CrawlJobs Logo

External Penetration Testing - Vendor Lead

https://www.citi.com/ Logo

Citi

Location Icon

Location:
Singapore , Singapore

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

This is a senior level professional position responsible for serving as a liaison between Citi Stakeholders and External Penetration Testing vendors to address testing challenges, drive vulnerability discussions with Citi Stakeholders, drive operational health of the penetration testing vendors along with their adherence to Citi procedures, analyze vulnerability trends to better improve the root cause model of existing testing mechanisms and maintain the overall security hygiene for the organization. This role will also require the candidate to manage the end-to-end Vulnerability Disclosure Process for Citi that would involve onboarding applications with vendors, triaging and driving lessons learned as part of the public disclosure and Private Bug Bounty program. The overall objective of this role is to ensure the execution of Information Security directives and activities is in alignment with Citi's data security policy.

Job Responsibility:

  • Be the central liaison between Citi stakeholders and the external penetration testing vendor, acting as a collaborator to ensure smooth execution of the end-to-end engagement
  • Manage the end-to-end process of Vulnerability Disclosure activities that involves onboarding applications, triaging, retesting and identifying lessons learned from the vulnerabilities reported through this channel
  • Knowledge of OWASP Top 10 and SANS top 25
  • Perform Yearly Quality Checks on the vendors to ensure adherence to technical and process quality
  • Act as an application security subject matter expert to assist both Citi stakeholders and third-party vendors during vulnerability risk discussions
  • Focus and drive quality as it relates to the information submitted by the businesses who are requesting Penetration testing services and ensuring that the provided information is accurate and complete
  • Focus on maintaining a high level of operational oversight with all vendors and ongoing penetration testing activities in order to ensure that engagements are progressing forward with the right level of attention
  • Have strong communication skills in order to effectively communicate expectations and resolve challenges
  • Have strong technical writing and presentation skills to articulate the penetration testing process end-to-end to any audience
  • Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation
  • Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions to existing processes
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citibank, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency

Requirements:

  • Minimum of 5 years of relevant experience in Information Security and/or relevant Technology role
  • Advanced proficiency with Microsoft Office tools and software
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills
  • Bachelor’s degree/University degree or equivalent experience

Nice to have:

  • Familiarity or hands-on experience in application security testing
  • Basic understanding of Web/ Mobile / API security and relevant testing tools
  • Relevant Certifications is a plus not a requirement: GPEN, GWAPT, GMOB, GWEB
  • Master’s degree preferred

Additional Information:

Job Posted:
January 22, 2026

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Citi - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for External Penetration Testing - Vendor Lead

IT Security Director

The Information Technology Security Director is a hand-on technical leader who w...
Location
Location
United States
Salary
Salary:
Not provided
revelit.com Logo
Revel IT
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Computer Science, or related field
  • 10+ years of progressive cybersecurity experience with at least 5 years in a leadership role
  • Hands-on experience with Azure Cloud Security, including Sentinel, Defender, Key Vault, and Security Center
  • Proficiency in SIEM, EDR, IDS/IPS, IAM, and cloud-native security solutions
  • Familiarity with NIST, CIS, and ISO frameworks
  • Deep technical expertise in network security, endpoint protection, and cloud identity management
  • Strong communicator with the ability to translate complex technical issues into business language
  • Capable of strategic planning while remaining hands-on in execution
  • Skilled collaborator across technical and non-technical teams
Job Responsibility
Job Responsibility
  • Plan, design, and maintain a resilient enterprise security architecture for IT systems, applications, and cloud workloads
  • Define technical requirements and manage enterprise-level cybersecurity tools and services
  • Serve as security lead for projects involving data security, data classification, and DLP (Data Loss Prevention)
  • Oversee day-to-day cybersecurity operations, including monitoring, detection, and incident response
  • Lead root-cause analysis, and remediation activities for security incidents
  • Create and maintain playbooks, plans and policies for all incident response, disaster recovery, and business continuity
  • Conduct root cause analyses and provide technical remediation and mitigation strategies
  • Maintain on-call availability to support major incident response efforts
  • Document all actions, decisions, and outcomes related to incidents, ensuring lessons learned are applied
  • Lead security operations in Azure, including identity and access management, key management, logging/monitoring, and secure networking
  • Fulltime
Read More
Arrow Right

