External Vendor Vulnerability Assessments Lead

Discover your future at Citi

Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.

Job Overview

Overview

This role will provide a unique and rewarding experience in the world of information security and how penetration testing engagements are carried out. Our team of world class, talented people who are passionate about security, put their customer service skills to the test every day on a global scale. At Citi, you will be exposed to all sorts of technologies on an enterprise-scale, so hunger for knowledge and research as to how things work is greatly appreciated and rewarded.

The primary focus of this role is coordinating and interfacing directly with our internal clients, third-party penetration testing vendors to ensure the penetration testing occur as per expectations meeting Citi's requirements, methodology etc. Another key responsibility would be to work with Vulnerability Disclosure vendors to help onboard applications, triage, report, research and drive Root Cause analysis for vulnerabilities identified by external Researchers. Additionally, developing automation with collaboration software would be an additional plus.

Core Responsibilities:

• Be the central liaison between Citi businesses and the external vendor testing team, acting as a collaborator to provide updates to both businesses and the third-party vendors as it relates to the penetration test.
• Onboard applications, Triage, Test, Report and perform Root Cause Analysis for vulnerabilities identified by external researchers as part of the Vulnerability Disclosure Program for Citi
• Develop automation to integrate with collaboration tools such as Atlassian, GRC etc.
• Act as an application security subject matter expert to assist both businesses and ethical hack vendors during vulnerability discussions.
• Focus on and drive quality as it relates to the information submitted by the businesses who are requesting VA services and ensuring that the provided information is accurate and complete.
• Focus on maintaining a high level of operational oversight with all vendors and ongoing VA activities in order to ensure that engagements are progressing forward with the right level of attention.
• Have strong communication skills in order to effectively set expectations for our internal clients and ensure that they have a clear understanding of what their responsibility is in this process and what may be pending resolutions.
• Have strong technical writing and presentation skills to articulate the vulnerability assessment process end-to-end to any audience.
• Have strong reporting and research skills to create and execute reports that highlight trends and potential opportunities for enhanced oversight activities.
• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.

Education:

• Bachelors in computer science or related university degrees
• Security Certifications: GWAPT, CEH Etc

An ideal candidate will have the ability to solve problems, understand internal client requests as they pertain to vulnerability assessments, and provide accurate and concise information to ensure responsibilities are clear and in-line with our standards. A candidate with a background in software development is preferred. This position requires a bachelor’s degree with a minimum of 3 years of experience in penetration testing. Additional experience in working knowledge of GRC tools such as RSA Archer or creating documents containing technical information related to the application for the requested VA service is a plus.

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Primary Location:

Irving Texas United States

------------------------------------------------------

Primary Location Full Time Salary Range:

$96,400.00 - $144,600.00

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Most Relevant Skills

Please see the requirements listed above.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Anticipated Posting Close Date:

Sep 01, 2025

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.