Senior DevSecOps Analyst - Cloud Security Operations

Discover your future at Citi

Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.

Job Overview

The Cloud Security Operations team works in a multi-disciplinary team of teams driving cyber security services and solutions to enable Citi to securely adopt private, hybrid, public cloud and SaaS platforms. This role is one of the primary security interfaces with development teams, architects, engineers, and operational teams involved in cloud-related projects. Our operating model emphasizes DevSecOps, that is, automation, integration, and agility based on Security as a Service / Security as Code concepts.

Responsibilities:

• End to end security assurance activities in (AWS/GCP/Azure) including Vulnerability Assessments, Purple Team exercises (Red and Blue team collaboration) to identify areas of risk and ensure any gaps are documented and remediated.

• Provide threat modeling and risk assessment services to characterize the risk and severity posture of various systems and components in the cloud environment.

• Partner with Engineering and Operations teams to create, implement, and apply DevSecOps practices and processes that are consumed by developers across all sectors in Citi.

• Develop and enhance existing processes through automation.

Qualifications:

Candidates should have knowledge of the tools and processes to provide operational security support to our cloud ecosystem.

Pre-requisite for this position is 3-4 years of experience in most of the following areas:

• Offensive Security-oriented mindset (threat-modeling, vulnerability assessment, penetration testing, etc.)

• Hands-on experience with cloud platforms

• Excellent understanding of cloud security concepts/best practices in various cloud Service Providers (for example: AWS, GCP, Azure)

• Familiarity with the current threat landscape of public cloud platforms. Understanding of recent breaches, APTs and common TTPs used to attack these platforms

• Familiarity with securing containers and container orchestration frameworks (such as Kubernetes)

• Understanding of MITRE ATT&CK

• Programming/scripting languages a plus (Python and PowerShell preferred, but not required)

• Ability to deliver presentations to technical and non-technical individuals

• Fluency in English

Education:

• Bachelor's Degree or equivalent working experience

• Candidates must possess or be open to pursuing one or more of the following industry-accredited certifications within the 1st year of employment:

  • Cloud security certifications: Azure Security Engineer Associate, Microsoft 365 Certified Security Administrator Associate, AWS Security Specialty, GCP Professional Cloud Security Engineer, etc.

  • Container/Kubernetes certifications: CKA, CKAD, CKS, etc.

  • Other security certifications: CEH, OSCP, OSCE, GCPN, etc.

What we can offer you:

By joining Citi Hungary, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive compensation package and enjoy a whole host of additional benefits that support you (and your family) to be well, live well and save well:

• Cafeteria Program

• Home Office Allowance (for colleagues working in hybrid work models)

• Paid Parental Leave Program (maternity and paternity leave)

• Private Medical Care Program and onsite medical rooms at our offices

• Pension Plan Contribution to voluntary pension fund

• Group Life Insurance

• Employee Assistance Program

• Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed

• Flexible work arrangements to support you in managing work - life balance

• Career progression opportunities across geographies and business lines

• Socially active employee communities with diverse networking opportunities

Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self every day.  We want the best talent around the world to be energized to join us, motivated to stay, and empowered to thrive. 

Sounds like Citi has everything you need? Then apply to discover the true extent of your capabilities.

#LI -OD1

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Most Relevant Skills

Please see the requirements listed above.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.