Application Security Technical Lead

Discover your future at Citi

Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.

Engineer the future of global finance. At Citi, our Tech team doesn’t just support finance – we are helping to redefine it. Every day, $5 trillion crosses through our network. We do business in 180+ countries operating at a scale few can match. From deploying advanced AI to helping shape global markets, we build systems that matter. Look to join a team where your work helps influence economies, your ideas can drive innovation and outcomes, and your growth is backed by mentorship, continuous learning and flexibility with potential hybrid work opportunities. Help solve real-world challenges that touch millions and get the opportunity to build the future of finance with Citi Tech.

The position is a cross-functional role that will be responsible for various Application Security program initiatives. The position reports directly to the Application Security Program Director. The successful candidate must be an individual who understands modern software development trends, understands engineering-led software security practices, and keeps up with the evolving cyber security threat landscape.

• Establish/manage multiple security programs that support the security testing requirements at the bank
• Forging and maintaining strong working relationships with development functions/teams, product delivery teams, project management, third party management, enterprise architecture, audit teams, etc.
• Participate in security and technology strategic planning to ensure identified risk governance is incorporated into the CISO enterprise strategy.
• In partnership with business sectors, run delegate action groups to provide recommendations to strengthen development processes and security testing
• Apropriately assess risk and provide software security advice when business decisions are made
• Interface with Application Security Program Team to oversee Program Projects and Initiatives and make strategic recommendations to senior manager on standards and policy changes

• Experience or deep knowledge of key activities within software security group such Threat Modeling / Application Risk Assessment, Vulnerability Assessments, Governance and Metrics, Training, etc.
• Pre-requisites for this position are a Bachelor\'s Degree with 4 - 6 years\' experience in web application development or application code review
• Experience must include experience as a technical lead or manager
• Knowledge of cloud computing concepts and DevOps tools (OpenShift, Kubernetes, Docker, Chef, etc)
• Experience using or testing cloud platforms (AWS, Google, Azure, etc) and security in/of the cloud
• Understanding of security, web-based and infrastructure vulnerabilities is required
• Experience in source code management, build and deployment technologies such as RLM, Ueploy, Jenkins, Artifactory, Maven, GitHub, etc
• Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience.
• Understanding of Snyk, Checkmarx, CDXGen, Dependency Track, Fortify, GitHub Advanced Security, Sonatype or Black Duck platform is a plus.
• Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected.
• Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential.
• Demonstrated knowledge of recognized security industry standards and leading practices (e.g., FFIEC, NIST, C2M2, ISO)
• Relevant professional certifications: GIAC, CISA, CISM, CRISC, CISSP or equivalent desired
• Effective strategic planning and execution abilities with exceptional planning and functional understanding of security industry operations, technologies and processes.

• Bachelor’s degree/University degree or equivalent experience
• Master’s degree preferred

By joining Citi London, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive base salary (which is annually reviewed), and enjoy a whole host of additional benefits such as:

• 27 days annual leave (plus bank holidays)
• A discretionary annual performance related bonus
• Private Medical Care & Life Insurance
• Employee Assistance Program
• Pension Plan
• Paid Parental Leave
• Special discounts for employees, family, and friends
• Access to an array of learning and development resources

Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self, every day. We want the best talent around the world to be energized to join us, motivated to stay and empowered to thrive.

Job Family Group: Technology

Job Family: Information Security

Time Type: Full time

Most Relevant Skills: Please see the requirements listed above.

Other Relevant Skills: For complementary skills, please see above and/or contact the recruiter.

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi. View Citi’s EEO Policy Statement and the Know Your Rights poster.