• Help build the security engineering layer behind MLB’s application delivery and cloud infrastructure • Write automation, integrate security tools, and turn security requirements into controls • Focus on reducing preventable security issues, improving detection and routing of findings • Collaborate with development and infrastructure teams to integrate security into CI/CD pipelines • Build and improve security controls across CI/CD pipelines, source code platforms, artifact repositories, and deployment workflows • Build policy-as-code and security guardrails for cloud and infrastructure workflows • Partner with engineering and security teams to improve secure delivery practices • Identify opportunities to use AI-assisted workflows across security tasks

• Own the end-to-end 'agentic' product security roadmap, defining clear milestones for transitioning from traditional to autonomous security operations • Present quarterly AI transformation scorecards to the VP of Product Cybersecurity and senior leadership • Partner with the CISO and Advanced Research Center to align strategies with enterprise risk frameworks and explore frontier technologies • Embed security capabilities into business unit engineering workflows through proactive stakeholder collaboration • Lead the evaluation and selection of LLM providers, agentic tooling, and AI security platforms • Manage unit economics, including token cost management and per-application budgeting • Enforce rigorous 'shadow mode' validation—requiring 95%+ parity before retiring any legacy security tools • Integrate security agents into CI/CD pipelines to achieve 100% repository coverage for code review and threat modeling by FY2027 • Build autonomous vulnerability response capabilities; map all supported product versions to CVE exposure agents by FY2027 and reduce PSIRT advisory SLAs • Define and govern role-based identities, permissions, and behavioral profiles for all autonomous agents • Manage multi-vendor contractor programs and ensure GE Vernova ownership of all agent code/IP • Build a resilient AI security team through strategic hiring, reskilling, and a dual-vendor strategy to mitigate single-vendor dependency

• Lead PSIRT efforts across the business, reporting directly to the VP of Product Cybersecurity. • Manage externally identified product vulnerabilities and incidents across GE Vernova’s business units. • Coordinate remediation and disclosure across multiple product lines. • Run the company’s CVE Numbering Authority (CNA) program. • Ensure compliance with EU CRA and other applicable regulatory reporting obligations. • Partner with the CISO’s CERT and business unit security teams. • Coordinate with law enforcement and E-ISAC as circumstances require. • Deploy AI-powered tooling to accelerate triage, automate vulnerability scoring, and scale PSIRT capacity.

Role Description This is a remote position that can be hired in NC, AZ, VA, NJ, and TX. This person should possess strong analytical and technical problem-solving skills as well as experience in the different phases of the system life cycle, to support multiple projects, develop standard operating procedures, and perform day-to-day functional administration and support for Privileged Access Management (PAM). The engineer should have in-depth experience in the management of passwords/credentials (such as default accounts, service accounts, keys, etc.) in PAM solutions. - Support the deployment and integration of privileged account security solutions. - Ability to discuss technical concepts and interdependencies with customers. - Experience gathering high-level functional and operational requirements. - Experience developing and managing multiple system designs concurrently. - Provide operation and maintenance of existing PAM solutions. - Develop design documentation, standard operating procedures (SOPs), and implementation/deployment plans for privileged account security solutions and identity governance solutions. - Provide after-hours and on-call production support when required. - Develop diagrams and documentation to support infrastructure configuration changes. - Provide security tool enhancements and performance tuning to increase capability to support new requirements. - Plan, test, and deploy firmware, software upgrades, and security fixes. Qualifications - Bachelor's Degree and 8 years of experience in Systems Engineering, Network, or Information Security OR High School Diploma or GED and 12 years of experience in Systems Engineering, Network, or Information Security. Requirements - Experience supporting PAM solutions (CyberArk, HashiCorp, Delinea, etc.) in an enterprise environment. - Hands-on PowerShell/Python or similar scripting experience. - Ability to proficiently utilize SailPoint identity management system is a plus. - Proficiency with MS Visio, PowerPoint, Word, and Excel. - Background in information security systems with specific knowledge around access control. - Background in role-based access control for privileged access. - Hands-on Windows 2019 or later Server administration experience. - Hands-on Active Directory and LDAP query experience. - Functional understanding of TCP/IP networks and firewalls. - Functional understanding of the following protocols: TCP, UDP, DNS, NetBIOS, HTTP, HTTPS, SMTP, SNMP, SSH, SSL. - Strong UNIX/Linux system administration experience. Benefits Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at https://jobs.firstcitizens.com/benefits .