Citi Group Senior Cloud SecOps - EMEA Lead 

Hungary 

257985056

What you will do:

• Lead end-to-end security assurance activities including Penetration Testing,Vulnerability Assessments (preproduction, post-production) and Purple Team exercises (Red and Blue team collaboration) in order to identify areas of risk and ensure any gaps are documented and remediated.
• Conduct white box and gray box penetration testing for Cloud systems leveraging technologies like Kubernetes, Docker, and serverless computing.
• Collaborate with security teams (e.g. Threat Modeling and Detection, Identity, Cybersecurity Engineering, etc.) to implement practical security measures on Cloud platforms like AWS Lambda, Azure App Service, and Google Cloud Functions, in alignment to industry standards.
• Stay abreast on the latest threats and security advancements in Cloud computing technologies like VPCs, IAM, and encryption to refine and further optimize white box and gray box penetration testing strategy.
• Understand emerging and existing threats across AWS, GCP, and Azure and assess Citi’s defensive posture against these threats including running atomic tests to ensure controls are working as designed.
• Provide threat modeling and risk assessment services to characterize the risk and severity posture of various systems and components in the Cloud environment.
• Partner with Engineering and Operations teams to create, implement, and apply DevSecOps practices and processes that are utilized by developers across all sectors in Citi.
• Supplement Cloud monitoring and vulnerability assessment tool(s) by adding new capabilities, security checks, and automation to existing workflows.
• Identify new requirements/enhancements to standards, tools, and processes.
• Partner with Engineering teams to evaluate and recommend new and emerging products and technologies that will bring enhancements to the overall Cloud security program as needed.

Your profile:

• 8+ years' experience working in offensive security-oriented roles with 4+ years' experience with hands-on Penetration Testing.
• Bachelor's Degree or equivalent working experience.
• Hands-on white box and gray box penetration testing of AWS, Azure, and Google Cloud Platform infrastructure.
• Proven experience with Cloud security concepts/best practices within each Cloud Service Provider (e.g., AWS, GCP, Azure/M365).
• Strong proficiency with securing containers and container orchestration frameworks (such as Kubernetes – EKS, GKE, OpenShift).
• Deep Understanding of MITRE ATT&CK and attacker TTPs.
• Programming/Scripting languages are a plus (especially Python).
• Infrastructure as Code (IaC) experience is a plus (especially Terraform).
• Ability to deliver presentations to senior leaders and peer organizations in both a technical and non-technical manner.
• Demonstrated ability to take ownership and follow up on issues.
• Advanced analytical and problem-solving skills.
• Consistently clear and concise written and verbal communication.
• Proficient in interpreting and applying policies, standards, and procedures.
• Fluent English.

Candidates must possess or be open to pursuing one or more of the following industry-accredited certifications within the 1st year of employment:

• Cloud security certifications: Azure Security Engineer Associate, Microsoft 365 Certified Security Administrator Associate, AWS Security Specialty, GCP Professional Cloud Security Engineer, etc.
• Container/Kubernetes certifications: CKA, CKAD, CKS, etc.
• Other security certifications: OSCP, OSCE, GXPN, GPEN, GCIH, GWAPT, etc.

By joining Citi Hungary, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive compensation package and enjoy a whole host of additional benefits that support you (and your family) to be well, live well and save well:

• Cafeteria Program
• Home Office Allowance (for colleagues working in hybrid work models)
• Paid Parental Leave Program (maternity and paternity leave)
• Private Medical Care Program and onsite medical rooms at our offices
• Pension Plan Contribution to voluntary pension fund
• Group Life Insurance
• Employee Assistance Program
• Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed
• Flexible work arrangements to support you in managing work - life balance
• Career progression opportunities across geographies and business lines
• Socially active employee communities with diverse networking opportunities

Time Type:

View the " " poster. View the .

View the .

View the