Senior Application Security Analyst

• Act as a subject matter expert in offensive information security, application pentesting, networking, operating systems, and databases
• Research and identify potential security issues within Citi Applications
• Demonstrate the impact of any identified vulnerability through the development of proof-of-concept code
• Drive remediation by outlining a defense-in-depth approach to business stakeholders and providing strategic solutions to developers on effective security controls and counter measures
• Have strong technical writing and presentation skills to report and articulate the vulnerability assessment results to any audience
• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation

• Master’s Degree in Computer Science, Cyber Security or related field with a minimum of 3 years of experience in a penetration testing or application development role
• Bachelor’s Degree in Computer Science, Cyber Security or related field with a minimum of 5 years of experience in a penetration testing or application development role
• Strong understanding of a variety of application architectures (Microservices, REST APIs, SOA, MVC), software development methodologies (Agile, DevOps, Waterfall), programming/scripting languages (Java, .NET/C#, C/C++, Python, Ruby), development frameworks (Spring, Struts, AngularJS, NodeJS), and application infrastructure
• Hands on knowledge and experience in a subset of the following tools: BurpSuite Proxy, AppScan, WebInspect, CheckMarx, BlackDuck, Snyk, Nessus, NMAP
• Must have or be willing to obtain Industry-accredited security certifications such as: GIAC GWEB, GWAPT, GMOB, GPEN, GXPN, OSCP, OSWE, CISSP
• Deep knowledge of common application security related industry standards such as OWASP Top 10, CWE/SANS Top 25
• Demonstrated experience in vulnerability discovery, analysis, and exploitation
• Understand CVEs and should be able to reproduce proof-of-concept easily
• Comfortable with manual application penetration testing and threat modeling

Prior experience with application development and performing manual code review

• medical, dental & vision coverage
• 401(k)
• life, accident, and disability insurance
• wellness programs
• paid time off packages including vacation, sick leave, and paid holidays
• discretionary and formulaic incentive and retention awards