Application Security Analyst - C12 - (AVP)

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients' best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do. We keep the bank safe and provide the technical tools our workers need to be successful. We design our digital architecture and ensure our platforms provide a first-class customer experience. Our operations teams manage risk, resources, and program management. We focus on enterprise resiliency and business continuity. We develop, coordinate, and execute strategic operational plans. Essentially, Enterprise Operations & Technology re-engineers client and partner processes to deliver excellence through secure, reliable, and controlled services.

Trust is part of our DNA at Citi. As such, we take safeguarding our customer data very seriously. The Chief Information Security Office (CISO) is made up of deeply dedicated and talented colleagues who work together to ensure the safety of Citi's and our clients' assets and information. We manage information security as an end-to-end program - one with a clear mandate and accountability. Our mission is to continually execute and enhance a global security program that is fully anchored to modern control and security frameworks, fully aligned with the technology of the firm, threat-focused and data-driven, and deeply integrated across all Citi businesses globally.

Being talent-driven, we are focused on attracting, developing, and retaining diverse and inclusive talent with a high technical skill level. As a member of our team we will provide you with career development opportunities at all stages of your career. Our employees model a passion for protecting Citi and our clients and believe in treating others with dignity and respect.

Our commitment to diversity includes a workforce that represents the clients we serve globally from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We'll enable growth and progress together.

CISO #Information Security #Security Engineer

Application Security Analyst

The Application Security Analyst provide application security services to Citi businesses early in the Software Development Life Cycle (SDLC). Candidates perform penetration testing, source code review for the development organizations and collaborate with teams to ensure proper remediation.

Responsibilities:

• Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
• Perform application security testing on various types of applications such as Web, API's, Thick Client's, Mobile, etc., inclusive of the supporting infrastructure components.
• Leverage application artifacts such as business requirements, user stories, design documents, architecture documents to understand the testing scope and create targeted security user stories or misuse cases.
• Manage and execute security assessments for multiple projects simultaneously and ensure project timelines are met.
• Identify opportunities for process improvements and automation.
• Analyze source code to mitigate identified weaknesses and vulnerabilities within the system.
• Have strong technical writing and presentation skills to report and articulate the vulnerability assessment results to any audience.

Qualifications:

• 5-8 years of relevant experience
• Consistently demonstrates clear and concise written and verbal communication
• Proven influencing and relationship management skills
• Proven analytical skills
• An ideal candidate will have both a development and security background. However, irrespective of your current role, if you have a Bachelor's or Master's Degree with Java Development experience or knowledge of security tools such as Burp Suite, Checkmarx, Blackduck, and meet most of the above listed requirements, then don't miss this opportunity to join our growing team of expert ethical hackers.

Education:

• Bachelor's degree/University degree or equivalent experience

Job Family Group:
Technology

Job Family:
Information Security

Time Type:
Full time

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting

Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.