Citi Group Senior Infrastructure Penetration Tester VP C13 

United States, Florida, Tampa 

914123252

Responsibilities

• Provide VulnerabilityAssessment/PenetrationTesting services to Citi businesses globally through a comprehensive testing process
• Participate in special projects ranging from rush testing of critical components to architecture reviews with sister teams to “shift-left“
• Serve as an SME for Infrastructure Penetration Testing in cross-functional efforts/projects
• Participate in the enhancement of testing processes and methodologies
• Identify weaknesses and vulnerabilities within the system, exploit them and propose countermeasures
• Validation of the overall security of critical infrastructure components and applications to ensure they comply with internal policies, security architecture best practices, and industry standards
• Scan systems and applications, leverage initial results to build a subsequent attack methodology and execute effectively
• Report Information Security vulnerabilities to businesses in an actionable manner

Qualifications

• 3-5 years' of relevant experience required in Offensive Security with a history of gradually expanding experience including network and overall infrastructure pentesting
• Strong hands-on experience with VulnerabilityAssessment/Enumerationtools, e.g., Tenable Nessus, Qualys VM, OSS enumeration tools
• Demonstrate hands on experience with penetration testing tools i.e. Kali suite, open-source tooling, Living Off The Land(OS)
• Deep understanding of TCP/IP, Infrastructure stacks(i.e. 3 tier, segmented environments)
• Demonstrable experience working effectively in Enterprise environments
• Understanding of defensive security principles with an ability to demonstrate offensive opportunities
• OS and Network Security Experience, e.g. Unix, Linux, Windows, Cisco, etc.
• Understanding of common protocols, e.g. DNS, SMTP, SNMP, LDAP, Routing Protocols
• Hands-on experience with MITRE ATT&CK Framework or similar
• Experience with TTP’s, IOC’s and advanced threat analysis
• Threat Mapping experience
• Scripting (Bash, Python, etc.)
• Reverse Engineering / Exploit Development
• Designexperience/understandingoninfrastructure/systems(enterprise a big plus)
• Exceptional interpersonal skills and a proven track record of working effectively with globally diverse teams
• Ability to understand new and emerging technologies rapidly to keep up with an ever changing threat landscape
• Ability to effectively document and explainexploits/vulnerabilitiesto technical and non-technical audiences including to senior leadership
• Demonstrable proficiency in producing comprehensive penetration testing reports with actionable recommendations

Education

• Bachelor's Degree or equivalent work experience
• OSCP, OSCE, GXPN, CREST preferred or similar demonstrable experience
• Nice to have:CCNP, CISSP, TOGAF/SABSA, Microsoft/Linux Certifications

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Anticipated Posting Close Date:

View the " " poster. View the .

View the .

View the