Application Security Tech Lead, Citi

Citi

Location:
United Kingdom, London

Category:
IT - Software Development

Contract Type:
Not provided

Salary:

Not provided

Save Job

Apply Position

Job Description:

The position is a cross-functional role that will be responsible for various Application Security program initiatives. The successful candidate must be an individual who understands modern software development trends, understands engineering-led software security practices, and keeps up with the evolving cyber security threat landscape. The individual will work closely with SDLC program to contribute to defining application security testing standards and policies. Responsibilities include defining testing services and methodologies (be they tool-based and/or manual) in the early SSDLC lifecycle. The primary focus will address testing needs within development organizations striving for continuous deployment and using automated security tooling including SAST, DAST, SCA, ASPM, Secrets Scanning, etc.

Job Responsibility:

Establish/manage multiple security programs that support the security testing requirements at the bank
Forge and maintain strong working relationships with development functions/teams, product delivery teams, project management, third party management, enterprise architecture, audit teams, etc.
Participate in security and technology strategic planning to ensure identified risk governance is incorporated into the CISO enterprise strategy
In partnership with business sectors, run delegate action groups to provide recommendations to strengthen development processes and security testing
Appropriately assess risk and provide software security advice when business decisions are made
Interface with Application Security Program Team to oversee Program Projects and Initiatives and make strategic recommendations to senior manager on standards and policy changes

Requirements:

Bachelor's Degree with 4 - 6 years' experience in web application development or application code review
Experience as a technical lead or manager
Knowledge of cloud computing concepts and DevOps tools (OpenShift, Kubernetes, Docker, Chef, etc)
Experience using or testing cloud platforms (AWS, Google, Azure, etc) and security in/of the cloud
Understanding of security, web-based and infrastructure vulnerabilities
Experience in source code management, build and deployment technologies such as RLM, Ueploy, Jenkins, Artifactory, Maven, GitHub, etc
Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience
Understanding of Snyk, Checkmarx, CDXGen, Dependency Track, Fortify, GitHub Advance Security, Sonatype or Black Duck platform is a plus
Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures
Excellent communication skills (written and verbal)
Demonstrated knowledge of recognized security industry standards and leading practices (e.g., FFIEC, NIST, C2M2, ISO)
Relevant professional certifications: GIAC, CISA, CISM, CRISC, CISSP or equivalent desired
Effective strategic planning and execution abilities with exceptional planning, organization
Advanced and functional understanding of Security industry operations, technologies and processes

Nice to have:

Master’s degree preferred
Understanding of Snyk, Checkmarx, CDXGen, Dependency Track, Fortify, GitHub Advance Security, Sonatype or Black Duck platform
Relevant professional certifications: GIAC, CISA, CISM, CRISC, CISSP or equivalent

Additional Information:

Job Posted:
April 30, 2025

Employment Type:

Fulltime

Work Type:

On-site work

View All Jobs In This Company

Job Link Share:

Application Security Tech Lead