Digital Web & Mobile Security Senior Analyst

Social network you want to login/join with:

col-narrow-left

Other

-

Yes

col-narrow-right

ad8907583756

3

26.04.2025

10.06.2025

col-wide

The Digital Web & Mobile Security Senior Analyst is an intermediate level position responsible for leading efforts to prevent, monitor, and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

Responsibilities:

• Prevent and drive to clear the outstanding safety and soundness items by assessing and predicting potential risks before they become issues or escalations.
• Assess priorities across multiple safety and soundness items and drive those critical ones to resolution, similar to high-priority production issues, until closed.
• Drive safety and soundness items to closure across all teams, turning reactive issues into preventive measures.
• Operate independently, providing executive summaries for safety and soundness issues without requiring ongoing review.
• Review existing security architectures, identify gaps, and recommend enhancements.
• Advocate for application security architecture, communicating and educating on IS Architecture and roadmap.
• Develop security design patterns by identifying broader and emerging IS issues.
• Provide architecture consulting to project teams and other architects across the bank.
• Prioritize architecture deliverables and establish short-, mid-, and long-term plans, facilitating migration to reference architecture supporting strategic goals.
• Maintain understanding of business issues, procedures, and priorities.
• Seek opportunities to increase business and IT agility.
• Understand current and emerging security threats and adapt security architecture accordingly.
• Streamline or eliminate redundant processes in architecture, build, delivery, or operations areas.
• Share knowledge in forums (brown bags, engineering forums, etc.) and demonstrate expertise through industry certifications.
• Assess risks appropriately in business decisions, ensuring compliance with laws and regulations, safeguarding the firm's reputation, and escalating control issues transparently.

Qualifications:

Candidates should have deep expertise in application and data security, with a thorough understanding of infrastructure and network security. Requirements include:

• 5+ years of experience as an application security consultant or security expert.
• SME-level knowledge of web application vulnerabilities, business logic flaws, and threats.
• Hands-on understanding of application architectures and technologies, including web, mobile, identity, and access management.
• Experience with mobile application security, HTML5, Web Services/API assessment, and identity management is highly regarded.
• Understanding of industry and corporate standards for Information Security.
• Strong knowledge of current Internet and Mobile technologies with architectural expertise.
• Familiarity with security hacking tools and techniques.
• Excellent written and oral English communication skills.

Education:

• Bachelor’s/University degree or equivalent experience.

This job description provides a high-level overview of the work performed. Other duties may be assigned as required.