Skip Navigation
open main navigation menu
city landscape

Jakie Ty zrobisz postępy?

The health and safety of our colleagues and candidates for employment are our highest priority. Accordingly, Citi continues to monitor the COVID-19 situation closely. We have implemented precautionary measures across our firm globally, including conducting all candidate interviews virtually on a temporary basis until further notice where needed.

Zaawansowane
Wyszukiwanie

Idź

Dopasuj swoje umiejętności

Pozwól nam szukać pracy dla Ciebie w oparciu o umiejętności i doświadczenie wymienione w swoim profilu LinkedIn.

Rozpocznij dopasowywanie

Szansa na karierę zawodową

Senior Application Security Architect (SASA) Cyber Defense (Remote work considered)

Locations: Tampa, Florida, New Castle, Delaware Job Function: Technology Employee Status: Regular Job ID: 20214690

Description:

A Senior Application Security Architect (SASA) is one of the key positions in CISO technology IS organization. SASA is required to assess and manage technology risks and provide compliance guidance per Citi IS and application security standards and provide SME support to Technology Development Units in their development Lifecycle.

The ICG Technology Information Security Team is responsible for managing risk and providing controls and compliance guidance and support to Technology Development Units by ensuring compliance with Citi standards, policies, and procedures, liaising with corporate IS and driving secure SDLC initiative for ICG sector. The team needs to expand its capability to ensure security requirements are assessed early in the development lifecycle and architecture/design of the application incorporates required security measures. The SASA will have strong technical acumen and should establish relationships with application managers, domain architects, project managers and corporate IS and other disciplines.

You will join an elite team of some of the smartest minds in the business that have been tasked with performing threat modeling exercises and proposing technical controls for our top most critical applications to ensure that they are highly resilient from Internet-borne threats. You will work on some of the most cutting edge technologies and provide value by solving real world problems that our industry as a whole is facing. Your key stakeholders will be application development teams, our internal vulnerability assessment teams and the IS organization as a whole.

Responsibilities:

Key responsibilities for this role will be

  • Work with the internal Applications Development function to drive the development of strategies and plans for improving both architecture and application security
  • As part of proactive risk management agenda, engage in the initial security requirements definition cycle and conduct security reviews including Secure SDLC testing requirements throughout the development lifecycle for applications deployed on premise/ in cloud.
  • Establish and drive the strategic direction for the Cloud security framework through partnerships with cloud engineering, operations and business.
  • Maintain IS risk management framework and perform assessment of applications for emerging areas cloud security, Blockchain, etc.
  • Assist with responsibilities over the technical strategy for an area, technical integrity of process, operations, and associated results
  • Participate in the evaluation and selection of applications and systems with specific focus on IS implications
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.
  • Identify new requirements / enhancements to information security standards, and processes
  • Evaluate and recommend new and emerging vendor  products and technologies to mitigate cyber risks
  • Conduct and facilitate security reviews and table-top/red-team/scenario analysis exercises in conjunction with other Subject Matter Experts by monitoring changes in the risk profile and exposure for the application

Qualifications:

  • 10+ years of relevant experience
  • Proven experience as Application Security Architect or Application Architect with Security knowledge is preferred
  • Must be familiar and experienced in threat modelling practice for application or IT security
  • Ideally candidate who has worked for a similar organization, with 5+ years of experience as application security consultant / security architect, with expertise in application security, cloud security, Blockchain, and Machine Learning projects
  • Must have SME level knowledge of designing and implementing security guardrails for deploying applications in public Cloud environment (e.g. AWS, Google Cloud, Microsoft Azure)
  • Strong knowledge and experience with security assessment of Blockchain
  • Thorough understanding of industry and corporate technology standards for Information and Application Security
  • Strong understanding of information security and risk analysis processes, including threat modeling.
  • Software development experience is a plus
  • Demonstrated ability to take ownership and work with cross functional  teams to manage multiple projects simultaneously  under pressure
  • Advanced analytical and problem solving skills
  • Consistently demonstrates clear and concise written and verbal communication as well as presentation skills for interaction with Sr leaders in Technology and business.
  • Proficient in interpreting and applying policies, standards and procedures
  • Industry certification such as CISSP, CCSP, and other vendor certification are highly preferred

Education:

  • Bachelor’s degree/University degree or equivalent experience
  • Master’s degree preferred

-------------------------------------------------

Job Family Group:

Technology

-------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting