Vulnerability Assessments Analyst
6 days ago
The Role:
The Vulnerability Assessments Analyst - Red Team, A VP will participate in the Adversary Emulation program by emulating cyber and criminal threat actors targeting Citi. The candidate will conduct Intelligence-led Red Team Testing and Penetration Testing targeting people, process, and technology. The candidate may also conduct regulatory driven Red Team Testing. To be successful in this role, the ideal candidate will have some experience in the following:
Responsibilities
Support Citi’s Red, Blue, and Purple Teams during the execution of offensive security assessment operations.
Participate in advanced exploitation operations against a large global enterprise, including Red and Purple Team operations.
Identify opportunities to automate and standardize information security controls and for the supported groups.
Resolve any vulnerabilities or issues detected in an application or infrastructure.
Analyze source code to mitigate identified weaknesses and vulnerabilities within the system.
Review and validate automated testing results and prioritize actions that resolve issues based on overall risk.
Scan and analyze applications with automated tools, and perform manual testing if necessary.
Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions.
Assist the development and delivery of secure solutions by coordinating with business and technical contacts.
Assist in assessing risk when making business decisions.
Demonstrate particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.
Qualifications
2+ years’ experience or equivalent knowledge and exposure are required with most of the following:
Assisting in attack surface management.
Leveraging the MITRE ATT&CK Framework.
Helping to conduct Adversary Emulations or Assumed Breach Exercises.
Familiarity with industry Adversary Emulation Frameworks like PTES, CBEST, iCAST, GFMA.
Knowledge of tools and processes used to expose known and undocumented vulnerabilities in various different systems.
Assisting with Purple Team Testing.
Participation in Cyber Tiger Team operations.
Helping with Vulnerability Assessments and Penetration Testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience.
Identifying, researching, validating, and exploiting various different, known, and unknown security vulnerabilities on the server and client side.
Red Team testing tools: Cobalt Strike, Red Team Toolkit, etc.
Vulnerability Assessment tools: Nessus, Qualys, etc.
Exploitation frameworks: Metasploit, CANVAS, Core Impact.
Social Engineering campaigns: email phishing, phone calls, SET.
An understanding of OSI model.
Security devices: Firewalls, VPN, AAA systems.
OS Security: Unix/Linux, Windows, OSX.
Understanding of common protocols: LDAP, SMTP, DNS.
Web application infrastructure: Application Servers, Web Servers, Databases.
Web development and programming languages: Python, Perl, Ruby, Java, .Net.
Reporting information security vulnerabilities to the business.
Education:
Bachelor’s degree/University degree or equivalent experience.
Industry-accredited security certifications highly preferred but not required (e.g. PNPT, OSCP, OSCE, GXPN, GPEN, GCIH, GWAPT, GCFA, or CISSP).
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
Job Family Group:
Technology
Job Family:
Information Security
Time Type:
Full time
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review
Accessibility at Citi .
View the " EEO is the Law " poster. View the
EEO is the Law Supplement .
View the
EEO Policy Statement .
View the
Pay Transparency Posting .
#J-18808-Ljbffr
-
Vulnerability Research Analyst
5 days ago
Singapore MANPOWER STAFFING SERVICES (SINGAPORE) PTE LTD Full timeRoles & ResponsibilitiesVulnerability Research AnalystResponsibilities:Research and analyze newly published security vulnerabilities to assess their severity and potential impact on the organization's systems and infrastructure. Conduct proof of concept testing for identified vulnerabilities to validate their existence and understand their exploitation...
-
IT Information Security Risk Analyst
2 weeks ago
Singapore RECRUIT HAUS PTE. LTD. Full timeRoles & ResponsibilitiesResponsibilities: Analyst to identify, analyse, and mitigate cybersecurity risks in our systems and networks Execution of risk assessments, vulnerability analyses and development of risk management strategies Ensure security and integrity of our systems and data by identifying and managing potential cybersecurity risksRisk...