Asia Cyber Security Operations Lead

Citigroup seeks an experienced, proactive, and innovative Asia Cybersecurity Ope...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15+ years of experience in cybersecurity and financial services
  • Demonstrated leadership experience within security operations or similar functions
  • Proven track record of contributing to and managing security operations and supporting transformative change
  • Strong understanding of the cyber threat landscape, attack vectors, and mitigation strategies
  • Expertise in aspects of Security Operations Centers (SOC), Incident Response, Hunting Operations, Threat Defense, Penetration Testing, Vulnerability Management, Red Team operations, threat intelligence, and cybersecurity models
  • Strong communication, interpersonal, and team collaboration skills, with the ability to operate effectively across diverse regional cultures
  • Ability to work effectively in a fast-paced, high-pressure environment
  • Cybersecurity Leadership: Demonstrated ability to lead and motivate cybersecurity teams, manage projects, and contribute to strategic direction under pressure across multiple functions (SOC, Offensive Security, VM, Fusion Center)
  • Strategic Thinking: Capacity to assist in developing and implementing comprehensive Cybersecurity strategy aligned with business objectives and industry best practices across the JANA and Asia South regions
  • Transformation & Innovation: Experience supporting large-scale cyber and digital transformations, fostering a culture of innovation and continuous improvement
Job Responsibility
Job Responsibility
  • Contribute to and manage aspects of Cybersecurity Incident Response and Crisis Management within the JANA and Asia South regions
  • Oversee Hunting Operations and Threat Defense initiatives to proactively identify and neutralize threats
  • Lead and manage Penetration Testing, Vulnerability Management, and Red Team activities within the cluster
  • Support Third-party incident response and management processes
  • Assist in Critical Vulnerability response and remediation initiatives
  • Participate in and lead specific Cyber Exercises Program activities
  • Contribute to Cyber Threat Intelligence efforts and analysis
  • Support Cyber Data Analytics and reporting for regional operations
  • Assist in the development and implementation of Cybersecurity risk mitigation programs
  • Pro-actively support the Global Head in evolving the Cyber Fusion function and other cybersecurity operational capabilities, contributing to the development and implementation of a comprehensive strategy aligned with Citigroup's business enablement & efficiency objectives and security posture within the JANA and Asia South regions
  • Fulltime
Read More
Arrow Right

Chief Information Security Officer

We are seeking an experienced Chief Information Security Officer to lead our inf...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
sokin.com Logo
Sokin
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years in information security with 5+ years in senior security leadership roles
  • Experience in regulated financial services (payments, banking, or fintech)
  • Track record of building and leading security teams in scale-up environments
  • Experience with FCA regulation, PCI-DSS compliance, and financial services audits
  • Hands-on experience with security incident response and crisis management
  • Deep knowledge of AWS security services (GuardDuty, Security Hub, WAF, KMS, CloudTrail, Config)
  • Experience with containerised environments (EKS/Kubernetes) and serverless security
  • Strong understanding of network security, zero trust architecture, and micro-segmentation
  • Proficiency with SIEM platforms (Splunk, Datadog Security, or equivalent)
  • Knowledge of application security tools: Wiz, SonarQube, Burp Suite, OWASP ZAP
Job Responsibility
Job Responsibility
  • Define and execute the enterprise information security strategy aligned with business objectives
  • Establish and maintain the Information Security Management System (ISMS) to support constant certification readiness with PCI DSS, ISO 27001 and SOC2
  • Own security policies, standards, and procedures across the organisation
  • Report to the Board and senior leadership on security posture, risk exposure and programme maturity
  • Manage security budget and resource allocation
  • Lead enterprise security risk assessments and maintain the infosec item on the risk register
  • Ensure compliance with FCA operational resilience requirements and SYSC guidelines
  • Maintain PCI-DSS Level 1 compliance across payment processing infrastructure
  • Oversee GDPR, UK Data Protection Act, and international privacy compliance
  • Manage relationships with external auditors, penetration testers, and regulatory bodies
What we offer
What we offer
  • Competitive salary and equity participation
  • Hybrid working with flexibility
  • Private healthcare
  • Pension contribution
  • Professional development budget
  • Opportunity to shape security strategy at a high-growth fintech
Read More
Arrow Right

