Citi Group Application Security Lead Analyst VP C13 

United States, Florida, Jacksonville 

520220316

Responsibilities

• Perform analysis and execution of scans for Software Composition Analysis findings, mobile scanning vulnerabilities
• Direct the development and delivery of secure solutions by coordinating with business and technical contacts
• Perform, review and validate automated testing results related to application security, while prioritizing actions that resolve issues based on overall risk
• Perform manual source code review for security vulnerabilities
• Analyze source code to mitigate identified weaknesses and vulnerabilities within the system
• Identify opportunities to automate and standardize information security controls and for the supported groups
• Work closely with engineering teams to ensure proper scan coverage and effective results
• Collaborate with application teams to ensure that any identified security vulnerabilities are remediated in a timely manner
• Research and explore new testing tools and methodologies
• Act as a mentor to the junior team members
• Actively participate in research and knowledge sharing discussions with broader Vulnerability Assessments organization
• Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions

Qualifications

• 6+ years' experience in Web Development, Source Code Review, and/or Application Security Testing in alignment with the additional requirements listed below
• Basic understanding of application security and associated vulnerabilities
• Enterprise Application Development background in Java/J2EE, C#, .NET
• Hands-on development experience with modern JavaScript frameworks, Python, JSON, and Lambda
• Firm understanding of the full SDLC including unit testing and code scanning
• Experience using ALM and CICD tools like Bitbucket, GitHub, Jenkins, UDeploy, BMC RLM, Tekton or related tools within the Agile methodology
• Familiarity with static analysis (source code review) and application pen-testing techniques
• Any experience using commercial enterprise automated security testing tools like Checkmarx, Snyk, AppScan Source, Fortify, Veracode, BlackDuck, Sonatype, Contrast, Seeker, NowSecure is a big plus
• Knowledge of mobile platforms and languages including Android, Kotlin, Objective-C, Swift is a plus
• Experience using or testing Cloud platforms (AWS, Google, Azure, etc.) is a plus
• Proven influencing and relationship management skills
• Consistently demonstrates clear and concise written and verbal communication

Education

• Bachelor’s degree in Information Technology, Computer Science, Software Engineering, related field, or equivalent experience
• Industry relevant certifications like CISSP, CSSLP, GIAC, CEH, or willingness to obtain within first year of employment
• Master’s degree is a plus

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Anticipated Posting Close Date:

View the " " poster. View the .

View the .

View the