Senior Application Security Analyst (VP)

Company: Citigroup Inc.
Location: Not Specified, Texas, United States
Type: Full-time
Posted: 02.AUG.2021
< >


Citi's technology team is growing at lightning speed, and we're looking for talented technologists to help build the future of global bankin...


Citi's technology team is growing at lightning speed, and we're looking for talented technologists to help build the future of global banking. Our teams are creating innovations used across the globe - we're changing the way people bank and how the world does business. Citi's technology team supports business operations in 100+ countries, across multiple lines of business spanning both Institutional and retail businesses. The group works to optimize the IT environment by standardizing production platforms, reducing complexity, and introducing innovative solutions that provide new business capabilities, reduce total cost of ownership, and create a competitive advantage for Citi. Join an environment with a laser focus on growth and progress, and take your career to the next level through the power of Citi's unmatched globality and vast expertise.

Are you interested in growing your career in Cyber Security?

Whether you are an application developer looking to make the switch into the challenging, yet rewarding, world of information security, or you are an elite white-hat hacker, Citi is the place for you. Our team of world class, talented individuals, who are passionate about security, put their skills to the test every day on a global scale. At Citi, you will be exposed to all sorts of technologies on enterprise-scale, so hunger for knowledge and research is greatly appreciated and rewarded.

If your background is enterprise software development with expertise in technologies such as: Java/J2EE (Spring, Struts, AngularJS), .NET (ASP.NET, C#, Webflow, MVC, WebAPI), Web Applications, REST/SOAP APIs/Web Services, Mobile Applications, Thick Clients, Application Infrastructure (Web/Application Servers, Databases, Middleware Components), and exciting new frontiers like Microservices Architecture based applications running on containers/cloud (GCP, AWS, Azure), or Blockchain implementations, then our application penetration testing team is the right place for you!

If your background is penetration testing with expertise in application security such as: hands-on ethical hacking using security tools (BurpSuite, AppScan), knowledge of OWASP Top 10, CWE/SANS Top 25, Threat Modeling, understanding application architecture, design and functionalities with an interest in performing security reviews of diverse and challenging applications, then our application penetration testing team is the right place for you!

This team specializes in conducting various types of vulnerability assessments (full end-to-end white-box and/or grey-box testing) on a variety of Citi applications (Web, Mobile, Thick Client, and APIs) by manually identifying, researching, validating, and exploiting various known and unknown application security vulnerabilities. Core responsibilities include:

* Act as a subject matter expert in offensive information security performing dynamic and manual security assessments on applications, networking interfaces, middleware infrastructure, operating systems, databases, and reviewing application source code in search for business logic driven flaws, preferably in Java or .NET.

* Drive remediation by outlining a defense-in-depth approach to business stakeholders and providing strategic solutions to developers on effective security controls and counter measures.

* Have strong technical writing and presentation skills to report and articulate the vulnerability assessment results to any audience.

* Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.

* Must have or be willing to obtain Industry-accredited security certifications such as: GIAC GWAPT, GPEN, OSCP, OSWE, CISSP, GSSP-Java, GSSP-.NET, or other related certifications.


An ideal candidate will have both a development and security background. However, irrespective of your current role, if you have a Master's Degree with a minimum of 3 years of experience or a Bachelor's Degree with a minimum of 5 years of experience, working knowledge of security tools such as BurpSuite Proxy, AppScan, WebInspect, CheckMarx, BlackDuck, Nessus, NMAP, and meet most of the above listed requirements, then don't miss this opportunity to join our growing team of expert ethical hackers. Apply today!

Apply Now


Free eBook

Loader2 Processing ...