https://bayt.page.link/GJXBbDP9mtzVCh9o9
أنشئ تنبيهًا وظيفيًا للوظائف المشابهة

الوصف الوظيفي

Are you interested in growing your career in Cyber Security?


Whether you’re an application developer looking to make the switch into the challenging, yet rewarding, world of information security, or you’re a rock star white-hat hacker, Citi is the place for you. Our team of world class, talented individuals, who are passionate about security, put their skills to the test every day on a global scale. At Citi you’ll be exposed to all sorts of technologies, so hunger for knowledge and research is greatly appreciated and rewarded.


If your background is penetration testing with expertise in application security such as: hands-on ethical hacking using security tools (Burp Suite, AppScan and etc.), knowledge of OWASP Top 10, CWE/SANS Top 25, Threat Modeling, understanding application architecture, design and functionalities, then our application penetration testing team is the right place for you!


This team specializes in conducting vulnerability assessments on a variety of Citi applications (Web, Mobile, Thick Client, and APIs) by performing automated scan and manually identifying, researching, validating, and exploiting various known and unknown application security vulnerabilities. Core responsibilities include:


  • Act as a subject matter expert in offensive information security performing grey and black box application reviews, programming, networking, operating systems, and databases.


  • Drive remediation by outlining a defense-in-depth approach to business stakeholders and providing strategic solutions to developers on effective security controls and counter measures.


  • Have strong technical writing and presentation skills to report and articulate the vulnerability assessment results to any audience.


  • Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.


  • Must have or be willing to obtain Industry-accredited security certifications such as: GIAC GWAPT, GPEN, OSCP, CISSP


Qualifications:


  • 5-8 years of relevant experience


  • Penetration Testing with expertise in application security.


  • Hands-on experience using security tools (Burp Suite, AppScan, WebInspect, Qualys etc.).


  • Knowledge of OWASP Top 10, CWE/SANS Top 25, Threat Modeling, Open Source Reconnaissance.


  • Knowledge of Scripting languages for automation (preferably Python).


  • Knowledge of application architecture, design and functionalities


  • Consistently demonstrates clear and concise written and verbal communication


  • Proven influencing and relationship management skills


  • Proven analytical skills



Education:


  • Bachelor’s degree/University degree or equivalent experience



This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.


------------------------------------------------------


Job Family Group:


Technology

------------------------------------------------------


Job Family:


Information Security

------------------------------------------------------


Time Type:


Full time

------------------------------------------------------


Citi is an equal opportunity and affirmative action employer.


Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.


Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.


View the "EEO is the Law" poster. View the EEO is the Law Supplement.


View the EEO Policy Statement.


View the Pay Transparency Posting


لقد تجاوزت الحد الأقصى لعدد التنبيهات الوظيفية المسموح بإضافتها والذي يبلغ 15. يرجى حذف إحدى التنبيهات الوظيفية الحالية لإضافة تنبيه جديد
تم إنشاء تنبيه للوظائف المماثلة بنجاح. يمكنك إدارة التنبيهات عبر الذهاب إلى الإعدادات.
تم إلغاء تفعيل تنبيه الوظائف المماثلة بنجاح. يمكنك إدارة التنبيهات عبر الذهاب إلى الإعدادات.