Follow the online directions, complete all the necessary fields, and provide all relevant information so your application is submitted correctly. When you click the 'Apply this Job' button (open in new window) you will be taken to the online application form. Here you will be asked to provide personal and contact details, respond to employment-related questions, and show how you meet the key selection criteria.
- Primary Location: United States,New Jersey,Warren
Education: Bachelor's Degree
Job Function: Technology
Shift: Day Job
Employee Status: Regular
Travel Time: No
Job ID: 18062384
The scope of the Application Vulnerability Assessment (AVA) process is comprised of all Citi business functions, subsidiaries, managed facilities, critical infrastructure components as well as service provider arrangements that include Citi branded and co-branded applications.
Candidates for this position must have strong understanding of ethical hacking methodologies, frameworks, and industry resources, e.g. OWASP, OSSTMM, NIST publications, SANS/CWE, among others, in order to be able to maintain, improve, and benchmark the Citi Vulnerability Assessment process, allowing it to remain a world class service. Process engineering and documentation is key. Areas of focus are mobile security testing in the various platforms, threat modeling, source code review, and application/infrastructure penetration testing in general.
Other key duties include providing application vulnerability assessment services to Citi businesses globally through a comprehensive testing process, as well as identifying weaknesses and vulnerabilities within the system and proposing/implementing countermeasures.
Pre-requisites for this position are a Bachelor's Degree with 3 to 7 years of experience in web development using programming languages such as Java or .NET. An expert level understanding of security, web-based, mobile and infrastructure vulnerabilities is required.
Experience conducting one or more of the following functions:
1) Application Vulnerability Assessments
2) Source code review preferably in Java and .NET languages using tools such as AppScan, HP Fortify or Checkmarx
3) Application architecture reviews or threat modeling and knowledge of common attack patterns or exploitation techniques
Articulating security issues to technical and non-technical audience is also required. In addition, knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected. Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential.
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.
Citi’sMission and Value Propositionexplains what we do and Citi Leadership Standardsexplain how we do it. Ourmissionis to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients’ and the public’s trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.
Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop to are widely available to all.
- Pre-requisites for this position are a Bachelor's Degree with 3 - 7 years' experience in security testing with good understanding of enterprise web development using programming languages such as Java or .NET.
- A good understanding of security vulnerabilities of web-based, mobile and desktop applications is required.
- Experience in applications security, cryptography, network security, systems security or reverse engineering.
- Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience is a plus.
- Industry-accredited security certifications will be required. The candidate must have or be willing to obtain all of the following certifications: CISSP, CEH and GIAC.
- In addition, knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected.
- Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential.