Vulnerability Assessments Analyst - C12 - Tampa (Hybrid)

Job Purpose

Citi's Vulnerability Assessments is responsible for providing Vulnerability Assessment services to all Citi businesses and technology teams globally. The duties of a VA analyst will include manual and automated testing through a defined testing process. The analyst will be identifying weaknesses and vulnerabilities within the Citi infrastructure and applications. Recommend countermeasures to business contacts and developers to resolve identified issues during ethical hacking. Commercial and open-source vulnerability assessment tools/utilities are leveraged during these assessments.

Job Background

The technical analyst role is in the U.S. team, which is part of a larger global team responsible for providing vulnerability assessment to all business within Citi.

Key Responsibilities

• Providing vulnerability assessment and penetration testing services to Citi businesses globally through a comprehensive testing process

• Identifying weaknesses and vulnerabilities within the system and proposing countermeasures.

• Testing of the overall security of critical infrastructure components and applications to ensure they comply with internal policies, security architecture best practices, and industry standards

• Scanning and discovering rouge hosts, networks, and devices

• Scanning in Citi's network

• Reporting information security vulnerabilities to businesses and senior management

• Complete additionally any other tasks in connection with the role but not detailed in the current job description, charged by the direct manager, supervisor, or the functional head.

Development Value

In this role, you will get a chance to work in a unique environment with diverse technology implementations. Personal development is important, all our analysts acquire and maintain industry-accredited security certifications (the candidate must have or be willing to obtain the following ones) - GIAC GPEN, CEH, AWS Certified Security - Specialty, Professional Cloud Security Engineer

Knowledge and Experience

The candidate is expected to already be familiar with the majority of the below tools:

• Vulnerability Assessment tools, e.g. Nessus, Qualys, etc

• Deep understanding of OSI model

• OS Security, e.g. Unix, Linux, Windows, Cisco, etc

• Understanding of common protocols, e.g. LDAP, SMTP, DNS, Routing Protocols

• Web application infrastructure, e.g. Application Servers, Web Servers, Databases

• Web development and programming languages i.e. Python, Perl, Ruby, Java, and/or .Net

The following requirements are a plus as we are willing to invest in training and development in the security and vulnerability space:

• Conducting application vulnerabilities assessments and articulating security issues to technical and non-technical audience

• Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures

• Experience using open source and vendor vulnerability assessment tools

• Background in a similar role

• Understanding enterprise networks

• Understanding cloud technology

Skills:

• Proficient with Microsoft Office products including Word and Excel, Power Point

• Good communications skills (written and verbal) with strong sense of responsibility and ability to communicate with all levels of staff and management are also essential

• Must have good work ethic to follow documented process

Qualifications

• Education Level Required: Bachelor's Degree
• 3-5 years' work experience in IT (at least 1-3 years' experience in ethical hacking)

Competencies:

• Attention to detail - ability to interpret and implement standards

• Forward thinking, ability to plan

• Organization - ability to prioritize work and deliver on time against project plans

• Communication skills - both communication goals, plans and status updated to peers and management, and producing clear and comprehensive documentation to technology solutions

• Highest level of integrity due to the nature of the team and its responsibilities

• Team player with the ability to work effectively with minimal supervision

• Ability to work as part of a team with remote colleagues in other countries

• Self-starter and be able to manage time against deliverables

Job Family Group:

Technology

Job Family:

Information Security

Time Type:

Full time

Primary Location:

Tampa Florida United States

Primary Location Full Time Salary Range:

$87,280.00 - $130,920.00

In addition to salary, Citi's offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

Anticipated Posting Close Date:

Jul 01, 2024

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting