External Vendor Vulnerability Assessments Lead

This role will provide a unique and rewarding experience in the world of information security and how penetration testing engagements are carried out. Our team of world class, talented people, who are passionate about security, put their customer service skills to the test every day on a global scale. At Citi, you will be exposed to all sorts of technologies on an enterprise-scale, so hunger for knowledge and research as to how things work is greatly appreciated and rewarded.

The primary focus of this role is coordinating and interfacing directly with our internal clients, third-party penetration testing vendors to ensure the penetration testing occur as per expectations meeting Citi's requirements, methodology etc. Another key responsibility would be to work with Bug Bounty vendors to help onboard applications, triage, report and drive Root Cause analysis for vulnerabilities identified by external Researchers.

Core responsibilities include:

• Serve internal clients by providing information related to ongoing vulnerability assessments.

• Liaise with and engage with third-party vendor management activities

• Be the central liaison between businesses and the external vendor testing team, acting as a collaborator to provide updates to both businesses and the third-party vendors as it relates to ethical hack engagement.

• Help Onboard applications for the Vulnerability Disclosure Program for Citi and drive awareness around the program for Citi

• Triage, Test, Report and perform Root Cause analysis for vulnerabilities identified by external researchers as part of the Vulnerability Disclosure and Bug Bounty program

• Act as an application security subject matter expert to assist both businesses and ethical hack vendors during vulnerability discussions.

• Focus on and drive quality as it relates to the information submitted by the businesses who are requesting VA services and ensuring that the provided information is accurate and complete.

• Focus on maintaining a high level of operational oversight with all vendors and ongoing VA activities in order to ensure that engagements are progressing forward with the right level of attention.

• Have strong communication skills in order to effectively set expectations to our internal clients and ensure that they have a clear understanding of what is their responsibility in this process and what may be pending resolution.

• Have strong technical writing and presentation skills to articulate the vulnerability assessment process end-to-end to any audience.

• Have strong reporting and research skills to create and execute reports that highlight trends and potential opportunities for enhanced oversight activities.

• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.

An ideal candidate will have the ability to solve problems, understand internal client requests as it pertains to vulnerability assessments, provide accurate and concise information in order to ensure responsibilities are clear and in-line with our standards. This position requires a bachelor’s degree with a minimum of 3 years of experience in penetration testing. Additional experience in working knowledge of GRC tools such as RSA Archer, or creating documents containing technical information related to the application for the requested VA service is a plus.

Experience in the below is expected as well:

- Security Certifications such as GWAPT, CEH

- Bachelor's in computer science or related university degrees

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Primary Location:

------------------------------------------------------

Primary Location Full Time Salary Range:

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Most Relevant Skills

------------------------------------------------------

Other Relevant Skills

------------------------------------------------------

Anticipated Posting Close Date:

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.