Finding the best job has never been easier
Share
The Role:
VP willexperience inthe following:
Responsibilities
Support Citi’s Red, Blue, and Purple Teams during the execution of offensive security assessment operations
Participate in advanced exploitation operations against a large global enterprise, including Red and Purple Team operations
opportunities to automate and standardize information security controls and for the supported groups
Resolve any vulnerabilities or issues detected in an application or infrastructure
Analyze source code to mitigate identified weaknesses and vulnerabilities within the system
Review andvalidateautomated testing results and prioritize actions that resolve issues based on overall risk
Scan and analyze applications with automated tools, and perform manual testing if necessary
requiredcorrective actions
inassessing
particular considerationfor the firm's reputation and safeguarding Citigroup, itsclientsand assets, by driving compliance with applicable laws,rulesand regulations, adhering to Policy, applying sound ethical judgmentregardingpersonal behavior, conduct and business practices, and escalating,managingand reporting control issues with transparency
Qualifications
+ years’ experience or equivalent knowledge and exposure arewith most of the following:
in attack surface management
Leveraging the MITRE ATT&CK Framework
Helping to conductAdversary Emulations or Assumed Breach Exercises
Familiarity with industry Adversary Emulation Frameworks like PTES, CBEST,iCAST, GFMA
Knowledge of tools and processes used to expose known and undocumented vulnerabilities invarious different
Assisting withPurple Team Testing
Participation in Cyber Tiger Team operations
Helping withVulnerability Assessments and Penetration Testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
, researching,validating, and exploitingvarious different, known, and unknown security vulnerabilities on the server and client side
Red Team testing tools: Cobalt Strike, Red Team Toolkit, etc.
Vulnerability Assessment tools: Nessus, Qualys, etc.
Exploitation frameworks: Metasploit, CANVAS, Core Impact
Social Engineering campaigns: email phishing, phone calls, SET
understanding of OSI model
Security devices: Firewalls, VPN, AAA systems
OS Security: Unix/Linux, Windows, OSX
Understanding of common protocols: HTTP, LDAP, SMTP, DNS
Web application infrastructure: Application Servers, Web Servers, Databases
Web development and programming languages: Python, Perl, Ruby, Java,.Net
Reporting information security vulnerabilities to the business
Education:
Bachelor’s degree/University degree or equivalent experience
Industry-accredited security certifications highly preferred but notrequired(e.g.PNPT, OSCP, OSCE, GXPN, GPEN, GCIH, GWAPT, GCFA, or CISSP)
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as
Time Type:
View the " " poster. View the .
View the .
View the
These jobs might be a good fit