-
Vulnerability Management Specialist
1 day ago
Singapore TIKTOK PTE. LTD. Full timeWe are seeking a talented Vulnerability Management Specialist to join our Global Security Organization at TikTok PTE. LTD. As a key member of our team, you will be responsible for analyzing, assessing, compiling, and prioritizing vulnerabilities to document and communicate mitigation recommendations.Responsibilities:Analyze and assess vulnerabilities to...
-
Vulnerability Management Specialist
2 weeks ago
Singapore MANPOWER STAFFING SERVICES (SINGAPORE) PTE LTD Full timeRoles & ResponsibilitiesResponsibilities:Prepare the Vulnerability Management plan and execute it through all the phases of Vulnerability Management Lifecycle. Ensures that the Vulnerability scans are scheduled, configured in tool, and are executed as per the schedule. Conducts periodical discovery of IT Assets and ensures that identified assets are...
-
Vulnerability Management Specialist
2 weeks ago
Singapore TRINITY CONSULTING SERVICES PTE. LTD. Full timeRoles & Responsibilities· 8 -10 years of IT experience with 4-7 years of IT Security experience and 4+ years of experience in managing Vulnerability Management process for an enterprise.· Working & hands-on experience in managing Vulnerability Management process;· Strong technical understanding and experience assessing vulnerabilities and identifying...
-
Vulnerability Management Specialist
2 weeks ago
Singapore TRINITY CONSULTING SERVICES PTE. LTD. Full timeRoles & Responsibilities· 8 -10 years of IT experience with 4-7 years of IT Security experience and 4+ years of experience in managing Vulnerability Management process for an enterprise.· Working & hands-on experience in managing Vulnerability Management process;· Strong technical understanding and experience assessing vulnerabilities and identifying...
-
Vulnerability Management Specialist
2 weeks ago
Singapore MANPOWER STAFFING SERVICES (SINGAPORE) PTE LTD Full timeRoles & ResponsibilitiesJob scopesResponsible for preparing the Vulnerability Management Plan and the executes plan through all the phases of Vulnerability Management Lifecycle. Ensures that the Vulnerability scans are scheduled, configured in tool and are executed as per the schedule. Any failure of scans is to be investigated and schedule to rerun. ...
-
Vulnerability Management Specialist
2 weeks ago
Singapore MANPOWER STAFFING SERVICES (SINGAPORE) PTE LTD Full timeRoles & ResponsibilitiesJob scopes Responsible for preparing the Vulnerability Management Plan and the executes plan through all the phases of Vulnerability Management Lifecycle. Ensures that the Vulnerability scans are scheduled, configured in tool and are executed as per the schedule. Any failure of scans is to be investigated and schedule to rerun. ...
-
Vulnerability Management Expert
1 week ago
Singapore SCIENTE CONSULTING PTE. LTD. Full timeRoles & ResponsibilitiesJob SummaryVulnerability Management Expert is an individual role within the Data Security Services team and will be responsible for owning the Vulnerability Management. The individual is supported by platform teams for remediation actions.Mandatory Skill-set10 -12 years of IT experiencewith 6-8 years of IT Security experienceand 5+...
-
Singapore IKAS INTERNATIONAL (ASIA) PTE. LTD. Full timeRoles & ResponsibilitiesWe are looking to speak to Cyber Security candidates with good experience in Vulnerability Management You will be part of the Data Security Services team and will take ownership of Vulnerability Management. The individual will receive support from platform teams for implementing remediation actions.Responsibilities Vulnerability...
-
Singapore IKAS INTERNATIONAL (ASIA) PTE. LTD. Full timeRoles & ResponsibilitiesWe are looking to speak to Cyber Security candidates with good experience in Vulnerability Management! You will be part of the Data Security Services team and will take ownership of Vulnerability Management. The individual will receive support from platform teams for implementing remediation actions.Responsibilities Vulnerability...
