Sorry, this job is no longer accepting applications. See below for more jobs that match what you’re looking for!

Citi Application Vulnerability Assessment Analyst

Expired Job

Citigroup Inc. Fort Lauderdale , FL 33301

Posted 2 months ago

  • Primary Location: United States,Florida,Fort Lauderdale

  • Other Location: United States,Texas,Irving

  • Education: Bachelor's Degree

  • Job Function: Technology

  • Schedule: Full-time

  • Shift: Day Job

  • Employee Status: Regular

  • Travel Time: No

  • Job ID: 18036224

Description

The scope of the Application Vulnerability Assessment (AVA) process is comprised of all Citi business functions, subsidiaries, managed facilities, critical infrastructure components as well as service provider arrangements that include Citi branded and co-branded applications.

Candidates for this position must have strong understanding of ethical hacking methodologies, frameworks, and industry resources, e.g. OWASP, OSSTMM, NIST publications, SANS/CWE, among others, in order to be able to maintain, improve, and benchmark the Citi Vulnerability Assessment process, allowing it to remain a world class service. Process engineering and documentation is key. Areas of focus are mobile security testing in the various platforms, threat modeling, source code review, and application/infrastructure penetration testing in general.

Other key duties include providing application vulnerability assessment services to Citi businesses globally through a comprehensive testing process, as well as identifying weaknesses and vulnerabilities within the system and proposing/implementing countermeasures.

Pre-requisites for this position are a Bachelor's Degree with 3 to 7 years of experience in web development using programming languages such as Java or .NET. An expert level understanding of security, web-based, mobile and infrastructure vulnerabilities is required.

Experience conducting one or more of the following functions:

  1. Application Vulnerability Assessments
  2. Source code review preferably in Java and .NET languages using tools such as AppScan, HP Fortify or Checkmarx
  3. Application architecture reviews or threat modeling and knowledge of common attack patterns or exploitation techniques

Articulating security issues to technical and non-technical audience is also required. In addition, knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected. Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential.

Qualifications

  • Pre-requisites for this position are a Bachelor's Degree with 3 - 7 years' experience in security testing with good understanding of enterprise web development using programming languages such as Java or .NET.

  • A good understanding of security vulnerabilities of web-based, mobile and desktop applications is required.

  • Experience in applications security, cryptography, network security, systems security or reverse engineering.

  • Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience is a plus.

  • Industry-accredited security certifications will be required. The candidate must have or be willing to obtain all of the following certifications: CISSP, CEH and GIAC.

  • In addition, knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected.

  • Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential.

Apply Now


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Vulnerability Assessment Cloud Security Red Team (Citi Technology Infrastructure)

Citigroup Inc.

Posted 5 days ago

VIEW JOBS 11/11/2018 12:00:00 AM 2019-02-09T00:00 * Primary Location: United States,Florida,Fort Lauderdale * Other Location: United States,Texas,Irving * Education: Bachelor's Degree * Job Function: Technology * Schedule: Full-time * Shift: Day Job * Employee Status: Regular * Travel Time: No * Job ID: 18061625 Description The Cloud Security Red Team is a multi-disciplinary team of teams driving cyber security operational services and solutions to enable Citi to securely adopt private, hybrid, and public cloud platforms. Operating model emphasizes automation, integration, and agility based on Security as a Service / Security as Code concepts. Red Team is one of the primary interfaces with development teams, architects, engineers, and operational teams involved in cloud projects. The Red Team also performs global intelligence-led exercises against people, process, and technology to improve Citi's security posture. The Red Team challenges the organization to improve the effectiveness of Cyber Security by conducting exercises using the same Tactics, Techniques and Procedures (TTPs) as real adversaries. To be successful in this role, candidates are expected to act as subject matter experts in offensive security with a proven track record in exploitation, escalation of privileges, and lateral movement with an emphasis on Cloud environments. Role/Responsibilities: * Conduct global Red Team adversary simulations * Conduct vulnerability assessments and penetration tests (application and/or infrastructure) and articulate security issues to technical and non-technical audience * Identify, research, and validate known and unknown exploits on Cloud environments * Work closely with the Blue Team to identify gaps, address findings, and improve breach response in Cloud environments * Develop/Deploy/support Application & Infrastructure Security Checks, Gates, and guardrails throughout the lifecycle (pre-commit, commit-time, build-time, acceptance, Prod/Post-production checks) About Citi: Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients. Citi's Mission and Value Proposition explains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients' and the public's trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities. Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop to are widely available to all. Qualifications * Bachelor's Degree or equivalent work experience * Knowledge of the tools and processes used to expose known and undocumented vulnerabilities in various different systems. * 5+ years of relative experience with: * Vulnerability Assessment tools * Exploitation frameworks * Post-Exploitation frameworks * Cloud security in various Cloud Service Providers (AWS, GCP, Azure) * Social Engineering and OSINT campaigns, e.g. email phishing, phone calls, SET * Exploitation modification and development * Security devices, e.g. Next-Gen Firewalls, VPNs, AAA systems * OS Security, e.g. Unix, Linux, Windows, Cisco * Web development and/or programming languages, e.g. Python, Perl, Ruby, Java, and/or .Net * Candidates with information security certifications such as: OSCP, OSCE, GXPN, GPEN, GCIH, and GWAPT will be preferred, as well as Cloud-related certifications from Amazon, Google, and Microsoft. * Candidates without certification must be willing to purse them during the course of employment. Apply Now Citigroup Inc. Fort Lauderdale FL

Citi Application Vulnerability Assessment Analyst

Expired Job

Citigroup Inc.