Apply on Employer Site

Citizens · 3 weeks ago

Sr Cyber Defense Ops Specialist

One Citizens Bank Way, Johnston, RI, 02919, US

Full-time

Onsite

Mid, Senior Level

2+ years exp

Citizens is seeking a skilled and proactive Level 2 Cybersecurity Analyst to join their Cyber Defense Operations team. This role is responsible for investigating and responding to security incidents, performing advanced threat analysis, and supporting the continuous improvement of detection and response capabilities.

BankingCredit CardsFinancial ServicesFinTechRetail

H1B Sponsor Likely

Responsibilities

Investigate escalated security alerts and incidents from Level 1 analysts

Perform root cause analysis and impact assessments of security events

Conduct threat hunting and anomaly detection across enterprise systems

Collaborate with incident response teams to contain and remediate threats

Correlate threat intelligence with internal telemetry to identify emerging threats and attack patterns

Assist in the creation of use cases and offer recommendations for tuning detection rules in SIEM and other monitoring tools

Recommend improvements to incident response playbooks and runbooks

Provide mentorship and guidance to Level 1 analysts

Participate in post-incident reviews and contribute to lessons learned

Represent Cyber Defense in cross-functional security and risk initiatives

Qualification

Cybersecurity operationsIncident responseThreat analysisLog analysisSIEM platformsScripting PythonScripting PowerShellScripting BashAnalytical skillsCommunication skillsTeam collaborationProblem-solving skillsMentorship

Required

Bachelor's degree in Cybersecurity, Computer Science, or a related field, or equivalent experience

2–5 years of experience in cybersecurity operations or incident response

Deep understanding of network and endpoint security concepts

Knowledge of threat actor tactics, techniques, and procedures (TTPs)

Familiarity with the MITRE ATT&CK framework and threat intelligence platforms

Knowledge of regulatory and compliance frameworks (e.g., NIST, ISO, PCI-DSS)

Proficient in log analysis, packet capture review, and malware analysis

Strong analytical and problem-solving skills

Experience with scripting or automation (Python, PowerShell, Bash)

Effective oral and written communication skills for both technical and non-technical audiences

Ability to work independently and collaboratively in a high-pressure environment

Willingness to participate in a rotating on-call schedule or extended hours during critical incidents

Preferred

Security certifications such as CySA+, GCIH, GCIA, CEH, or equivalent preferred

Experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar) and EDR tools (e.g., CrowdStrike, Microsoft Defender)

Hands-on experience with SIEM Tools: Splunk, ArcSight, Sentinel, QRadar

Hands-on experience with EDR/XDR: CrowdStrike, Microsoft Defender, SentinelOne

Hands-on experience with Network Security: Palo Alto, Cisco, Check Point, FirePower

Hands-on experience with Data Protection: Symantec DLP, Triton, Guardium

Hands-on experience with Threat Intelligence & SOAR Platforms

Hands-on experience with Cloud Security Monitoring: AWS, Azure, or GCP environments

Company

Citizens

Glassdoor3.6

At Citizens, we recognize that the journey to accomplishment is no longer linear and that individuals are made of all they have done and all they are going to do.

Founded in 1828

Providence, Rhode Island, USA

10001+ employees

https://www.citizensbank.com/

H1B Sponsorship

Citizens has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2020 (1)