IT Operations Lead

Mowlam Healthcare is Ireland’s largest independent provider of nursing home care...
Location
Location
Ireland , Limerick City
Salary
Salary:
Not provided
mowlamhealthcare.com Logo
Mowlam Healthcare
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-8 years IT administration experience in a technical role
  • Degree in computer science or similar preferred, however industry experience and qualifications may be considered as equivalent
  • In depth technical knowledge and experience managing M365, Intune, Defender for Endpoint and Azure
  • Expert technical understanding of software and hardware installations, operating systems, spreadsheet applications, and general IT problem solving
  • Excellent understanding and practical experience of system/data backup and restore technologies
  • Good understanding and practical experience of SDWAN and wired and wireless LAN networking technologies
  • Proven or willingness to develop technical project management skills
  • Proven or willingness to develop budget management skills
  • Experience managing technology vendors to ensure services are delivered in line with contractual requirements and within SLAs
  • Good understanding and awareness of information security principles
Job Responsibility
Job Responsibility
  • Develop an understanding of company workflows and processes in order to analyse user technology needs effectively to drive continuous improvements of IT processes
  • Assume responsibility for the day-to-day operational management of all IT networks and systems
  • Support in conjunction with managed IT Provider, staff onboarding and offboarding processes, including the preparation of end user devices, systems access provisioning and general IT and cybersecurity awareness training
  • Provision of end user technical support when required
  • Act as the initial point of escalation for technical issues impacting business operations
  • Oversee in conjunction with the managed IT provider the management of the organisations cloud technologies, including M365 and Azure
  • In collaboration with IT Managed Service Providers, oversee the technical configuration of networks and cloud infrastructure
  • Ensure the alignment of technology management with the organisations IT and security policies
  • Develop, implement and communicate appropriate IT Standard Operating Procedures across the organisation
  • Oversee the management of IT and network managed service providers to ensure services are delivered in a resilient and secure manner
  • Fulltime
Read More
Arrow Right

Chief Information Security Officer

Location
Location
Egypt , New Cairo
Salary
Salary:
Not provided
ethicshr.com Logo
Ethics HR
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s/Master’s degree in Information Security, Computer Science, Engineering, or related field from a reputable university
  • 12-15+ years of progressive experience in information security, cybersecurity, or technology risk roles, preferably in banking or financial services
  • Strong knowledge of Central Bank of Egypt cybersecurity frameworks, digital banking guidelines, and financial-sector regulations
  • Deep understanding of security technology, network security, IAM, application security, and SOC operations
  • Experience overseeing incident response, security architecture, and enterprise-wide risk management
  • Professional certifications preferred (CISSP, CISM, CRISC, CCSP or equivalent)
  • Strong knowledge of international standards like ISO 27001/27002 and global best practices for financial data protection
  • Strong leadership, communication, and stakeholder management skills with the ability to influence senior executives and steer enterprise-level decisions
Job Responsibility
Job Responsibility
  • Define and execute the bank’s enterprise information security strategy in alignment with the business and regulatory requirements
  • Establish security governance frameworks, policies, and standards across all technology and business functions
  • Oversee cybersecurity programs including threat detection, incident response, vulnerability management, and security operations
  • Lead enterprise-wide technology risk management, ensuring effective identification, assessment, and mitigation of risks
  • Ensure full compliance with Central Bank of Egypt cybersecurity mandates, digital banking requirements, and data protection regulations
  • Develop and manage the Cloud Security Architecture (e.g., AWS, Azure) strategy, ensuring secure configuration and compliance for all digital infrastructure
  • Establish Security Metrics and Key Risk Indicators (KRIs) for regular reporting to the Board and Executive Committee, demonstrating the effectiveness of the security program
  • Implement and govern API Security standards and best practices to protect data exchange within the digital ecosystem and external partners
  • Formally manage and sign off on outsourcing security agreements (third-party risk) to meet specific CBE requirements for external service providers
  • Coordinate internal and external audits, penetration tests, and security assessments
Read More
Arrow Right

Product Security Engineer

Join Airtable as a Product Security Engineer and play a pivotal role in shaping ...
Location
Location
United States , San Francisco; Seattle; New York City; Los Angeles
Salary
Salary:
170000.00 - 277000.00 USD / Year
airtable.com Logo
Airtable
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2+ years experience in product security and application security
  • Experience shipping production code
  • Skilled at conducting in-depth security reviews and collaborating with engineering teams
  • Proficient in writing clean, maintainable code
  • Hands-on experience with AI product security for LLM-powered products
  • Strong communicator and collaborator, able to drive security initiatives
  • Comfortable making systems as well as breaking them
  • Familiar with JavaScript or TypeScript, Node, Linux, and AWS or comparable technologies
  • Comfortable working in a fast-paced environment and contributing to long-term security strategy
Job Responsibility
Job Responsibility
  • Partner with product teams to review product plans, designs, and code for security considerations
  • Lead and implement programs that raise the bar for application and product security
  • Build and ship frameworks that make it easy for product engineers to ship secure code
  • Triage and drive remediation for findings from external penetration testers
  • Research emerging threats and evolving best practices, especially in AI and LLM safety
  • Work with advisors and third party vendors on penetration tests, security reports and compliance projects
  • Contribute to roadmaps, metrics and strategic planning for the product security team
What we offer
What we offer
  • Benefits
  • Restricted stock units
  • Incentive compensation
  • Fulltime
Read More
Arrow Right

