Primary Location: United States,Florida,Tampa
Education: Bachelor's Degree
Job Function: Technology
Shift: Day Job
Employee Status: Regular
Travel Time: Yes, 10 % of the Time
Job ID: 19007855
An Application Security Architect (ASA) is required to assess and manage technology risks and provide compliance guidance per Citi IS and application security standards and provide support to Technology Development Units in their development Lifecycle.
The ICG Technology Information Security Team is responsible for managing IS risk and providing controls and compliance guidance and support to Technology Development Units by ensuring compliance with Citi IS standards, policies, and procedures, liaising with corporate IS and driving secure SDLC initiative for ICG sector. The team needs to expand its capability to ensure security requirements are assessed for Cloud projects and architecture/design of the hybrid Cloud usage incorporates required security measures.
The ASA will have strong technical acumen and should establish relationships with application managers, domain architects, project managers and corporate IS and other disciplines. You will join an elite team of some of the smartest minds in the business that have been tasked with performing threat modeling exercises and proposing technical controls for our top most critical applications to ensure that they are highly resilient from Internet-borne threats. You will work on some of the most cutting edge technologies and provide value by solving real world problems that our industry as a whole is facing. Your key stakeholders will be application development teams, our internal vulnerability assessment teams and the IS organization as a whole.
Engage in the initial requirements definition for Cloud projects (including analysis of threats and risks and alignment with Citi IS and Architecture standards)
Conduct threat modeling and architecture risk analysis, including Secure SDLC testing requirements throughout the development lifecycle
Plan the resolution of any identified vulnerabilities/issues
Security review of applications including responsibility for driving requirements definition and risk analysis
Facilitate and support threat/architecture reviews and scenario analysis/red team/tabletop exercises
Identify enhancements to IS tools, standards, and processes
Provide SME support to projects and program
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.
Citi's Mission and Value Proposition explains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients' and the public's trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.
Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop to are widely available to all.
Bachelor's Degree (IT related field), or equivalent work experience
5+ years of experience as an application security consultant / penetration tester / security architect
SME level knowledge of web application vulnerabilities and web application business logic flaws and threats. Specific knowledge on secure implementation in the hybrid Cloud environment is required
In depth, hands-on understanding and application architectures and technology (including web applications, mobile technology, identity and access management)
Demonstrable experience with mobile application security, HTML5, Web Services assessment, identity management will be highly regarded
Thorough understanding of industry and corporate technology standards for Information and Application Security
Detailed familiarity with code reviews and security hacking tools and techniques