CrawlJobs Logo

Cloud Security Threat Modeler Senior Analyst

https://www.citi.com/ Logo

Citi

Location Icon

Location:
Poland , Warsaw

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

Engineer the future of global finance. At Citi, our Tech team doesn’t just support finance – we are helping to redefine it. Every day, $5 trillion crosses through our network. We do business in 180+ countries operating at a scale few can match. From deploying advanced AI to helping shape global markets, we build systems that matter. Look to join a team where your work helps influence economies, your ideas can drive innovation and outcomes, and your growth is backed by mentorship, continuous learning and flexibility with potential hybrid work opportunities. Help solve real-world challenges that touch millions and get the opportunity to build the future of finance with Citi Tech. The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients', our revenue, our employees and our proprietary data. We manage information security as one end-to end program – one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions. Citi is looking for a security focused person with a good understanding of cybersecurity principles to work in the Cloud Threat Modeling team. Using threat modeling you will identify threats and specify mitigating controls which will directly reduce the risk of Citi operating in the public cloud.

Job Responsibility:

  • Perform Threat Modeling using a documented process
  • Development of automation tools as required
  • Maintain a high standard of work in identifying threats and specifying mitigating controls
  • Attending to the lifecycle of identified threats and controls
  • Delivery of threat models and supporting tasks within existing timeframes
  • Provide feedback, support, and improvements to the existing threat modeling process
  • Present work to seniors, the team, and other technical teams

Requirements:

  • 5+ years of experience in a Cybersecurity role
  • Proven experience with Jira or other similar ticketing systems
  • Strong understanding of security best practices related to Authentication, Authorization, Logging/Monitoring, Encryption, Infrastructure Security, and Network Segmentation
  • Experience with scripting languages (e.g., Python, Bash, PowerShell) or Infrastructure as Code tools (e.g., Terraform, CloudFormation)
  • Familiarity with threat modeling methodologies like STRIDE, PASTA, Attack Trees, and the MITRE ATT&CK framework, as well as threat modeling tools (e.g., IriusRisk, ThreatModeler, Microsoft Threat Modeling Tool)
  • Ability to identify vulnerabilities using CWE or OWASP frameworks
  • Working knowledge of Operating Systems (e.g., Windows, Linux) and their hardening best practices
  • Familiarity with Development Concepts such as CI/CD pipelines, and SDLC
  • Working knowledge of Cloud Platforms (e.g., AWS, Azure, GCP)
  • Ability to design and review technical architectures
  • Strong analytical skills, diligence, and attention to detail
  • Excellent skills in creating and maintaining high-quality documentation
  • Demonstrated ability to work effectively with diverse individuals and teams
  • Excellent written and verbal communication skills
  • A passion for continuous learning and staying up-to-date with new technologies and methodologies
  • Proven ability to build relationships across multiple cross-functional teams
  • Bachelor's degree in Computer related field or equivalent work experience

Nice to have:

  • 3+ years experience specifically focused on Threat Modeling
  • Experience with Docker, Kubernetes, Serverless Technologies (e.g., AWS Lambda, Azure Functions, Google Cloud Functions), and Helm
  • Familiarity with Cloud Development Kit (CDK) and GitOps principles
  • Experience supporting or performing Penetration Testing activities (e.g., vulnerability scanning, network penetration testing, web application testing, mobile application testing)
  • Experience with Snowflake, MongoDB, Terraform Cloud, GitHub, or Databricks
  • Experience working in a regulated environment (e.g., financial services)
  • Ability to think like an attacker and anticipate potential threats
  • Cloud Certifications (Foundational or Practitioner Level): AWS Certified Cloud Practitioner, AWS Certified Solutions Architect – Associate, Google Cloud Certified Professional Cloud Architect, Microsoft Certified: Azure Solutions Architect Expert, Microsoft Certified: Azure Administrator Associate, CompTIA Cloud+
  • Cybersecurity Certifications (Foundational Level): CompTIA Security+, (ISC)² Certified in Cybersecurity, GIAC Security Essentials Certification (GSEC), ISACA CSX Cybersecurity Fundamentals Certificate
What we offer:
  • Private Medical Care Program
  • Life Insurance Program
  • Pension Plan contribution (PPE Program)
  • Employee Assistance Program
  • Paid Parental Leave Program (maternity and paternity leave)
  • Sport Card
  • Holidays Allowance
  • Sport and team recreation activities
  • Special offers and discounts for employees
  • Access to an array of learning and development resources
  • A discretional annual performance related bonus
  • A chance to make a difference with various affinity networks and charity initiatives

Additional Information:

Job Posted:
December 31, 2025

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Citi - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Cloud Security Threat Modeler Senior Analyst

Cloud Security Senior Analyst

The Cloud Security Operations team works in a multi-disciplinary team of teams d...
Location
Location
Hungary , Budapest
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in a similar, offensive security related role
  • Offensive Security-oriented mindset (threat-modeling, vulnerability assessments, penetration testing, etc.)
  • Hands-on experience with cloud platforms (GCP, AWS)
  • Excellent understanding of cloud security concepts/best practices in various cloud Service Providers (for example: Azure/M365)
  • Familiarity with the current threat landscape which GCP exists in
  • Familiarity with securing containers and container orchestration frameworks (such as Kubernetes)
  • Programming/scripting languages a plus (Python and PowerShell preferred, but not required)
  • Ability to deliver presentations to technical and non-technical individuals
  • Fluency in English
  • Bachelor's Degree or equivalent working experience
Job Responsibility
Job Responsibility
  • Full end to end security assurance activities in GCP including Vulnerability Assessments (preproduction, post-production), Purple Team exercises (Red and Blue team collaboration) to identify areas of risk and ensure any gaps are documented and remediated
  • Provide threat modeling and risk assessment services to characterize the risk and severity posture of various systems and components in the cloud environment
  • Partner with Engineering and Operations teams to create, implement, and apply DevSecOps practices and processes that are consumed by developers across all sectors in Citi
What we offer
What we offer
  • Cafeteria Program
  • Home Office Allowance (for colleagues working in hybrid work models)
  • Paid Parental Leave Program (maternity and paternity leave)
  • Private Medical Care Program and onsite medical rooms at our offices
  • Pension Plan Contribution to voluntary pension fund
  • Group Life Insurance
  • Employee Assistance Program
  • Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed
  • Flexible work arrangements to support you in managing work - life balance
  • Career progression opportunities across geographies and business lines
  • Fulltime
Read More
Arrow Right

Cyber Architect - Info Security Tech Senior Analyst

The Cyber Architect - Info Security Tech Senior Analyst is an intermediate level...
Location
Location
Hungary , Budapest
Salary
Salary:
12211560.00 - 20474640.00 Ft / Month
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-8 years of relevant experience
  • Additional technical certifications are preferred
  • Demonstrated ability to research and apply current information regarding the IS field
  • Threat modelling using industry standard methodologies (e.g. STRIDE/DREAD) Experience developing Reference Security Architecture and Design Patterns to support proactive and automated controls
  • Strong knowledge of security for applications related to authentication / authorization, data protection, session management, data validation, and end point protections
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills
  • Bachelor’s degree/University degree or equivalent experience
Job Responsibility
Job Responsibility
  • Plan, research, and design security architecture for IT systems and applications (internally developed as well as vendor supplied) for processing multiple classification levels of data on prem, and cloud
  • Determine the security controls for above, document appropriately and partner with IT architecture/development stakeholders to implement during early in system development life cycle
  • Perform security architecture and risk assessment of internally developed or acquired IT systems and applications using best practices including threat modelling. Ensure that security design and controls are consistent with organization's security architecture principals
  • Establish relationships with cross-functional areas including Business, Technology, and Compliance stakeholders and serve as a SECURITY subject-matter expert
  • Manage risk by analyzing the root cause of security issues, determining compensating controls, and driving remediation
  • Coordinate with system development and infrastructure units to identify Information Security (IS) risks and the appropriate controls for development, day-to-day operation, and emerging technologies
  • Perform regular assessments based on changes in the threat landscape
  • Provide information security support with related activities during systems development (e.g. authentication, encryption)
  • Identify significant IS threats and vulnerabilities
What we offer
What we offer
  • Cafeteria Program
  • Home Office Allowance (for colleagues working in hybrid work models)
  • Paid Parental Leave Program (maternity and paternity leave)
  • Private Medical Care Program and onsite medical rooms at our offices
  • Pension Plan Contribution to voluntary pension fund
  • Group Life Insurance
  • Employee Assistance Program
  • Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed
  • Flexible work arrangements to support you in managing work - life balance
  • Career progression opportunities across geographies and business lines
  • Fulltime
Read More
Arrow Right

Senior Information Security Analyst - Application Security Champion

Wells Fargo is seeking a Senior Information Security Engineer.
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
https://www.wellsfargo.com/ Logo
Wells Fargo
Expiration Date
March 29, 2026
Flip Icon
Requirements
Requirements
  • 4+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
  • 4+ years of Application Security Champion experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
  • 4+ years of overall Information/Cyber security experience with a bachelor's degree or higher in Engineering or Computer or Information technology
  • 2+ years of experience in at least one of the following practices like Security Requirements, Application Threat Modeling, Static Analysis, Application Security Risk Assessments, Security Design requirements
  • Knowledge and experience in identifying and suggesting mitigations to OWASP top 10, CWE/SANS top 25 to development teams
  • Ability to manage multiple priorities in a fast-paced dynamic environment
  • Advanced problem-solving skills, ability to develop effective long-term solutions to problems
  • Excellent verbal and written communication skills
  • Excellent inter-personal skills contributing to cordial team environment
  • Knowledge and understanding of secure SDLC (System Development Life Cycle) methodologies
Job Responsibility
Job Responsibility
  • Lead or participate in computer security incident response activities for moderately complex events
  • Conduct technical investigation of security related incidents and post incident digital forensics to identify causes and recommend future mitigation strategies
  • Provide security consulting on medium projects for internal clients to ensure conformity with corporate information, security policy, and standards
  • Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security
  • Review and correlate security logs
  • Utilize subject matter knowledge in industry leading security solutions and best practices to implement one or more components of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity
  • Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives
  • Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals
  • Reviewing security requirements and security design submissions by application teams. Submissions will either be approved or rejected based on evaluation and comparison to systems of record
  • Provide information security consultation to improve awareness and compliance with Enterprise Application Security Program (EASP) policy, processes, and standards
  • Fulltime
Read More
Arrow Right

Senior Consultant - Proactive Services

As a Senior Consultant in Unit 42 you will have the opportunity to work across a...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
paloaltonetworks.it Logo
Palo Alto Networks Italia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3+ years of consulting experience in SOC, security engineering, SIEM administration, and incident management
  • Demonstrated success with serving large, multinational organisations in designing and implementing an organisation’s security operations program
  • Possess a deep technical knowledge in Security Incident and Event Management (SIEM) platforms, Security Orchestration and Response (SOAR) technologies, Endpoint Protection and Response/Next Gen Protection and Response (EDR/XDR) tools, Next GenFirewalls, Threat Intelligence and Hunting platforms
  • Experience in security operations design, engineering and/or analysis and investigations, ideally in complex environments
  • Ability to perform detailed assessments, identify areas for improvement and make recommendations to transform an organisation's cyber security operations
  • Demonstrated experience in improving an organisations security operations capabilities
  • Experience in conducting threat hunting and/or compromise assessments
  • Relevant industry certifications including GIAC Defensible Security Architect (GDSA), GIAC Intrusion Analyst (GCIA), GIAC Continuous Monitoring (GMON), CISSP
  • Understanding of cyber risk frameworks or industry standards such as 800-53, ISO 27001/2, PCI, CIS 18, CMMC
  • 3+ years of experience performing cloud security advisement and risk assessments
Job Responsibility
Job Responsibility
  • Work across a number of proactive cyber security domains including Cloud Security, Security Operations, Cyber Risk Management and Artificial Intelligence in cyber security
  • Deliver the best consulting outcomes for clients, as they work to address the challenges associated with today’s cyber threat landscape
  • Fulltime
Read More
Arrow Right

