Irving, Texas, Fort Lauderdale, Florida
The Info Sec Tech Lead Analyst is a senior level professional position responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.
As a member of the Early Application Vulnerability Detection team, your duties include interfacing with development organizations to onboard applications to our automated security testing platform and performing secure code review assessments using commercial static analysis tools like Checkmarx, AppScan, and Fortify. The team works in partnership with Global Information Security to roll out the Secure-SDLC across the Citi enterprise. The majority of the team has achieved industry standard security certifications (CISSP, CSSLP, CEH, GIAC, OSCP, etc.) over time and we are looking for motivated individuals eager to learn.
- Validating automated testing results and prioritize based on overall risk
- Verify findings and share security knowledge with application development teams
- Perform application security tests using binary analysis
- Perform manual source code review for security vulnerabilities
- Write formal security assessment report for each application, using our company's standard reporting format
- Lead individual projects and initiatives that involve other team members or organizations
- Participate in conference calls with engineering team to ensure proper scan coverage and effective results
- Participate in conference calls with application team to help understand the security risk, if require
- Act as a mentor to the junior team members
- Research and explore new testing tools and methodologies
- Actively participate in research and knowledge sharing discussions with broader Vulnerability Assessments organization
- Act as an application security evangelist for the broader Citi enterprise
- Relevant DevSecOps experience desired with knowledge of integrating CI/CD security testing into an Agile development environment. Experience with automation tooling and container and cloud environments is highly preferred. Will need to work with developer teams to help transition them to a Security Champion model and advise on remediation of findings.
- Bachelor's Degree with 6+ years' experience in web development, application code review, or security testing
- Comprehensive understanding of security, web-based and infrastructure vulnerabilities is required
- Understanding and debugging application build/compilation related errors. Experience with Java IDE's - Knowledge of web servers, application servers, build tools, etc.
- Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience
- Development knowledge of Java and/or .NET in an enterprise environment
- Understanding of Cloud architecture and IaaS, specifically the AWS platform with knowledge of IAM, S3, EC2, Lambdas, and Dynamo DB with testing experience with Terraform Compliance and TerraScan. Additional knowledge of GCP would be beneficial.
- Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management
Considered a plus
- Master’s Degree in related technology field i.e. Computer Science, Engineering, and Info Systems
- Related security certification (CISSP, CSSLP, CEH, OSCP, GIAC)
- Experience using Checkmarx, AppScan Source, Fortify, Veracode, Sonatype or Blackduck platforms.
- Familiarity with mobile platforms and languages including Java for Android, Objective-C, Swift, and Kotlin.
- Experience with Agile SDLC environments and previous exposure to Static and/or Dynamic Application Security Testing tools
- Bachelor’s degree/University degree or equivalent experience
- Master’s degree preferred
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
- ------------------------------------------------ Grade :All Job Level - All Job FunctionsAll Job Level - All Job Functions - US
- ----------------------------------------------------- Time Type :Full time
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity CLICK HERE.
To view the "EEO is the Law" poster CLICK HERE. To view the EEO is the Law Supplement CLICK HERE.
To view the EEO Policy Statement CLICK HERE.
To view the Pay Transparency Posting CLICK HERE.