First Citizens Bank logo
First Citizens Bank

First Citizens Bank offers a full line of financial services and focuses on individuals, as well as small to medium-sized businesses. As an employer, the compan

Cyber Security Analyst III - App Security & Vulnerability

Location

United States

Posted

5 days ago

Salary

0

Seniority

Mid Level

Job Description

Cyber Security Analyst III - App Security & Vulnerability

First Citizens Bank

Role Description This is a remote role in NC, AZ, and TX. We are seeking a highly skilled Cyber Security Analyst with a strong background in application security and vulnerability management. This role focuses on identifying, analyzing, and mitigating security risks across software development pipelines using SAST, DAST, and SCA tools. The ideal candidate combines hands-on technical expertise with knowledge of modern security practices and emerging technologies, including AI/ML. Responsibilities - Application Security & Code Analysis - Perform static (SAST), dynamic (DAST), and software composition analysis (SCA) to identify vulnerabilities in applications and third-party components. - Analyze scan results, triage findings, and prioritize remediation efforts based on risk. - Partner with development teams to remediate vulnerabilities and improve secure coding practices. - Vulnerability Management - Conduct regular security assessments and vulnerability scans across applications and environments. - Validate and reproduce vulnerabilities, including false positive elimination. - Track and report vulnerability metrics, risk trends, and remediation progress. - Security Tools & Automation - Configure, deploy, and maintain security scanning tools (e.g., Checkmarx, Veracode, Fortify, Snyk, Burp Suite, OWASP ZAP). - Automate security testing processes using scripting or APIs. - Improve scanning efficiency and coverage through tuning and optimization. Qualifications - Bachelor's Degree and 6 years of experience in Information Security OR High School Diploma or GED and 10 years of experience in Information Security. - Hands-on experience with SAST, DAST, and SCA tools. - Web application security testing (OWASP Top 10, API security). - Strong understanding of secure software development lifecycle (SDLC / DevSecOps) and common vulnerabilities (e.g., injection, XSS, authentication flaws). - Proficiency in one or more programming/scripting languages (e.g., Python, Java, JavaScript, Bash). - Experience interpreting and prioritizing scan results and remediation plans. Preferred Qualifications - Experience integrating security tools into CI/CD pipelines (e.g., Jenkins, GitHub Actions, Azure DevOps). - Familiarity with container and cloud security (AWS, Azure, GCP). - Familiarity with AI/ML concepts and security implications. - Industry certifications such as CEH, Security+, SSCP, GIAC or comparable. Key Skills - Strong analytical and problem-solving skills. - Provide risk-based recommendations to stakeholders. - Ability to communicate technical findings to both technical and non-technical stakeholders. - Experience working cross-functionally with development and engineering teams. - Attention to detail with a risk-based security mindset. Nice-to-Have Experience - API security testing tools (Postman, SoapUI). - AI-assisted security tooling (e.g., anomaly detection, code analysis assistants). - Knowledge of regulatory frameworks (NIST, ISO 27001, SOC 2). AI/ML & Emerging Technologies - Leverage AI/ML-based security tools for enhanced detection and analysis. - Assess risks related to AI/ML models (e.g., data poisoning, model inversion, adversarial attacks). - Participate in securing AI-driven applications and data pipelines. Threat Analysis & Risk Management - Assess potential threats and attack vectors relevant to applications and APIs. - Apply threat modeling techniques (e.g., STRIDE) during development lifecycle. Benefits - Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. - More information can be found at https://jobs.firstcitizens.com/benefits .

Related Job Pages

More Security Analyst Jobs

Role Description The IT Security & Compliance Analyst is responsible for supporting the organization's cybersecurity program, regulatory compliance initiatives, risk management activities, and security governance processes. This role helps protect company information systems and data by monitoring security controls, assessing risks, ensuring compliance with industry standards, and supporting audits and remediation efforts. The ideal candidate combines technical security knowledge with a strong understanding of compliance frameworks, policies, and risk management practices. Key Responsibilities - Security Operations - Monitor security alerts, vulnerabilities, and incidents across enterprise systems. - Assist in investigating and responding to cybersecurity events and security breaches. - Support vulnerability management programs, including scanning, assessment, remediation tracking, and reporting. - Review security logs and reports to identify potential threats or compliance gaps. - Participate in security awareness and training initiatives. - Compliance & Governance - Maintain compliance with regulatory and industry standards such as: - NIST Cybersecurity Framework (CSF) - NIST 800-53 - ISO 27001 - SOC 2 - CIS Controls - HIPAA (if applicable) - PCI-DSS (if applicable) - CMMC (if applicable) - Assist with internal and external audits. - Develop, review, and maintain security policies, standards, procedures, and documentation. - Track compliance requirements and remediation activities. - Support third-party risk management and vendor security assessments. - Risk Management - Conduct security risk assessments and document findings. - Evaluate security controls and recommend improvements. - Assist business units in identifying and mitigating cybersecurity risks. - Maintain risk registers and track remediation plans. - Reporting & Documentation - Prepare security and compliance reports for management and stakeholders. - Document audit evidence and compliance artifacts. - Maintain accurate records of security incidents, risk assessments, and compliance activities. - Develop metrics and dashboards to measure security program effectiveness. - Collaboration - Work closely with IT, infrastructure, application, and business teams to implement security controls. - Support project teams by providing security and compliance guidance. - Participate in change management and system implementation reviews. Qualifications - Bachelor's degree in Information Technology, Cybersecurity, Information Systems, Computer Science, or related field. - 3–5 years of experience in information security, IT compliance, risk management, or related roles. - Knowledge of cybersecurity principles, security technologies, and regulatory requirements. - Experience supporting audits and compliance assessments. - Familiarity with security tools such as: - SIEM platforms - Vulnerability management tools - Endpoint security solutions - Identity and Access Management (IAM) systems - Strong analytical, problem-solving, and documentation skills. - Excellent written and verbal communication skills. Preferred Qualifications - Professional certifications such as: - CompTIA Security+ - Certified Information Systems Security Professional (CISSP) - Certified Information Security Manager (CISM) - Certified Information Systems Auditor (CISA) - Certified in Risk and Information Systems Control (CRISC) - Certified Ethical Hacker (CEH) - Experience with cloud security platforms (Microsoft Azure, AWS, Google Cloud). - Experience with governance, risk, and compliance (GRC) tools. - Knowledge of industrial, utility, or critical infrastructure environments. Key Competencies - Cybersecurity Risk Assessment - Regulatory Compliance - Security Governance - Audit Support - Incident Response - Vulnerability Management - Policy Development - Vendor Risk Management - Security Awareness Training - Technical Documentation - Communication and Stakeholder Management Additional Information A Note to our Recruitment Partners: We really appreciate the interest, but MCG currently manages hiring through our internal team. We love getting to know our candidates directly! Because of this, we don’t accept unsolicited resumes from agencies at this time. If we ever need an extra hand, we’ll be sure to reach out to the community. Thanks for understanding! MCG is an equal opportunity employer prohibiting discrimination based on race, color, creed, religion, sex, marital status, physical or mental disability, and any other protected classes stated by applicable federal and state laws. DVM is committed to providing equal employment opportunities to qualified individuals with disabilities and to act in accordance with regulations and guidance issued by the Equal Employment Opportunity Commission (EEOC).