Product Security Engineer - AI

At Crusoe, the AI Security Engineer is central to ensuring the safety, integrity...
Location
Location
United States , San Francisco
Salary
Salary:
135000.00 - 150000.00 USD / Year
crusoe.ai Logo
Crusoe
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3+ years of professional experience building and maintaining production systems
  • Strong Python programming skills and experience across the stack (backend/frontend)
  • Deep expertise in advanced Generative AI techniques, including implementing Retrieval-Augmented Generation (RAG), designing AI Agents and Multi-step Cognitive Processes (MCP), and building with workflow orchestration frameworks
  • Proven ability to own the entire model lifecycle by designing and managing robust MLOps pipelines
  • Experience with containerization (Docker), virtualization (VMs), and cloud platforms (AWS, GCP, Azure) is a plus
  • Experience in designing, implementing, and fine-tuning custom LLMs
  • Strong understanding of NLP fundamentals, transformer architectures, PyTorch/TensorFlow, and data structures
  • Strong curiosity about security, privacy, and threat modeling
  • Strong product sense for rapid iteration and refinement based on data
  • Collaborative mindset to work closely with engineers, product managers, and security analysts in a fast-paced environment
Job Responsibility
Job Responsibility
  • Act as the technical leader and SME on the practical security of our AI and LLM ecosystem
  • Define the long-term technical roadmap for AI security architecture and drive high-impact cross-functional initiatives
  • Lead the design and implementation of highly secure Generative AI solutions for security applications, focusing on architectural patterns like Retrieval-Augmented Generation (RAG)
  • Architect and implement custom, AI-powered security tooling that automates threat detection, vulnerability analysis, and data access control
  • Establish governance and processes for secure MLOps pipelines
  • Define standards for model versioning, deployment, and monitoring
  • Lead threat modeling exercises for novel AI systems
  • Apply advanced security and privacy best practices
  • Mentor senior engineers on secure development practices in the GenAI domain
  • Drive the entire lifecycle of critical AI security projects
What we offer
What we offer
  • Restricted Stock Units in a fast growing, well-funded technology company
  • Health insurance package options that include HDHP and PPO, vision, and dental for you and your dependents
  • Employer contributions to HSA accounts
  • Paid Parental Leave
  • Paid life insurance, short-term and long-term disability
  • Teladoc
  • 401(k) with a 100% match up to 4% of salary
  • Generous paid time off and holiday schedule
  • Cell phone reimbursement
  • Tuition reimbursement
  • Fulltime
Read More
Arrow Right

Threat Intelligence Analyst

Threat Intelligence Analyst - initial 3-6 month contract. We're seeking a highly...
Location
Location
United Kingdom , Portsmouth or London
Salary
Salary:
Not provided
triarecruitment.com Logo
TRIA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years' experience in Threat Intelligence, SOC or Incident Response
  • Strong working knowledge of MITRE ATT&CK and threat actor lifecycle analysis
  • Hands-on experience with threat intelligence platforms such as MISP, Recorded Future, Anomali or similar
  • Strong experience with Microsoft security tooling, ideally Sentinel and Defender
  • Proficiency in KQL and working knowledge of Python for automation and enrichment
  • Experience integrating intelligence into SIEM, EDR/XDR, and cloud security platforms (Microsoft, AWS, CrowdStrike, etc.)
  • Deep understanding of the UK cyber threat landscape, particularly critical national infrastructure and public sector threats
  • Comfortable operating as a sole senior threat intelligence specialist while collaborating across SOC and InfoSec teams
Job Responsibility
Job Responsibility
  • Lead threat actor tracking and attribution, focusing on APTs, ransomware, supply chain attacks and UK-relevant campaigns
  • Maintain adversary profiles using MITRE ATT&CK, Diamond Model and sector-specific threat frameworks
  • Correlate internal security telemetry with external intelligence feeds (e.g. MISP, Recorded Future, ISACs, Microsoft TI)
  • Operationalise STIX/TAXII feeds and enrich IOC/IOA pipelines for SOC and Incident Response teams
  • Translate threat intelligence into actionable detections, working with engineers on KQL/SPL queries and proactive threat hunts
  • Produce regular threat reports and briefings for SOC leadership, CISO and senior stakeholders, including board-level risk narratives
  • Manage and oversee a third-party cyber threat intelligence provider, ensuring quality, relevance and value
  • Engage with UK threat-sharing communities and maintain internal threat intelligence documentation and playbooks
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