-
Security Analyst
6 days ago
Singapore Manpower Staffing Services (S) Pte Ltd - Head Office Full timeThe candidate will be responsible for assessing the security performance of sites and facilities, tracking security programs and operations, and for executing tactical initiatives set forth by Regional Security Manager. Position will reside in Singapore. Responsibilities: Conduct Security Architecture Review and Testing on Cloud and Emerging Technologies. ...
-
Vulnerability Management Specialist
2 weeks ago
Singapore MANPOWER STAFFING SERVICES (SINGAPORE) PTE LTD Full timeRoles & ResponsibilitiesResponsibilities: Prepare the Vulnerability Management plan and execute it through all the phases of Vulnerability Management Lifecycle. Ensures that the Vulnerability scans are scheduled, configured in tool, and are executed as per the schedule. Conducts periodical discovery of IT Assets and ensures that identified assets are...
-
Vulnerability Management Expert
2 weeks ago
Singapore SCIENTE INTERNATIONAL PTE. LTD. Full timeRoles & ResponsibilitiesResponsibilitiesVulnerability Management Expert is an individual role within the Data Security Services team and will be responsible for owning the Vulnerability Management. The individual is supported by platform teams for remediation actions.The position is pivotal for driving the process with various cross-functional (transverse)...
-
IT Information Security Risk Analyst
2 weeks ago
Singapore RECRUIT HAUS PTE. LTD. Full timeRoles & ResponsibilitiesResponsibilities:Analyst to identify, analyse, and mitigate cybersecurity risks in our systems and networks Execution of risk assessments, vulnerability analyses and development of risk management strategies Ensure security and integrity of our systems and data by identifying and managing potential cybersecurity risksRisk...
-
Cybersecurity SOC Analyst
2 weeks ago
Singapore SPADE CONSULTING AND SERVICES PTE. LTD. Full timeRoles & ResponsibilitiesAnalyst would be part of 24x7 Cyber Security Operations function to perform security monitoring and incident response, data loss prevention, vulnerability management, threat intelligence and threat hunting. Perform monitoring, research, assessment and analysis on alerts from SIEM tools. Follow pre-defined actions to investigate...
-
Analyst -
5 days ago
Singapore Citi Full timeThe Role: The Vulnerability Assessments Analyst - Red Team, A VP will participate in the Adversary Emulation program by emulating cyber and criminal threat actors targeting Citi. The candidate will conduct Intelligence-led Red Team Testing and Penetration Testing targeting people, process, and technology. The candidate may also conduct regulatory driven...
-
Cybersecurity SOC Analyst
2 weeks ago
Singapore SPADE CONSULTING AND SERVICES PTE. LTD. Full timeRoles & ResponsibilitiesAnalyst would be part of 24x7 Cyber Security Operations function to perform security monitoring and incident response, data loss prevention, vulnerability management, threat intelligence and threat hunting. Perform monitoring, research, assessment and analysis on alerts from SIEM tools. Follow pre-defined actions to investigate...
-
Cybersecurity SOC Analyst
1 week ago
Singapore SPADE CONSULTING AND SERVICES PTE. LTD. Full timeRoles & ResponsibilitiesAnalyst would be part of 24x7 Cyber Security Operations function to perform security monitoring and incident response, data loss prevention, vulnerability management, threat intelligence and threat hunting. Perform monitoring, research, assessment and analysis on alerts from SIEM tools. Follow pre-defined actions to investigate...
-
IT Security Operations Center Analyst
1 week ago
Singapore LANTU EMPLOYMENT AGENCY PTE. LTD. Full timeRoles & ResponsibilitiesRole DescriptionThis is a full-time on-site role for a SOC L1 Analyst located in Singapore.Responsibilities:Monitoring and analyzing security events, identifying potential threats, conducting investigations, and responding to security incidents Work closely with the end client SOC team to ensure the timely and effective detection,...
