Citi Group Cloud Security - Threat Model Architect VP C13 

United States, Texas, Houston 

853629949

The Role:

Citi is looking for a security centric professional with a firm understanding of cybersecurity principles to work on the Cloud Threat Modeling team. Using threat modeling, you will identify threats and specify mitigating controls that will directly reduce the risk of Citi operating in the Public Cloud.

Responsibilities

• Review Cloud architectures to identify security threats using a documented process
• Maintain a high standard of work in identifying threats and specifying mitigating controls
• Attending to the lifecycle of identified threats and controls
• Delivery of threat models and supporting tasks within existing timeframes
• Provide feedback, support, and improvements to the existing threat modeling process
• Present work to seniors, the team, and other technical teams
• Train newer members of the team
• Development of automation tools as required
• Work with little supervision to complete work

Qualifications

• Minimum requirementof 5 years' experience working on Cloud technology with at least 3 years' experience in Cybersecurity/Information Security
• Strong experience with Cloud Security architecture in Cloud environments (AWS, Azure/M365, GCP)
• Exposure to and firm understanding of Threat Modeling (STRIDE, PASTA, MITRE Att&ck, Attack trees, tooling, etc.) in Cloud environments (AWS, Azure/M365, GCP)
• Exposure to security practices pertaining to authentication, authorization, logging/monitoring, encryption, infrastructure security, network/segmentation
• Jira or other ticketing systems
• Strong understanding of scripting languages, Infrastructure as Code (Terraform, CloudFormation/CFT)
• Exposure to design and ability to review technical architectures
• Identifying vulnerabilities using CWE or OWASP
• Certification requirements as detailed below

Education

• Bachelor's degree in computer related field or equivalent work experience
• Ideal candidate is expected to have afoundationalorpractitionerlevel cloud certification from either AWS, GCP or Azure

Associate level cloud certification

• AWS Certified Developer, AWS Certified Solutions Architect, AWS Certified SysOps Administrator
• CompTIA Cloud+
• Google Associate Cloud Engineer or other professional GCP certification
• Oracle Cloud Infrastructure Certified Architect Associate, Oracle Cloud Infrastructure Certified Cloud Operations Associate
• Microsoft Certified: Azure Developer Associate

Associate or professional cybersecurity

• ISACA Certified Information Systems Auditor (CISA)
• GIAC Security Essentials (GSEC)
• ISC2 Systems Security Certified Practitioner (SSCP)
• CompTIA CySA+
• Microsoft Certified: Security Operations Analyst Associate; Information Protection Administrator Associate

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Anticipated Posting Close Date:

View the " " poster. View the .

View the .

View the