The Security team at Zip is responsible for protecting the confidentiality and i...
Location
Location
United States , San Francisco
Salary
Salary:
160000.00 - 220000.00 USD / Year
ziphq.com Logo
Zip
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience writing production-quality code for security tooling and services
  • Strong written and verbal communication with internal and external stakeholders
  • A solid understanding of security risks and the ability to balance security with business requirements
  • Experience with web applications, APIs, and cloud environments. At Zip, our stack includes Python, React, GraphQL, Kubernetes, and AWS
Job Responsibility
Job Responsibility
  • Design and implement technical controls to eliminate or mitigate classes of security vulnerabilities
  • Support the development of secure products through design reviews, threat models, static/dynamic scans, and hands-on security assessments
  • Validate, triage, and coordinate security findings from bug bounty and third party pentests
  • Mentor security analysts and security champions on security best practices and techniques
What we offer
What we offer
  • Start-up equity
  • Full health, vision & dental coverage
  • Catered lunches & dinners for SF employees
  • Commuter benefit
  • Team building events & happy hours
  • Flexible PTO
  • Apple equipment plus home office budget
  • 401k plan
  • Fulltime
Read More
Arrow Right

Senior Applied AI Scientist

Microsoft Sentinel Platform NEXT R&D labs is the strategic incubation engine beh...
Location
Location
United States , Multiple Locations
Salary
Salary:
119800.00 - 234700.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree in Statistics, Econometrics, Computer Science, Electrical or Computer Engineering, or related field AND 4+ years related experience (e.g., statistics predictive analytics, research) OR Master's Degree in Statistics, Econometrics, Computer Science, Electrical or Computer Engineering, or related field AND 3+ years related experience (e.g., statistics, predictive analytics, research) OR Doctorate in Statistics, Econometrics, Computer Science, Electrical or Computer Engineering, or related field AND 1+ year(s) related experience (e.g., statistics, predictive analytics, research) OR equivalent experience
  • Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role
  • This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter
  • Master's Degree in Statistics, Econometrics, Computer Science, Electrical or Computer Engineering, or related field AND 6+ years related experience (e.g., statistics, predictive analytics, research) OR Doctorate in Statistics, Econometrics, Computer Science, Electrical or Computer Engineering, or related field AND 3+ years related experience (e.g., statistics, predictive analytics, research) OR equivalent experience
  • 3+ years working with Machine Learning (ML)/Artificial Intelligence (AI) systems (e.g., Large Language Models (LLM/LRM)/Generative AI (GenAI), retrieval/Retrieval-Augmented Generation (RAG), model serving, experimentation platforms, data pipelines) including establishing evaluation metrics and improving model quality
  • Demonstrated success driving zero-to-one (0→1) initiatives
  • ML background and hands-on experience
  • Experience with ML lifecycle: model training, fine-tuning, evaluation, continuous monitoring, and more
  • Coding ability in one or more languages (e.g., Python, C#, C++, Rust, JavaScript/TypeScript)
  • Familiarity and previous work in the field of cybersecurity (e.g., threat detection/response, SIEM/SOAR, identity, endpoint, cloud security) and familiarity with analyst workflows
Job Responsibility
Job Responsibility
  • AI/ML Research: design, development, and analysis of novel AI and machine learning models and algorithms for security and enterprise-scale applications
  • Innovate Across Domains: Explore and apply a broad spectrum of AI/ML techniques, including deep learning, Bayesian probabilistic modeling, classical ML, generative models, and hybrid approaches
  • Experimentation & Evaluation: Design and execute experiments, simulations, and evaluations to validate models and system performance, ensuring measurable improvements
  • Collaboration: Partner with engineering, product, and research teams to translate scientific advances into robust, scalable, and production-ready solutions
  • Customer Impact: Engage with enterprise customers and field teams to co-design solutions, gather feedback, and iterate quickly based on real-world telemetry and outcomes
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy