Locations: This role will require an on-site hybrid work schedule in one of our primary organizational hubs including: Johnston, RI - Pittsburgh, PA - Phoenix, AZ - Westwood or Medford, MA - Plano, TX - Iselin, NJ - Franklin, TN

Position Overview

At our organization, we are committed to innovation and excellence. As part of our team, you’ll have the opportunity to shape a rewarding career filled with impactful challenges. The Principal Penetration Tester will play a critical role in building and shaping our newly formed penetration testing team, bringing deep technical expertise and a collaborative mindset to establish a world-class program. This role focuses on hands-on penetration testing across diverse environments, including cloud (AWS, Azure, GCP), applications, networks, and endpoints, while contributing to the strategic development of the team’s methodologies, tools, and processes.

This position requires exceptional technical aptitude, a passion for identifying and exploiting vulnerabilities, and the ability to work closely with cross-functional teams to enhance the organization’s security posture. The Principal Penetration Tester will deliver detailed findings and actionable recommendations, maintaining clear communication with technical teams, leadership, and compliance stakeholders.

Key Responsibilities

Penetration Testing Execution:

• Conduct advanced penetration tests across cloud environments (AWS, Azure, GCP), web and mobile applications, APIs, networks, and endpoints to identify vulnerabilities and misconfigurations.
• Develop and execute custom exploits, scripts, and attack scenarios to simulate real-world threats.

Team Building and Development:

• Collaborate with leadership to build and shape the new penetration testing team, defining methodologies, workflows, and standards.
• Mentor junior testers, fostering a culture of technical excellence, curiosity, and continuous learning.

Technical Expertise:

• Maintain and enhance a penetration testing toolkit, including custom tools, scripts (Go, Python, Bash), and industry-standard platforms (e.g., Burp Suite, Nmap).
• Stay current with emerging vulnerabilities, exploits, and attack techniques to ensure cutting-edge testing practices.

Reporting and Collaboration:

• Produce detailed, high-quality reports with clear findings, risk assessments, and remediation recommendations for technical and non-technical audiences.
• Partner with application development, infrastructure, and security operations teams to prioritize and address vulnerabilities.
• Contribute to metrics and KPIs to demonstrate the impact of the penetration testing program.

Process Improvement:

• Establish repeatable, scalable testing processes aligned with frameworks like OWASP, NIST, PTES, and CVSS.
• Drive automation initiatives to enhance the efficiency and coverage of penetration testing activities.

Required Experience and Skills

• 10+ years of cybersecurity experience, with at least 6 years focused on penetration testing across diverse environments.
• Proven expertise in testing cloud platforms (AWS, Azure, GCP), web/mobile applications, APIs, and network infrastructure.
• Advanced technical skills in scripting (Python, Bash, PowerShell) and hands-on use of tools like Burp Suite, Metasploit, Nmap, and Nessus.
• Experience contributing to or building a penetration testing program, including defining methodologies and workflows.
• Strong understanding of vulnerability management processes and frameworks (e.g., OWASP, NIST, CVSS, CWE).
• Excellent documentation skills, with the ability to produce clear, actionable reports for technical and executive audiences.
• Superior communication skills to collaborate with cross-functional teams and present findings to stakeholders.
• Demonstrated ability to mentor and guide junior team members.
• Familiarity with secure development practices and DevSecOps principles is a plus.

Education and Certifications

• A bachelor’s degree in Computer Science, Cybersecurity, or a related field.
• Preferred Certifications: OSCP, OSCE, OSEP, GPEN, GWAPT, CEH, or equivalent.

Pay Transparency

The salary range for this position is $150,000-$170,000 per year plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience.  

We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of very local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits.

#LI-Citizens1

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.

Equal Employment and Opportunity Employer

Job Applicant Data Privacy Policy

Background Check

Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.