About Citi:

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.

Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.

The Role:

The Threat Modeler, SVP will perform security review of proposed architectures for cloud use cases to assess and evaluate known risks and negative patterns before presenting recommendations in gherkin formatted stories.

This position requires close collaboration and partnership with Security Engineering, SOC/IR, Program Management, and the Global Threat Modeling team.

The goal of the Global Threat Modeling Program is to provide a structured approach to technical risk modeling that is aligned with SDLC approach and codified controls. Furthermore, the program is meant to facilitate streamlining cloud adoption while complying with Citi standards and regulations.

Responsibilities:

• Review cloud use case architecture to ensure we design confidentiality, integrity, resiliency, and privacy into cloud platform
• Identify security risks in an architecture and translate that risk into actionable tasks that engineering teams and SOC/IR teams can easily digest to build codified solutions
• Interact with security engineering and SOC/IR teams to ensure controls are meeting the intended goal ensuring the ongoing process remains effective
• Collaborate with Global Threat Modeling teams to synergize on risk identification, process improvement, team feedback
• Cultivate controls catalog and continually update catalog so that teams can ensure no duplication is created in automated controls
• Evaluate 3rd party Cloud services, systems, tools and solutions
• Collaborate with sector development organizations as well as security engineering and testing teams in a leadership and advisory capacity
• Continually self-study to keep up to date on new threat and attack methods
• Ability to write gherkin/behave/python will be necessary (will train if necessary)
• Provide effective leadership and subject matter expertise in Information Security topics to senior management, technology and business partners

Qualifications:

• Minimum of 5 years' application security experience working with OWASP and NIST security standards and frameworks
• Strong knowledge of industry standards as they relate to Cloud and Application security management to include ISO, NIST, and Cloud Security Alliance (CSA)
• 5+ years' experience working in an Information Security domain
• 3+ years’ experience in Cloud/App Security related fields
• Ability to perform architectural, design, and code reviews with a focus on security best practices
• Complete understanding of application security engineering principles as applied in the support of and integration with key business and strategic priorities
• Knowledge and experience with threat modeling, and risk assessments
• Experience with modern SDLC including CI/CD pipelines, cloud architecture, API economies, and container deployment.
• Experience Modern authentication and authorization mechanisms such as OpenID, OAuth, SAML
• Experience using Security testing methodologies, tools and techniques - understanding of common cloud and application security vulnerabilities and controls to remediate these weaknesses
• Ability to write in gherkin/behave/python is strongly preferred (will train if needed)
• Self-motivated with the ability to work independently and as a team member with minimal direction
• Record of accomplishment in managing work to achieve milestones on global projects on time and within budget in a fast-paced environment
• Strong exposure to Agile development, DevOps, SecOps and Scrum teams
• Hands-on-experience with cloud security designs on AWS, GCP or Azure
• Strong desire to learn and contribute solutions and ideas to broader team
• Build and maintain collaborative relationships with partners, clients and peers
• Ability to communicate effectively at different levels of the organization, and with various technical and business audiences
• Ability to explain technical jargon to non-technical business partners
• Ability to demonstrate threats or risks via live demo or written narrative

Education:

• Bachelor’s Degree in Information Security/Computer Science/Electronics and Engineering/Information Technology, or equivalent work experience required
• Master’s Degree preferred
• Security Certifications like CISSP, CCSP, CISA, CISM, ITIL strongly preferred
• Cloud Computing certifications like CCSK, AWS, Azure, and GCP strongly preferred

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

-

Job Family Group:

Technology

-

Job Family:

Systems & Engineering

-

Time Type:

Full time

-

Primary Location:

New York New York United States

-

Primary Location Salary Range:

$164,310.00 - $246,460.00

-

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting