Vulnerability Assessments – Red Team (Vice President)

s
Company: CITI
Location: Fort Lauderdale, FL

Apply

The Red Team performs global intelligence-led exercises against people, process, and technology to improve Citi’s security posture. The Red Team challenges the organization to improve the effectiveness of Cyber Security by conducting exercises using the same Tactics, Techniques and Procedures (TTPs) as real adversaries. To be successful in this role, candidates are expected to act as subject matter experts in offensive security with a proven track record in exploitation, escalation of privileges, and lateral movement.

Day-to-Day Responsibilities:

  • Conduct global Red Team adversary simulations
  • Analyze cyber intelligence and design attack models for use against Citi
  • Act as thought leaders for addressing new security challenges such as IoT, cloud, robotics, and artificial intelligence.
  • Conduct vulnerability assessments and penetration tests (application and/or infrastructure) and articulate security issues to technical and non-technical audience
  • Identify, research, and validate known and unknown exploits on Citi infrastructure
  • Work closely with the Blue Team to identify gaps, address findings, and improve breach response
  • Act as advisors for the Blue Team during major events and hunt activities

Qualifications:

Pre-requisites for this position are at least a Bachelor’s Degree with 3 – 7 years of experience on most of the following:

  • Conducting vulnerability assessments and penetration testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
  • Identifying, researching, validating, and exploiting various different known and unknown security vulnerabilities on server and client side
  • Vulnerability Assessment tools, e.g. Nessus, Qualys, etc
  • Exploitation frameworks, e.g. Metasploit, CANVAS, Core Impact
  • Post-Exploitation Frameworks: Cobalt Strike, SILENTTRINITY, Covenant, Faction, Merlin, APfell, Red Team Toolkit, Voodoo
  • Social Engineering campaigns, e.g. email phishing, phone calls, SET
  • Deep understanding of OSI model
  • Security devices, e.g. Firewalls, VPN, AAA systems
  • OS Security, e.g. Unix, Linux, Windows, Cisco, etc
  • Understanding of common protocols, e.g. LDAP, SMTP, DNS, Routing Protocols
  • Web application infrastructure, e.g. Application Servers, Web Servers, Databases
  • Web development and programming languages i.e. Python, Perl, Ruby, Java, and/or .Net
  • Reporting information security vulnerabilities to businesses

Grade :All Job Level – All Job FunctionsAll Job Level – All Job Functions – US

Time Type :Full time

Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.

Citigroup Inc. and its subsidiaries (“Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity .

To view the “EEO is the Law” poster . To view the EEO is the Law Supplement .
To view the EEO Policy Statement .
To view the Pay Transparency Posting .