United States
HackerOne logo

Product Security Analyst

HackerOne

Peace of mind from security's greatest minds. #TogetherWeHitHarder

Full TimeRemoteTeam 201-500Since 2012H1B Sponsor

• Evaluate vulnerability reports submitted by security researchers to determine validity, severity, exploitability, and business impact for HackerOne customers using Data-Driven Decision Making and established security frameworks such as CVSS. • Independently reproduce reported vulnerabilities across web and mobile applications, applying First Principles Problem Solving to validate findings, identify root causes, and clearly communicate impact. • Collaborate directly with security researchers to gather missing information, clarify technical details, and improve report quality while maintaining clear and professional communication with customers. • Create concise, technically accurate summaries for validated findings, including reproduction steps, impact analysis, and remediation guidance. • Demonstrate Change Agility by adapting to evolving customer environments, changing program scopes, emerging attack techniques, and shifting operational priorities. • Contribute to an AI-First approach by leveraging automation and AI-enabled workflows to improve operational efficiency, report analysis, and vulnerability triage quality. • Partner cross-functionally with Technical Services teammates and customer-facing teams to ensure timely handling of vulnerabilities and a high-quality customer experience. • Proactively identify opportunities to improve internal processes, documentation, tooling, and triage workflows to enhance scalability and consistency across the Technical Services organization.

California + 4 moreAll locations: California | District Of Columbia | Massachusetts | Texas | Washington
$120K - $155K / year
Full TimeRemoteTeam 11-50H1B No Sponsor

• Leverage various security tools to perform monitoring and analysis of security events/data to identify security risks and threats on customer networks. • Utilize cyber hunt techniques to discover violations or threats. • Implement, administer, and use cybersecurity tools, systems and applications; develop policies, standards, and guidelines to ensure secure enterprise-wise operations, performance and resiliency. • Deploy and secure security systems, application layer and traditional firewalls, vulnerability management and forensics utilities, and other infrastructure deployed and maintained by the Information Security Office. • Develop plans to safeguard information against unauthorized access modification, and destruction, and ensure organizational continuity of operations. • Work with SIEM solutions such as Splunk and others to perform investigation and triage of incidents. • Working with your team and broader True Zero community to stay up to date on the latest security trends and threats to improve the effectiveness of security programs for our customers. • Following processes and procedures and providing refinement suggestions for them. • Performing detailed documentation efforts to report on all investigative steps performed and coordinating with external teams/personnel.

Virginia
Endava logo

IT Security Analyst

Endava

Technology is our how. And people are our why.

Full TimeRemoteTeam 10,001+Since 2000H1B No Sponsor

• Monitor and respond to information security issues across systems and business workflows to ensure security controls are effective and operating as intended. • Administer, manage, and maintain security technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), content filtering solutions, endpoint protection platforms, and other security controls. • Utilize and manage security tools such as SIEM platforms, vulnerability scanners, forensic tools, and threat monitoring solutions to identify, assess, and respond to security risks and incidents. • Enforce security policies and procedures by administering security profiles, reviewing security violation reports, investigating exceptions, and maintaining documentation of security controls. • Coordinate and support incident response activities, including investigation, containment, remediation, recovery, and reporting. • Partner with IT, Legal, Compliance, and other stakeholders to identify and manage security vulnerabilities and risk exposures. • Assist in the development, implementation, and maintenance of security policies, standards, and procedures, including authentication controls, security monitoring, incident escalation, auditing, encryption, and firewall management. • Develop, deliver, and maintain security awareness and training programs to promote a strong security culture. • Conduct ongoing security research to stay informed of emerging threats, vulnerabilities, technologies, and industry best practices. • Participate in the evaluation and implementation of security products, technologies, and processes to improve organizational security, efficiency, and effectiveness. • Support internal and external audits, risk assessments, and compliance initiatives as required.

Tennessee