Citi Application Vulnerability Assessment Analyst

Citigroup Inc. Fort Lauderdale , FL 33301

Posted 2 days ago

The scope of the Application Vulnerability Assessment (AVA) process is comprised of all Citi business functions, subsidiaries, managed facilities, critical infrastructure components as well as service provider arrangements that include Citi branded and co-branded applications.

Candidates for this position must have strong understanding of ethical hacking methodologies, frameworks, and industry resources, e.g. OWASP, OSSTMM, NIST publications, SANS/CWE, among others, in order to be able to maintain, improve, and benchmark the Citi Vulnerability Assessment process, allowing it to remain a world class service. Process engineering and documentation is key. Areas of focus are mobile security testing in the various platforms, threat modeling, source code review, and application/infrastructure penetration testing in general.

Other key duties include providing application vulnerability assessment services to Citi businesses globally through a comprehensive testing process, as well as identifying weaknesses and vulnerabilities within the system and proposing/implementing countermeasures.

Pre-requisites for this position are a Bachelor's Degree with 3 to 7 years of experience in web development using programming languages such as Java or .NET. An expert level understanding of security, web-based, mobile and infrastructure vulnerabilities is required.

Experience conducting one or more of the following functions:

  1. Application Vulnerability Assessments
  2. Source code review preferably in Java and .NET languages using tools such as AppScan, HP Fortify or Checkmarx
  3. Application architecture reviews or threat modeling and knowledge of common attack patterns or exploitation techniques

Articulating security issues to technical and non-technical audience is also required. In addition, knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected. Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential.

  • Pre-requisites for this position are a Bachelor's Degree with 3 - 7 years' experience in security testing with good understanding of enterprise web development using programming languages such as Java or .NET.

  • A good understanding of security vulnerabilities of web-based, mobile and desktop applications is required.

  • Experience in applications security, cryptography, network security, systems security or reverse engineering.

  • Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience is a plus.

  • Industry-accredited security certifications will be required. The candidate must have or be willing to obtain all of the following certifications: CISSP, CEH and GIAC.

  • In addition, knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected.

  • Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Citi Infrastructure Vulnera...

Citigroup Inc.

Posted 2 days ago

VIEW JOBS 7/15/2018 12:00:00 AM 2018-10-13T00:00 Duties will include providing vulnerability assessment and penetration testing services to Citi businesses globally through a comprehensive testing process, as well as identifying weaknesses and vulnerabilities within the system and proposing countermeasures. Typical assignments will involve testing of the overall security of critical infrastructure components and applications to ensure they comply with internal policies, security architecture best practices, and industry standards; scanning and discovering rouge hosts, networks, and devices; and scanning and discovering vulnerable systems and applications. About Citi Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients. Citi's Mission and Value Proposition explains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients' and the public's trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities. Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop to are widely available to all. Pre-requisites for this position are at least a Bachelor's Degree with 3 - 7 years of experience on most of the following: * Conducting vulnerability assessments and penetration testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience * Identifying, researching, validating, and exploiting various different known and unknown security vulnerabilities on server and client side * Vulnerability Assessment tools, e.g. Nessus, Qualys, etc * Deep understanding of OSI model * Security devices, e.g. Firewalls, VPN, AAA systems * OS Security, e.g. Unix, Linux, Windows, Cisco, etc * Understanding of common protocols, e.g. LDAP, SMTP, DNS, Routing Protocols * Web application infrastructure, e.g. Application Servers, Web Servers, Databases * Web development and programming languages i.e. Python, Perl, Ruby, Java, and/or .Net * Reporting information security vulnerabilities to businesses Industry-accredited security certifications will be required (the candidate must have or be willing to obtain all of the following certifications – GIAC GXPN, GPEN, GCIH, CISSP, and CEH). Knowledge of tools and processes used to expose known and undocumented vulnerabilities in various different systems. Citigroup Inc. Fort Lauderdale FL

Citi Application Vulnerability Assessment Analyst

Citigroup Inc.