Citi Group Red Team Senior Analyst - C13/VP 

Singapore, Singapore 

114931687

The Role:

Responsibilities

• Support Citi’s Red, Blue, and Purple Teams during the execution of offensive security assessment operations

• Present the outcome of Red and Purple Team Testing to senior management and support the Blue Team with remediation efforts by acting as an SME and retesting findings

• Establish meaningful partnerships with relevant stakeholders across the enterprise is a key function of this role to build andmaintaina comprehensive model of applicable,feasiblethreats, and risks to the business

• Participate in advanced exploitation operations against a large global enterprise, including Red and Purple Team operations

• opportunities to automate and standardize information security controls and for the supported groups

• Resolve any vulnerabilities or issues detected in an application or infrastructure

• Analyze source code to mitigate identified weaknesses and vulnerabilities within the system

• Review andvalidateautomated testing results and prioritize actions that resolve issues based on overall risk

• Scan and analyze applications with automated tools, and perform manual testing if necessary

• requiredcorrective actions

• Direct the development and delivery of secure solutions by coordinating with business and technical contacts

• Appropriately assess risk when making business decisions are made

• particular considerationfor the firm's reputation and safeguarding Citigroup, itsclientsand assets, by driving compliance with applicable laws,rulesand regulations, adhering to Policy, applying sound ethical judgmentregardingpersonal behavior, conduct and business practices, and escalating,managingand reporting control issues with transparency

Qualifications

5+ years’ experience or equivalent knowledge and exposure arewith most of the following:

• in attack surface management

• Leveraging the MITRE ATT&CK Framework

• Leading or conducting Adversary Emulations or Assumed Breach Exercises

• Familiarity with industry Adversary Emulation Frameworks like PTES, CBEST,iCAST, GFMA

• Knowledge of tools and processes used to expose known and undocumented vulnerabilities invarious differentsystems

• Leading or conducting Purple Team Testing

• Participation in Cyber Tiger Team operations

• Conducting Vulnerability Assessments and Penetration Testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience

• , researching,validating, and exploitingvarious different, known, and unknown security vulnerabilities on the server and client side

• Red Team testing tools: Cobalt Strike, Red Team Toolkit, etc.

• Vulnerability Assessment tools: Nessus, Qualys, etc.

• Exploitation frameworks: Metasploit, CANVAS, Core Impact

• Social Engineering campaigns: email phishing, phone calls, SET

• Deep understanding of OSI model

• Security devices: Firewalls, VPN, AAA systems

• OS Security: Unix/Linux, Windows, OSX

• Understanding of common protocols: HTTP, LDAP, SMTP, DNS

• Web application infrastructure: Application Servers, Web Servers, Databases

• Web development and programming languages: Python, Perl, Ruby, Java,.Net

• Reporting information security vulnerabilities to the business

Education:

• Bachelor’s degree/University degree or equivalent experience

• Master’s degree preferred

• Industry-accredited security certifications highly preferred but notrequired(e.g.PNPT, OSCP, OSCE, GXPN, GPEN, GCIH, GWAPT, GCFA, or CISSP)

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as