Role Description This is a remote opportunity that can be hired only in NC and TX. This position ensures the technological and digital security of the Bank. The tester will: - Identify exposure to cyber threats, security risks, and unauthorized access. - Assist with mitigation guidance. - Assess organizational networks, applications, or systems for potential vulnerabilities. - Maintain knowledge of industry practices, technology, and evolving threats to enhance defenses for the Bank's information systems and resources. The Pentester must be able to: - Plan, coordinate, communicate, track, and conduct penetration testing assessments on the organization’s applications. - Aid in the coordination of additional testing through third-party vendors. - Maintain and may lead other associates in the work group acting as lead tester. - Work remotely and/or from a corporate office location. - Plan and conduct application penetration tests of complex computer systems from a remote testing location. - Coordinate third-party vendor testing. - Analyze and document test results in the format and level of detail dictated by current procedures. - Convey highly technical information in a manner that can be understood and appreciated by Application Owners and other stakeholders. - Track vulnerabilities and metrics. - Coordinate multiple projects/assignments simultaneously and accurately, and deliver results in a timely manner. - Stay current on new tools, TTPs, vulnerabilities, and emerging threats. - Aid in defining and documenting Pentest Processes. Qualifications - Bachelor's Degree and 4 years of experience in Systems Engineering, Network, or Information Security OR High School Diploma or GED and 8 years of experience in Systems Engineering, Network, or Information Security. - Preferred Qualifications: - FCB Experience. - Expertise in application penetration techniques with and without scanners. - Demonstrated expertise in testing web applications and databases. - Linux and Windows. - Kali Linux tools, Burp Suite, and other pentest tools. - Experience with pentesting frameworks such as OWASP and PTES. - Analysis and development of professional reports. - Knowledge of the Secure System Development Lifecycle. - Demonstrated ability to effectively balance and manage multiple priorities. - Proficiency in Microsoft Word, Excel, PowerPoint, and Outlook. - Preferred but not required: OSWE, GPEN, GWAPT, or other equal certifications. Benefits - Benefits are an integral part of total rewards. - First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. - More information can be found at https://jobs.firstcitizens.com/benefits .

• Help build the security engineering layer behind MLB’s application delivery and cloud infrastructure • Write automation, integrate security tools, and turn security requirements into controls • Focus on reducing preventable security issues, improving detection and routing of findings • Collaborate with development and infrastructure teams to integrate security into CI/CD pipelines • Build and improve security controls across CI/CD pipelines, source code platforms, artifact repositories, and deployment workflows • Build policy-as-code and security guardrails for cloud and infrastructure workflows • Partner with engineering and security teams to improve secure delivery practices • Identify opportunities to use AI-assisted workflows across security tasks

• Own the end-to-end 'agentic' product security roadmap, defining clear milestones for transitioning from traditional to autonomous security operations • Present quarterly AI transformation scorecards to the VP of Product Cybersecurity and senior leadership • Partner with the CISO and Advanced Research Center to align strategies with enterprise risk frameworks and explore frontier technologies • Embed security capabilities into business unit engineering workflows through proactive stakeholder collaboration • Lead the evaluation and selection of LLM providers, agentic tooling, and AI security platforms • Manage unit economics, including token cost management and per-application budgeting • Enforce rigorous 'shadow mode' validation—requiring 95%+ parity before retiring any legacy security tools • Integrate security agents into CI/CD pipelines to achieve 100% repository coverage for code review and threat modeling by FY2027 • Build autonomous vulnerability response capabilities; map all supported product versions to CVE exposure agents by FY2027 and reduce PSIRT advisory SLAs • Define and govern role-based identities, permissions, and behavioral profiles for all autonomous agents • Manage multi-vendor contractor programs and ensure GE Vernova ownership of all agent code/IP • Build a resilient AI security team through strategic hiring, reskilling, and a dual-vendor strategy to mitigate single-vendor dependency

• Lead PSIRT efforts across the business, reporting directly to the VP of Product Cybersecurity. • Manage externally identified product vulnerabilities and incidents across GE Vernova’s business units. • Coordinate remediation and disclosure across multiple product lines. • Run the company’s CVE Numbering Authority (CNA) program. • Ensure compliance with EU CRA and other applicable regulatory reporting obligations. • Partner with the CISO’s CERT and business unit security teams. • Coordinate with law enforcement and E-ISAC as circumstances require. • Deploy AI-powered tooling to accelerate triage, automate vulnerability scoring, and scale PSIRT capacity.