Citi Group Senior Cloud SecOps Penetration Testing Lead SVP C14 

United States, District of Columbia, Washington 

437302230

Responsibilities

• Lead end-to-end security assurance activities including Penetration Testing, Vulnerability Assessments (preproduction, post-production) and Purple Team exercises (Red and Blue team collaboration) in order to identify areas of risk and ensure any gaps are documented and remediated
• Understand emerging and existing threats across AWS, GCP, and Azure and assess Citi’s defensive posture against these threats including running atomic tests to ensure controls are working as designed
• Provide threat modeling and risk assessment services to characterize the risk and severity posture of various systems and components in the Cloud environment
• Partner with Engineering and Operations teams to create, implement, and apply DevSecOps practices and processes that are consumed by developers across all sectors in Citi
• Supplement cloud monitoring and vulnerability assessment tool(s) by adding new capabilities, security checks, and automation to existing workflows
• Identify new requirements/enhancements to standards, tools, and processes
• Partner with Engineering teams to evaluate and recommend new and emerging products and technologies that will bring enhancements to the cloud security program

Qualifications

• 4-5 years' experience with hands-on Penetration Testing

8-10 years' experience working in most of the following areas:

• Proven offensive security-oriented mindset (vulnerability assessments, infrastructure & application pen testing, threat modeling, threat actor emulation)
• Hands-on experience and comprehensive understanding of Cloud security concepts/best practices within each Cloud Service Provider (AWS, GCP, Azure, etc.)
• Strong proficiency with securing containers and container orchestration frameworks (such as Kubernetes – EKS, GKE, OpenShift)
• Deep Understanding of MITRE ATT&CK and attacker TTPs
• Programming/Scripting languages are a plus (especially Python)
• Infrastructure as Code (IaC) experience is a plus (especially Terraform)
• Ability to deliver presentations to senior leaders and peer organizations in both a technical and non-technical manner
• Demonstrated ability to take ownership and follow up on issues
• Demonstrated ability to work in a team and to work well under pressure
• Advanced analytical and problem-solving skills
• Consistently clear and concise written and verbal communication
• Proficient in interpreting and applying policies, standards, and procedures

Education

• Bachelor's Degree or equivalent working experience
• Candidates must possess or be open to pursuing one or more of the following industry-accredited certifications within the 1st year of employment:

Cloud security certifications:Azure Security Engineer Associate, Microsoft 365 Certified Security Administrator Associate, AWS Security Specialty, GCP Professional Cloud Security Engineer, etc.

Container/Kubernetes certifications:CKA, CKAD, CKS, etc.

Other security certifications:OSCP, OSCE, GXPN, GPEN, GCIH, GWAPT, etc.

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Anticipated Posting Close Date:

View the " " poster. View the .

View the .

View the