Citi Group Senior API Security Vulnerability Analyst Hybrid 

United States, Florida, Tampa 

887739468

Overview of the Role

Whether you are an Application Developer looking to make the switch into the challenging, yet rewarding, world of information security, or you are an elite white-hat hacker, Citi is the place for you. Our team of world class, talented individuals, who are passionate about security, put their skills to the test every day on a global scale. At Citi, you will be exposed to all sorts of technologies on enterprise-scale, so hunger for knowledge and research is greatly appreciated and rewarded.

• Background is enterprise software development with expertise in technologies such as: Java/J2EE (Spring, Struts), .NET (ASP.NET, C#, Webflow, MVC, WebAPI), , JavaScript Frameworks (NodeJS, AngularJS), Web Applications, REST/SOAP APIs/Web Services, Mobile Applications, Thick Clients, Microservices Architecture based applications running on containers/cloud (GCP, AWS, Azure), or Blockchain and smart contracts implementations, then our application penetration testing team is the right place for you!

• Background is penetration testing with expertise in API security testing such as: hands-on ethical hacking using security tools (BurpSuite, AppScan), knowledge of OWASP Top 10 API Security Risks, OWASP Top 10, CWE/SANS Top 25, Threat Modeling, understanding microservice application architecture, design and functionalities with an interest in performing security reviews of diverse and challenging applications, then our application penetration testing team is the right place for you!

Core responsibilities include:

• Act as a subject matter expert in offensive information security performing dynamic and manual security assessments on APIs.

• Drive remediation by outlining a defense-in-depth approach to business stakeholders and providing strategic solutions to developers on effective preventive and detective security controls and counter measures, such as guardrail capabilities within a well-defined OpenAPI specification.

• Have strong technical writing and presentation skills to report and articulate the vulnerability assessment results to any audience.

• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.

• Must have or be willing to obtain Industry-accredited security certifications such as: BSCP, GWAPT, GPEN, OSCP, OSWE, CISSP, or other related certifications.

Education:

Master’s Degree with a minimum of 3 years of experience or a Bachelor’s Degree with a minimum of 5 years of experience

Anticipated Posting Close Date:

View the " " poster. View the .

View the .

View the