Job Description :
Vulnerability Assessment - Team 6


Duties include providing deep-dive application vulnerability assessment services to Citi businesses globally through a comprehensive testing process, as well as identifying weaknesses and vulnerabilities within the system and proposing/implementing countermeasures. Typical assignments will involve in-depth testing of the security of critical applications and discover possible gaps through use threat model, source code review, application behavior analysis, and other security framework or best practices, e.g. OWASP, OSSTMM, NIST publications, SANS/CWE. The candidate will be expected to act as a subject matter expert in offensive information security specialized in web programming and applications technology.


Pre-requisites for this position are at least a Bachelor''s Degree with 3 - 10 years of experience on most of the following:

- Strong knowledge of web development and programming languages e.g. Java, .NET, Python, etc.
- Strong knowledge of web application technology, e.g. Application Servers, Web Servers, Databases
- Conducting vulnerability assessments and penetration testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
- Identifying, researching, validating, and exploiting various different known and unknown security vulnerabilities on server and client side
- Experience conducting one or more of the following functions::
1) Application vulnerability assessments
2) Source code review
3) Application architecture reviews or threat modeling

Industry-accredited security certifications will be required (the candidate must have or be willing to obtain all of the following certifications – GIAC GWAPT, GPEN, GXPN, OSCP, and CISSP Articulating security issues to technical and non-technical audience is a plus. In addition, knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected. Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential.

Client : Financial Services