Job title: Application Security Engineering Lead
Job description: Safety and Soundness is part of the Personal Banking and Wealth Management Technology Engineering Risk & Controls and Transformation organization. Safety and Soundness (S&S) provides services and products to technology ensuring the oversight and execution of application security and technology governance, risk and compliance. As a member of S&S, you will be an integral member of the Engineering Risk & Controls and Transformation organization. S&S collaborates with other technology, risk and controls, and business leaders to identify and propose solutions that ensure strict adherence to Citi policies, standards, and regulatory commitments.
This position will work closely with technical and application development teams on a day-to-day basis. This position will be required to work collaboratively with development teams to assist with code and application design to ensure security standards are being met consistently.
- Experience with engineering secure application systems, application security architecture, version control, automated code testing, database, data de-identification / tokenization, cloud containerization, APIs, application threat modeling, encryption, secure application development, application controls, open-source software, and best practices for application security
- Ensure the security of application code releases with code reviews and automated code analysis tools
- Fine-tune application security static code analysis and dynamic code vulnerability assessment tools and associated processes
- Identify and track remediations for code and configuration vulnerabilities, ensuring that security fixes are applied on a timely basis
- Must be able to closely partner with peers in the engineering, infrastructure and devOps organizations to ensure security compliance with a ‘shift left’ mindset
- Perform technical security assessments, threat modeling, code audits, design reviews with engineers to ensure effective and secure development
- Review vulnerability and penetration testing, present assessments reports to clearly detail security findings and work with developers to remediates the issues found
- Analyze application security controls to identify gaps, mitigating/compensating controls, and recommend/implement appropriate means to mitigate security risks
- Participate throughout all phases of the system development life cycle process to ensure that security requirements are being met
- Identify and promote tools and processes to further application software quality and enhance SDLC activities
- Guide application penetration testing and attack simulation activities
- Be the primary security representative on SecDevOps teams
- Provide the subject matter expertise and advocate for the security controls needed for designing and enhancing application systems
- Partner with Citi Technology Infrastructure (CTI) to evaluate and recommend new products and technologies to address current and emerging IS risks affecting supported business (es).
- Provide guidance using expertise in technology platforms (Oracle, UNIX, etc.) and secure technology solutions (email encryption, access management tools, etc.).
- Collaborate with domain architects, project managers, and ISOs to provide technical IS expertise when needed.
- Lead information security assessments on cloud computing technologies; partnering with business and technology on migrating systems to cloud providers such as Amazon Web Services (AWS), Google Cloud, and RedHat Open Shift.
- Experience with Lean, Agile, and DevOps methodologies
- Experience with DevOps CI/CD tools, capabilities, and security integrations
- Communicate progress, anticipate bottlenecks, provide escalation management, identify, assess, track and mitigate issues/risks at multiple levels. Recognize discordant views and take part in constructive dialog to resolve them.
- Demonstrate the ability to implement continuous improvement and the induction of new technology. Demonstrate examples of influence in scrum teams beyond your own area of focus.
- Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm’s reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.
- 6-10 years of relevant experience in an Apps Development role with at least 5 or more years of experience in Information Security Management, Cybersecurity or Risk Management with focus on application and platform security.
- Working knowledge and experience with multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security)
- Subject Matter Expert (SME) experience with Secure Software Development Life Cycle (SSDLC) (e.g. risk assessments, threat modeling, static code analysis, code reviews and dynamic application scanning)
- Experience working with modern development practices (e.g. micro services, containers, orchestration, continuous integration & delivery pipelines)
- Working knowledge of enterprise Identify and Access Management solutions, (e.g. Federated Identity, Privileged Access management, Active Directory, Role Based Access Control)
- Experience working in regulated industries leveraging information security management frameworks and industry recognized best practice / standards (e.g. NIST, ISO, PCI, SOC)
- Experience working in a matrix environment across globally dispersed teams.
- Strong written and verbal communication skills in order to effectively community technology risk to business and other stakeholders.
- Strong problem solving, analytical skills in order to drive continuous improvement.
- Certifications a plus, i.e., CISSP, CCSP, CRISC, CISA
- Bachelor’s/University degree, Master’s degree preferred
Job Family Group: Technology
Job Family: Digital Software Engineering
Time Type: Full time
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries (“Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review .
View the ” ” poster. View the .
View the .
Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.
Location: Irving, TX
Job date: Mon, 19 Sep 2022 04:14:40 GMT