This is a senior level professional position responsible for serving as a liaison between Citi Stakeholders and External Penetration Testing vendors to address testing challenges, drive vulnerability discussions with Citi Stakeholders, drive operational health of the penetration testing vendors along with their adherence to Citi procedures, analyze vulnerability trends to better improve the root cause model of existing testing mechanisms and maintain the overall security hygiene for the organization. This role will also require the candidate to manage the end-to-end Vulnerability Disclosure Process for Citi that would involve onboarding applications with vendors, triaging and driving lessons learned as part of the public disclosure and Private Bug Bounty program. The overall objective of this role is to ensure the execution of Information Security directives and activities is in alignment with Citi's data security policy.

Responsibilities:

• Be the central liaison between Citi stakeholders and the external penetration testing vendor, acting as a collaborator to ensure smooth execution of the end-to-end engagement.

• Manage the end-to-end process of Vulnerability Disclosure activities that involves onboarding applications, triaging, retesting and identifying lessons learned from the vulnerabilities reported through this channel.

• Knowledge of OWASP Top 10 and SANS top 25

• Perform Yearly Quality Checks on the vendors to ensure adherence to technical and process quality.

• Act as an application security subject matter expert to assist both Citi stakeholders and third-party vendors during vulnerability risk discussions.

• Focus and drive quality as it relates to the information submitted by the businesses who are requesting Penetration testing services and ensuring that the provided information is accurate and complete.

• Focus on maintaining a high level of operational oversight with all vendors and ongoing penetration testing activities in order to ensure that engagements are progressing forward with the right level of attention.

• Have strong communication skills in order to effectively communicate expectations and resolve challenges.

• Have strong technical writing and presentation skills to articulate the penetration testing process end-to-end to any audience.

• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.

• Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions to existing processes.

• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citibank, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.

Qualifications:

• Minimum of 5 years of relevant experience in Information Security and/or relevant Technology role.

• Advanced proficiency with Microsoft Office tools and software

• Consistently demonstrates clear and concise written and verbal communication

• Proven influencing and relationship management skills

• Proven analytical skills

Plus:

• Familiarity or hands-on experience in application security testing

• Basic understanding of Web/ Mobile / API security and relevant testing tools

• Relevant Certifications is a plus not a requirement: GPEN, GWAPT, GMOB, GWEB

Education:

• Bachelor’s degree/University degree or equivalent experience

• Master’s degree preferred

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

#LI-Hybrid

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Most Relevant Skills

Please see the requirements listed above.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

 

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.