Sorry, this job is no longer accepting applications. See below for more jobs that match what you’re looking for!

Citi Application Vulnerability Assessment Analyst

Expired Job

Citigroup Inc. Fort Lauderdale , FL 33301

Posted 1 week ago

The scope of the Application Vulnerability Assessment (AVA) process is comprised of all Citi business functions, subsidiaries, managed facilities, critical infrastructure components as well as service provider arrangements that include Citi branded and co-branded applications.

Candidates for this position must have strong understanding of ethical hacking methodologies, frameworks, and industry resources, e.g. OWASP, OSSTMM, NIST publications, SANS/CWE, among others, in order to be able to maintain, improve, and benchmark the Citi Vulnerability Assessment process, allowing it to remain a world class service. Process engineering and documentation is key. Areas of focus are mobile security testing in the various platforms, threat modeling, source code review, and application/infrastructure penetration testing in general.

Other key duties include providing application vulnerability assessment services to Citi businesses globally through a comprehensive testing process, as well as identifying weaknesses and vulnerabilities within the system and proposing/implementing countermeasures.

Pre-requisites for this position are a Bachelor's Degree with 3 to 7 years of experience in web development using programming languages such as Java or .NET. An expert level understanding of security, web-based, mobile and infrastructure vulnerabilities is required.

Experience conducting one or more of the following functions:

  1. Application Vulnerability Assessments
  2. Source code review preferably in Java and .NET languages using tools such as AppScan, HP Fortify or Checkmarx
  3. Application architecture reviews or threat modeling and knowledge of common attack patterns or exploitation techniques

Articulating security issues to technical and non-technical audience is also required. In addition, knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected. Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential.

  • Pre-requisites for this position are a Bachelor's Degree with 3 - 7 years' experience in security testing with good understanding of enterprise web development using programming languages such as Java or .NET.

  • A good understanding of security vulnerabilities of web-based, mobile and desktop applications is required.

  • Experience in applications security, cryptography, network security, systems security or reverse engineering.

  • Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience is a plus.

  • Industry-accredited security certifications will be required. The candidate must have or be willing to obtain all of the following certifications: CISSP, CEH and GIAC.

  • In addition, knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected.

  • Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential.

See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Vulnerability Assessment Static Analysis

Citigroup Inc.

Posted 1 week ago

VIEW JOBS 9/12/2018 12:00:00 AM 2018-12-11T00:00 The duties include interfacing with development organizations to onboard applications and performance secure code reviews using commercial static analysis tools like IBM AppScan and HP Fortify. In addition, this individual will be able execute binary static testing tools to identify third party component vulnerabilities. Integration of security tools with build environments to ensure iterative scanning during the Secure-SDLC. Commercial and open source vulnerability assessment tools/utilities are leveraged during these assessments. The majority of the team has achieved industry standard security certifications (CISSP, CEH, GIAC, etc) over time and we are looking for individuals who are eager to learn. The duties will include providing source code review services through a comprehensive testing process, as well as identifying weaknesses and vulnerabilities within the system and proposing/implementing countermeasures. Integration of security tools with build environments to ensure iterative scanning during the Secure-SDLC. Commercial and open source vulnerability assessment tools/utilities are leveraged during these assessments. In addition, the role will be responsible for * Validating automated testing results and prioritize based on overall risk * Verify findings as needed with application development team * Perform application scanning using binaries * Perform manual source code review for security vulnerabilities * Write formal security assessment report for each application, using our company's standard reporting format * Participate in conference calls with engineering team to ensure proper scan coverage and effective results * Report directly to management for any major flaws identified. * Re-run the scans on weekly basis * Participate in conference calls with application team to help understand the security risk, if require * Strong development background in J2EE, web frameworks, and .NET is a plus-Pre-requisites for this position are a Bachelor's Degree with 2 - 5 years' experience in web development or application code review. * A basic understanding of security, web-based and infrastructure vulnerabilities is required. * Understanding and debugging application build/compilation related errors is required. Experience with Java IDE's - Knowledge of web servers, application servers, build tools, etc. * Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience. * Understanding of AppScan Source, Fortify, Veracode, Sonatype or Blackduck platform is a plus. * Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected. * Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential. Industry-accredited security certifications will be required (the candidate must have or be willing to obtain all of the following certifications – GIAC GXPN, GPEN, GCIH, CISSP, and CEH). Knowledge of tools and processes used to expose known and undocumented vulnerabilities in various different systems. Citigroup Inc. Fort Lauderdale FL

Citi Application Vulnerability Assessment Analyst

Expired Job

Citigroup Inc.