Red Team Junior Analyst

• Support Citi's Red, Blue, and Purple Teams during the execution of offensive security assessment operations
• Participate in advanced exploitation operations against a large global enterprise, including Red and Purple Team operations
• Identify opportunities to automate and standardize information security controls
• Resolve any vulnerabilities or issues detected in an application or infrastructure
• Analyze source code to mitigate identified weaknesses and vulnerabilities within the system
• Review and validate automated testing results and prioritize actions that resolve issues based on overall risk
• Scan and analyze applications with automated tools, and perform manual testing if necessary
• Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions
• Assist the development and delivery of secure solutions by coordinating with business and technical contacts
• Leveraging the MITRE ATT&CK Framework
• Helping with Vulnerability Assessments and Penetration Testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
• Proficiencies with Social Engineering Campaigns - phishing, vishing, smishing etc
• Understanding with OS Security: Unix/Linux, Windows, OSX
• Assist in assessing risk when making business decisions
• Demonstrate consideration for the firm's reputation and safeguarding Citigroup, its clients and assets

• 2+ years' experience or equivalent knowledge and exposure with Network Penetration Testing or Infrastructure pen testing
• Familiarity with industry Adversary Emulation Frameworks like PTES, CBEST, iCAST, GFMA
• Understanding of the OSI model
• Knowledge of tools and processes used to expose known and undocumented vulnerabilities in various systems
• Familiarity with Red Team testing tools: Cobalt Strike, Red Team Toolkit
• Familiarity with Vulnerability Assessment tools: Nessus, Qualys, etc.
• Familiarity with Exploitation frameworks: Metasploit, CANVAS, Core Impact
• Familiarity with OS Security: Unix/Linux
• Understanding of common protocols: HTTP, LDAP, SMTP, DNS
• Some Web development and programming experience: Python, Perl, Ruby, Java, .Net etc.
• Bachelor's degree/University degree or equivalent experience

Industry-accredited security certifications (e.g. PNPT, OSCP, OSCE, GXPN, GPEN, GCIH, GWAPT, GCFA, or CISSP)

• Medical, dental & vision coverage
• 401(k)
• Life, accident, and disability insurance
• Wellness programs
• Paid time off packages including vacation, sick leave, and paid holidays
• Discretionary and formulaic incentive and retention awards