are committed to fostering an inclusive culture that enables colleagues to bring their best selves to work every day and where all are expected to be treated with respect and professionalism. Employment decisions are based solely on experience, performance, and ability. We perform our best so we can do more for our customers, colleagues, communities and shareholders.

Equal Employment and Opportunity Employer

Job Applicant Data Privacy Policy

Background Check

Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.