Hispanic Technology Executive Council
Senior Application Security Analyst, Vice President
Hispanic Technology Executive Council, Irving, Texas, United States, 75084
Senior Application Security Analyst (VP)As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and, in our clients' best interests. Our
Enterprise Operations & Technology
teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do. We keep the bank safe and provide the technical tools our workers need to be successful. We design our digital architecture and ensure our platforms provide a first-class customer experience.Trust is part of our DNA at Citi. We take safeguarding our customer data very seriously. The Chief Information Security Office (CISO) is made up of deeply dedicated and talented colleagues who work together to ensure the safety of Citi's and our clients' assets and information. Our mission is to continually execute and enhance a global security program that is fully anchored to modern control and security frameworks.As a member of the AppSec team, your duties include interfacing with development organizations to onboard applications to our automated security testing platform and performing secure code review assessments using commercial static analysis tools like Checkmarx, Snyk, and Fortify. The team works in partnership with Global Information Security to roll out the Secure-SDLC across the Citi enterprise.Responsibilities:Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).Review and validate automated testing results and prioritize actions that resolve issues based on overall risk.Perform manual source code review for security vulnerabilities and analyze source code to mitigate identified weaknesses.Identify opportunities to automate and standardize information security controls.Write formal security assessment reports for each application.Direct the development and delivery of secure solutions by coordinating with business and technical contacts.Manage and execute security assessments for multiple projects simultaneously.Research and explore new testing tools and methodologies.Actively participate in research and knowledge sharing discussions.Assess risk when business decisions are made, demonstrating consideration for the firm's reputation.Qualifications:At least 5 years of relevant experience in web development, source code review, or application security testing.Basic understanding of application security and associated vulnerabilities.Development background in Java/J2EE, C#, .NET in an enterprise environment.Good understanding of the Software Development Life Cycle.Experience using ALM and CICD tools like Bitbucket, TFS, Jenkins, etc.Familiarity with static analysis and application pen-testing techniques.Experience using commercial enterprise automated security testing tools.Professional certifications, such as CISSP, CSSLP, GIAC, CEH, or willingness to obtain.Education:Bachelor's degree in technology, Computer Science, Engineering, or related field.Master's degree is a plus.About CitiCiti is a preeminent banking partner for institutions with cross-border needs, a global leader in wealth management, and a valued personal bank in its home market of the United States.Job Family Group:
TechnologyJob Family:
Information SecurityTime Type:
Full timePrimary Location:
Irving Texas United StatesPrimary Location Full Time Salary Range:
$125,760.00 - $188,640.00In addition to salary, Citi's offerings may also include competitive employee benefits. For additional information regarding Citi employee benefits, please visit citibenefits.com.Anticipated Posting Close Date:
Aug 21, 2024Citi is an equal opportunity and affirmative action employer.
#J-18808-Ljbffr
Enterprise Operations & Technology
teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do. We keep the bank safe and provide the technical tools our workers need to be successful. We design our digital architecture and ensure our platforms provide a first-class customer experience.Trust is part of our DNA at Citi. We take safeguarding our customer data very seriously. The Chief Information Security Office (CISO) is made up of deeply dedicated and talented colleagues who work together to ensure the safety of Citi's and our clients' assets and information. Our mission is to continually execute and enhance a global security program that is fully anchored to modern control and security frameworks.As a member of the AppSec team, your duties include interfacing with development organizations to onboard applications to our automated security testing platform and performing secure code review assessments using commercial static analysis tools like Checkmarx, Snyk, and Fortify. The team works in partnership with Global Information Security to roll out the Secure-SDLC across the Citi enterprise.Responsibilities:Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).Review and validate automated testing results and prioritize actions that resolve issues based on overall risk.Perform manual source code review for security vulnerabilities and analyze source code to mitigate identified weaknesses.Identify opportunities to automate and standardize information security controls.Write formal security assessment reports for each application.Direct the development and delivery of secure solutions by coordinating with business and technical contacts.Manage and execute security assessments for multiple projects simultaneously.Research and explore new testing tools and methodologies.Actively participate in research and knowledge sharing discussions.Assess risk when business decisions are made, demonstrating consideration for the firm's reputation.Qualifications:At least 5 years of relevant experience in web development, source code review, or application security testing.Basic understanding of application security and associated vulnerabilities.Development background in Java/J2EE, C#, .NET in an enterprise environment.Good understanding of the Software Development Life Cycle.Experience using ALM and CICD tools like Bitbucket, TFS, Jenkins, etc.Familiarity with static analysis and application pen-testing techniques.Experience using commercial enterprise automated security testing tools.Professional certifications, such as CISSP, CSSLP, GIAC, CEH, or willingness to obtain.Education:Bachelor's degree in technology, Computer Science, Engineering, or related field.Master's degree is a plus.About CitiCiti is a preeminent banking partner for institutions with cross-border needs, a global leader in wealth management, and a valued personal bank in its home market of the United States.Job Family Group:
TechnologyJob Family:
Information SecurityTime Type:
Full timePrimary Location:
Irving Texas United StatesPrimary Location Full Time Salary Range:
$125,760.00 - $188,640.00In addition to salary, Citi's offerings may also include competitive employee benefits. For additional information regarding Citi employee benefits, please visit citibenefits.com.Anticipated Posting Close Date:
Aug 21, 2024Citi is an equal opportunity and affirmative action employer.
#J-18808-Ljbffr