Citi Group Senior Application Security Analyst 

United States, Texas, Houston 

150879245

Success in the role requires an innovative mind, a proven track record of delivering solutions that meet security needs, integrate application security into our DevOps pipeline, automate security as code and enable successful detection and response to any and all threats in our environment. The individual will work closely with SSDLC program to contribute to defining application security testing standards and policies. Responsibilities include defining testing services and methodologies (be they tool-based and/or manual) in the early SSDLC lifecycle. The primary focus will address testing needs within development organizations striving for continuous deployment and using automated security tooling including SAST, DAST and SCA. Within his/her leadership role, this individual is expected to mentor team members, set direction and lead execution of services as a hand-on participant.

Key Responsibilities:

• The candidate will be responsible for the aspects of the Application Security Program initiatives including but not limited to the following:
• Establish/manage multiple security programs that support the security testing requirements at the bank
• Forging and maintaining strong working relationships with development functions/teams, product delivery teams, project management, third party management, enterprise architecture, audit teams, etc.
• Participate in security and technology strategic planning to ensure identified risk governance is incorporated into the CISO enterprise strategy.
• In partnership with business sectors, run delegate action groups to provide recommendations to strengthen development processes and security testing
• Appropriately assess risk and provide software security advice when business decisions are made
• Interface with Application Security Program Team to oversee Program Projects and Initiatives and make strategic recommendations to senior manager on standards and policy changes

Qualifications

• Experience in key activities within software security group such Threat Modeling / Application Risk Assessment, Vulnerability Assessments, Training, etc.
• Pre-requisites for this position are a Bachelor's Degree with 4 - 6 years' experience in application development or application secure code review

• Experience must include experience as a technical lead or manager
• Knowledge of cloud computing concepts and DevOps tools (OpenShift, Kubernetes, Docker, Chef, etc)
• Experience using or testing cloud platforms (AWS, Google, Azure, etc) and security in/of the cloud is a plus
• Understanding of security, web-based and infrastructure vulnerabilities is required
• Experience in source code management, build and deployment technologies such as RLM, Ueploy, Jenkins, Artifactory, Maven, GitHub, etc
• Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience.
• Understanding of Checkmarx, AppScan Source, Fortify, Veracode, SonarQube, Snyk, Sonatype or Black Duck platform is a plus.
• Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected.
• Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential.
• Demonstrated knowledge of recognized security industry standards and leading practices (e.g., FFIEC, NIST, C2M2, ISO)
• Relevant professional certifications: GIAC, CISA, CISM, CRISC, CISSP or equivalent is desired

Education:

• Bachelor’s degree/University degree or equivalent experience
• Master’s degree a plus

Anticipated Posting Close Date:

View the " " poster. View the .

View the .

View the