Senior Application Penetration Testing Engineer, Offensive Security (C13)
Company: Careerbuilder-US
Location: Cedar Hill
Posted on: January 17, 2023
Job Description:
About Citi:Citi, the leading global bank, has approximately 200
million customer accounts and does business in more than 160
countries and jurisdictions. Citi provides consumers, corporations,
governments, and institutions with a broad range of financial
products and services, including consumer banking and credit,
corporate and investment banking, securities brokerage, transaction
services, and wealth management.
As a bank with a brain and a soul, Citi creates economic value that
is systemically responsible and in our clients' best interests. As
a financial institution that touches every region of the world and
every sector that shapes your daily life, our Enterprise Operations
& Technology teams are charged with a mission that rivals any large
tech company. Our technology solutions are the foundations of
everything we do from keeping the bank safe, managing global
resources, and providing the technical tools our workers need to be
successful to designing our digital architecture and ensuring our
platforms provide a first-class customer experience. We reimagine
client and partner experiences to deliver excellence through
secure, reliable, and efficient services.Our commitment to
diversity includes a workforce that represents the clients we serve
from all walks of life, backgrounds, and origins. We foster an
environment where the best people want to work. We value and demand
respect for others, promote individuals based on merit, and ensure
opportunities for personal development are widely available to all.
Ideal candidates are innovators with well-rounded backgrounds who
bring their authentic selves to work and complement our culture of
delivering results with pride. If you are a problem solver who
seeks passion in your work, come join us. We'll enable growth and
progress together.Message from the Team:The Citi Vulnerability
Assessments team is looking for talented individuals who are
interested and passionate about application security to join our
team. The responsibility of keeping customers information private
and secure is our utmost priority. If you are a developer looking
to make the switch to Cyber Security or looking to expand your
skills, come join the Citi Vulnerability as a member of our world
class offensive security team. -The Role:The Senior Application
Penetration Tester is a senior level role responsible for driving
efforts to prevent, monitor and respond to information/data
breaches and cyber-attacks. The overall objective of this role is
to ensure the execution of Information Security directives and
activities in alignment with Citi's data security policy.This role
will help ensure that Citi Applications are designed and
implemented with a security first approach. -You will have the
opportunity to test your penetration testing skills against a
variety of application technologies.The ideal candidate will have
both a development and security background. Regardless, if you have
a Bachelor's Degree with a minimum of 5 years of experience and
meet most of the below listed requirements, then please apply to
join our growing team of expert ethical hackers. We hope to have
the chance to meet with you soon!Responsibilities:
- Identify opportunities to automate and standardize information
security controls and for the supported groups
- Utilize ethical hacking using tools such as: BurpSuite, AppScan
with knowledge of OWASP Top 10, CEW/SANS Top 25
- Perform vulnerability assessments (full end-to-end, grey-box
testing) on a variety of Citi applications (Web, Mobile, Thick
Client, and APIs) by manually identifying, researching, validating,
and exploiting various known and unknown application security
vulnerabilities
- Test new technologies like Microservices Architecture based
applications running on containers/cloud (GCP, AWS, Azure), or
Blockchain implementations
- Conduct Threat Modeling
- Reduce risk by analyzing the root cause of issues, their
impact, and required corrective actions
- Resolve any vulnerabilities or issues detected in an
application or infrastructure
- -Act as a subject matter expert in offensive information
security performing dynamic and manual security assessments on
applications, networking interfaces, middleware infrastructure,
operating systems, databases
- Drive remediation by outlining a defense-in-depth approach to
business stakeholders and providing strategic solutions to
developers on effective security controls and counter measures
- Contribute to the review of internal processes and activities
and assist in identifying potential opportunities for improvement
and automation
- Analyze source code to mitigate identified weaknesses and
vulnerabilities within the system
- Review and validate automated testing results and prioritize
actions that resolve issues based on overall risk
- Scan and analyze applications with automated tools, and perform
manual testing if necessary
- Direct the development and delivery of secure solutions by
coordinating with business and technical contacts
- Demonstrate appropriate consideration for the firm's reputation
and safeguarding Citigroup, its clients, and assets by driving
compliance with applicable laws, regulations, and Citi Policy
- Apply sound ethical judgment regarding personal behavior,
conduct and business practices, while escalating, managing and
reporting control issues with transparencyQualifications:
- 6-10 years' relevant experience per the requirements below
- Experience around BurpSuite Proxy, AppScan, WebInspect,
CheckMarx, BlackDuck, Nessus, NMAP or comparable ethical hacking
tools
- Knowledge of OWASP Top 10, CEW/SANS Top 25
- Must have or be willing to obtain Industry-accredited security
certifications such as: GIAC GWAPT, GPEN, OSCP, OSWE, CISSP,
GSSP-Java, GSSP-.NET, or other related certifications
- Advanced proficiency with Microsoft Office tools and
software
- Consistently strong technical writing and presentation skills
to report and articulate the vulnerability assessment results to
any audience
- Proven influencing and relationship management skills
- Proven analytical skillsEducation:
- Bachelor's degree/University degree or equivalent
experience
- Master's degree preferredThis job description provides a
high-level review of the types of work performed. Other job-related
duties may be assigned as required.
-------------------------------------------------Job Family Group:
Technology-------------------------------------------------Job
Family:Information
Security------------------------------------------------------Time
Type:Full
time------------------------------------------------------Primary
Location:Fort Lauderdale Florida United
States------------------------------------------------------Primary
Location Salary Range:$113,530.00 -
$170,290.00------------------------------------------------------Citi
is an equal opportunity and affirmative action employer.Qualified
applicants will receive consideration without regard to their race,
color, religion, sex, sexual orientation, gender identity, national
origin, disability, or status as a protected veteran.Citigroup Inc.
and its subsidiaries ("Citi") invite all qualified interested
applicants to apply for career opportunities. If you are a person
with a disability and need a reasonable accommodation to use our
search tools and/or apply for a career opportunity review View the
"EEO is the Law" poster. View the EEO is the Law Supplement.View
the EEO Policy Statement.View the Pay Transparency
Posting-----------------------------Effective November 1, 2021,
Citi requires that all successful applicants for positions located
in the United States or Puerto Rico be fully vaccinated against
COVID-19 as a condition of employment and provide proof of such
vaccination prior to commencement of employment.
Keywords: Careerbuilder-US, Cedar Hill , Senior Application Penetration Testing Engineer, Offensive Security (C13), Engineering , Cedar Hill, Texas
Didn't find what you're looking for? Search again!
Loading more jobs...