Citigroup Inc.
The Chief Information Security Office (CISO) leads information security as one end-to-end program, with a mandate and responsibility to safeguard Citi’s clients, revenue, employees, and proprietary data. The program is anchored to modern control and architectural frameworks and integrated across the firm’s sectors and functions.
Responsibilities
Support Citi’s Red, Blue, and Purple Teams during offensive security assessment operations. Participate in advanced exploitation operations against a large global enterprise, including Red and Purple Team operations. Identify opportunities to automate and standardize information security controls for the supported groups. Resolve vulnerabilities or issues detected in applications or infrastructure. Analyze source code to mitigate weaknesses and vulnerabilities within the system. Review and validate automated testing results and prioritize actions based on overall risk. Scan and analyze applications with automated tools; perform manual testing when necessary. Reduce risk by analyzing root causes, impact, and required corrective actions. Assist in the development and delivery of secure solutions by coordinating with business and technical contacts. Leverage the MITRE ATT&CK Framework. Assist with vulnerability assessments and penetration testing (application and/or infrastructure) and articulate security issues to technical and non-technical audiences. Apply proficiency in social engineering campaigns (phishing, vishing, smishing, etc.). Demonstrate understanding of OS security across Unix/Linux, Windows, and macOS environments. Assess risk when making business decisions with due regard for the firm’s reputation and assets; escalate, manage, and report control issues with transparency. Qualifications
2+ years’ experience or equivalent knowledge in network penetration testing or infrastructure pen testing. Familiarity with Adversary Emulation Frameworks (e.g., PTES, CBEST, iCAST, GFMA). Understanding of the OSI model and common protocols (HTTP, LDAP, SMTP, DNS). Knowledge of tools and processes used to expose vulnerabilities in various systems. Familiarity with Red Team testing tools (e.g., Cobalt Strike, Red Team Toolkit). Familiarity with vulnerability assessment tools (e.g., Nessus, Qualys). Familiarity with exploitation frameworks (e.g., Metasploit, CANVAS, Core Impact). Experience with OS security in Unix/Linux environments. Some web development and programming experience (e.g., Python, Perl, Ruby, Java, .Net). Education
Bachelor’s degree or equivalent experience. Industry-accredited security certifications are highly preferred but not required (e.g., PNPT, OSCP, OSCE, GXPN, GPEN, GCIH, GWAPT, GCFA, CISSP). About Citi
Citi, the leading global bank, has approximately 200 million customer accounts and operates in more than 160 countries and jurisdictions. Citi provides a broad range of financial products and services to consumers, corporations, governments, and institutions. Our commitment to diversity includes a workforce that represents the clients we serve from all backgrounds. We foster an environment where the best people want to work, promote based on merit, and provide opportunities for personal development to all. If you are a problem solver who seeks passion in your work, join us. We’ll enable growth and progress together. Equal Opportunity Statement:
Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. Accessibility:
If you require a reasonable accommodation to use our tools or apply for a career opportunity, please review Citi’s Accessibility resources. View Citi’s EEO Policy Statement and Know Your Rights poster for more information.
#J-18808-Ljbffr
Support Citi’s Red, Blue, and Purple Teams during offensive security assessment operations. Participate in advanced exploitation operations against a large global enterprise, including Red and Purple Team operations. Identify opportunities to automate and standardize information security controls for the supported groups. Resolve vulnerabilities or issues detected in applications or infrastructure. Analyze source code to mitigate weaknesses and vulnerabilities within the system. Review and validate automated testing results and prioritize actions based on overall risk. Scan and analyze applications with automated tools; perform manual testing when necessary. Reduce risk by analyzing root causes, impact, and required corrective actions. Assist in the development and delivery of secure solutions by coordinating with business and technical contacts. Leverage the MITRE ATT&CK Framework. Assist with vulnerability assessments and penetration testing (application and/or infrastructure) and articulate security issues to technical and non-technical audiences. Apply proficiency in social engineering campaigns (phishing, vishing, smishing, etc.). Demonstrate understanding of OS security across Unix/Linux, Windows, and macOS environments. Assess risk when making business decisions with due regard for the firm’s reputation and assets; escalate, manage, and report control issues with transparency. Qualifications
2+ years’ experience or equivalent knowledge in network penetration testing or infrastructure pen testing. Familiarity with Adversary Emulation Frameworks (e.g., PTES, CBEST, iCAST, GFMA). Understanding of the OSI model and common protocols (HTTP, LDAP, SMTP, DNS). Knowledge of tools and processes used to expose vulnerabilities in various systems. Familiarity with Red Team testing tools (e.g., Cobalt Strike, Red Team Toolkit). Familiarity with vulnerability assessment tools (e.g., Nessus, Qualys). Familiarity with exploitation frameworks (e.g., Metasploit, CANVAS, Core Impact). Experience with OS security in Unix/Linux environments. Some web development and programming experience (e.g., Python, Perl, Ruby, Java, .Net). Education
Bachelor’s degree or equivalent experience. Industry-accredited security certifications are highly preferred but not required (e.g., PNPT, OSCP, OSCE, GXPN, GPEN, GCIH, GWAPT, GCFA, CISSP). About Citi
Citi, the leading global bank, has approximately 200 million customer accounts and operates in more than 160 countries and jurisdictions. Citi provides a broad range of financial products and services to consumers, corporations, governments, and institutions. Our commitment to diversity includes a workforce that represents the clients we serve from all backgrounds. We foster an environment where the best people want to work, promote based on merit, and provide opportunities for personal development to all. If you are a problem solver who seeks passion in your work, join us. We’ll enable growth and progress together. Equal Opportunity Statement:
Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. Accessibility:
If you require a reasonable accommodation to use our tools or apply for a career opportunity, please review Citi’s Accessibility resources. View Citi’s EEO Policy Statement and Know Your Rights poster for more information.
#J-18808-Ljbffr