Responsibilities
- Perform full end-to-end security assurance activities in Azure/O365/M365 including Vulnerability Assessments (preproduction, post-production), Purple Team exercises (Red and Blue team collaboration) to identify areas of risk and ensure any gaps are documented and remediated
- Provide threat modeling and risk assessment services to characterize the risk and severity posture of various systems and components in the cloud environment
- Partner with Engineering and Operations teams to create, implement, and apply DevSecOps practices and processes that are consumed by developers across all sectors in Citi
Qualifications
3-5+ years' experience in most of the following areas:
- Absolutely required to have hands-on experience with Cloud platforms, specifically Azure/M365
- Excellent understanding of cloud security concepts/best practices in various cloud Service Providers (for example: Azure/M365)
- Offensive Security-oriented mindset (threat-modeling, vulnerability assessments, penetration testing, etc.)
- Familiarity with the current threat landscape which Microsoft Cloud exists in. Understanding of recent breaches, APTs and common TTPs used to attack these platforms
- Deep understanding of Entra ID: its features, risks, common misconfigurations and how it integrates with M365 and Azure
- Familiarity with securing containers and container orchestration frameworks (such as Kubernetes)
- Understanding of MITRE ATT&CK
- Programming/scripting language experience is a big plus (Python and PowerShell preferred but not required)
- Ability to deliver presentations to technical and non-technical individuals
Education
- Bachelor's Degree or equivalent working experience
- Candidates must possess or be open to pursuing one or more of the following industry-accredited certifications within the 1st year of employment:
Cloud security certifications:Azure Security Engineer Associate, Microsoft 365 Certified Security Administrator Associate, AWS Security Specialty, GCP Professional Cloud Security Engineer, etc.
Container/Kubernetes certifications:CKA, CKAD, CKS, etc.
Other security certifications:OSCP, OSCE, GXPN, GPEN, GCIH, GWAPT, etc.
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
Information SecurityFull timeFort Lauderdale Florida United States$117,440.00 - $176,160.00
Anticipated Posting Close Date:
May 30, 2024View the " " poster. View the .
View the .
View the