Application Penetration Tester (Assistant Vice President)

Whether you’re at the start of your career or looking to discover your next adventure, your story begins here. At Citi, you’ll have the opportunity to expand your skills and make a difference at one of the world’s most global banks. We’re fully committed to supporting your growth and development from the start with extensive on-the-job training and exposure to senior leaders, as well as more traditional learning. You’ll also have the chance to give back and make a positive impact where we live and work through volunteerism.

Citibank serves as a trusted advisor to our retail, mortgage, small business and wealth management clients at every stage of their financial journey. Through Citi's Access Account, Basic Banking, Citi Priority, Citigold and Citigold Private Client, we offer an array of products, services and digital capabilities to clients across the full spectrum of consumer banking needs worldwide.

We’re currently looking for a high caliber professional to join our team as AVP Application Penetration Tester based in Singapore. Being part of our team means that we’ll provide you with the resources to meet your unique needs, empower you to make healthy decision and manage your financial well-being to help plan for your future. For instance:

If your background is penetration testing with expertise in application security such as: hands‑on ethical hacking using security tools (Burp Suite, AppScan and etc.), knowledge of OWASP Top 10, CWE/SANS Top 25, Threat Modeling, understanding application architecture, design and functionalities, then our application penetration testing team is the right place for you!

This team specializes in conducting vulnerability assessments on a variety of Citi applications (Web, Mobile, Thick Client, and APIs) by performing automated scan and manually identifying, researching, validating, and exploiting various known and unknown application security vulnerabilities. Core responsibilities include:

• Act as a subject matter expert in offensive information security performing grey and black box application reviews, programming, networking, operating systems, and databases.
• Drive remediation by outlining a defense‑in‑depth approach to business stakeholders and providing strategic solutions to developers on effective security controls and counter measures.
• Have strong technical writing and presentation skills to report and articulate the vulnerability assessment results to any audience.
• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.
• Must have or be willing to obtain Industry‑accredited security certifications such as: GIAC GWAPT, GPEN, OSCP, CISSP

An ideal candidate will have strong foundation on information security and experienced in application vulnerability assessment. However, irrespective of your current role, if you have a Bachelor’s Degree with a minimum of 2 years of experience and meet most of the above listed requirements, then don't miss this opportunity to join our growing team of expert ethical hackers.

#LI-Hybrid

Technology

Information Security

Full time

Please see the requirements listed above.

For complementary skills, please see above and/or contact the recruiter.

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.