Cybersecurity Manager

Location
Location
Egypt , New Cairo
Salary
Salary:
Not provided
ethicshr.com Logo
Ethics HR
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s/Master’s degree in Cybersecurity, Information Technology, Computer Science, or related field from a reputable university
  • Minimum 8 years of experience in cybersecurity, including 3 years in a managerial or leadership role
  • Deep understanding of cybersecurity frameworks (NIST, ISO 27001, CIS Controls, PCI DSS, PCI PIN Security), threat management, and regulatory requirements
  • Hands-on experience with SIEM, firewalls, IDS/IPS, endpoint protection, and incident response
  • Excellent communication, leadership, and stakeholder management skills
  • Good knowledge about Risk assessment methodologies and secure development lifecycle
Job Responsibility
Job Responsibility
  • Design, implement, and maintain the bank’s cybersecurity architecture and controls
  • Monitor cyber threats, detect anomalies, and respond to incidents in coordination with IT and security teams
  • Conduct penetration testing and vulnerability assessments in partnership with internal and external teams
  • Lead threat intelligence initiatives and coordinate with regulators on cybersecurity reporting
  • Develop and implement security awareness programs for staff and leadership
  • Collaborate with IT, business, and vendor teams to ensure secure deployment of digital banking services
  • Maintain cybersecurity documentation, policies, and standards
Read More
Arrow Right

Head of Security

As our Head of Security, you’ll play a critical role in protecting the trust our...
Location
Location
Australia , Sydney
Salary
Salary:
Not provided
prezzee.com.au Logo
Prezzee
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A degree in Computer Science, Software Engineering, or a related discipline
  • 5+ years’ experience in a senior cyber security role, ideally within a systems development or technology-led environment
  • Strong understanding of AWS technologies and modern cloud architecture models
  • Proven experience delivering strategic security programs, including policy development, risk management, BCP/DR testing, third-party risk, and end-user device security
  • Hands-on experience triaging, investigating, and resolving security and operational incidents within SLAs
  • Deep knowledge of modern cyber security principles, threat landscapes, threat intelligence, and remediation techniques
  • Experience coordinating outcomes across internal teams, external vendors, auditors, and security partners
  • A collaborative, business-minded approach with the confidence to influence at leadership level
Job Responsibility
Job Responsibility
  • Lead Our Security Strategy: Own and deliver a clear, ongoing security roadmap aligned to Prezzee’s risk appetite, business priorities, and growth plans
  • Continuously uplift our administrative, technical, and procedural security posture across the business
  • Stay ahead of emerging threats and evolving standards, ensuring Prezzee remains proactive rather than reactive
  • Build a Security-First Culture: Act as the Security Champion across all teams and locations, embedding security awareness into how we work every day
  • Partner closely with engineering, product, IT, and the wider business to ensure security is at the forefront of design
  • Manage and mentor a small, high-performing security team, driving engagement and alignment with Prezzee’s purpose
  • Governance, Risk & Compliance: Maintain and expand compliance with frameworks and certifications including PCI, ISO:27001, Cyber Essentials+, ISO:42001 and others as required
  • Chair and manage the ISMS Committee, ensuring stakeholders have clear visibility of risks, controls, and progress
  • Lead third-party and vendor security due diligence across tools, partners, and workplace technology
  • Operational Security & Incident Management: Oversee vulnerability management, penetration testing outcomes, and remediation within agreed SLAs
What we offer
What we offer
  • Prezzeeversary Leave – Extra day of annual leave for each year you’re with us
  • BirthYay Leave – Celebrate you with a paid day off during your birthday month
  • Novated Car Leasing – A tax-smart way to bundle and pay for your car and running costs
  • ClassPass Membership – Fully covered monthly credits for fitness, wellness, and beauty
  • Office Allowance – One-time payment to upgrade your office setup
  • Flexible Work Perks – Flex your hours, take Culture Swap Days, and work from anywhere for 30 days a year
  • Prezzee Staff Discounts – Exclusive deals on Prezzee gift cards – just for being part of the team
  • Wellbeing Support – Access to mental, social, financial, and physical wellbeing support via Telus
  • Learning & Development – Grow your career with LinkedIn Learning, job shadowing, industry programs, and our Lunch & Learn sessions
  • Employee Resource Groups – Be an advocate or ally and foster belonging through groups like EmpowHer and Pride
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy