Who are we?Citi Technology Infrastructure (CTI) provides the products and services that enable Citi's workforce along with the majority of the financial solutions that Citi's customers rely on. We provide the critical technical foundation for Citi's operations through the infrastructure that runs business and general user computing services. We do this by working as one-team to deliver high quality reliable and modern infrastructure technologies at the right cost. We drive to optimize the functionality and capability of the infrastructure technologies. Job Description:The scope of the Application Vulnerability Assessment (AVA) process is comprised of all Citi business functions subsidiaries managed facilities critical infrastructure components as well as service provider arrangements that include Citi branded and co-branded applications. Candidates for this position must have strong understanding of ethical hacking methodologies frameworks and industry resources e.g. OWASP OSSTMM NIST publications SANS/CWE among others in order to be able to maintain improve and benchmark the Citi Vulnerability Assessment process allowing it to remain a world class service. Process engineering and documentation is key. Areas of focus are mobile security testing in the various platforms threat modeling source code review and application/infrastructure penetration testing in general.Other key duties include providing application vulnerability assessment services to Citi businesses globally through a comprehensive testing process as well as identifying weaknesses and vulnerabilities within the system and proposing/implementing countermeasures.
Experience conducting one or more of the following functions:
1) Application Vulnerability Assessments
2) Source code review preferably in Java and .NET languages using tools such as AppScan HP Fortify or Checkmarx
3) Application architecture reviews or threat modeling and knowledge of common attack patterns or exploitation techniques
* Pre-requisites for this position are a Bachelor's Degree with 3 - 7 years' experience in security testing with good understanding of enterprise web development using programming languages such as Java or .NET. * A good understanding of security vulnerabilities of web-based mobile and desktop applications is required. * Experience in applications security cryptography network security systems security or reverse engineering. * Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience is a plus. * Industry-accredited security certifications will be required. The candidate must have or be willing to obtain all of the following certifications: CISSP CEH and GIAC. * In addition knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected. * Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential.
Citigroup is a company providing financial products and services.