Senior API Security Vulnerability Analyst (Hybrid)

Senior API Security Vulnerability Analyst (Hybrid) 1401 WEST COMMERCIAL BOULEVARD FORT LAUDERDALE, United States Citi Citi is a leading global bank for institutions with cross-border needs, a global provider in wealth management and a U.S. personal bank. Citi has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. We provide consumers, corporations, governments, and institutions with a broad range of financial products and services. Ideal Candidate Whether you are an Application Developer looking to make the switch into the challenging, yet rewarding, world of information security, or you are an elite white-hat hacker, Citi is the place for you. Our team of talented individuals, who are passionate about security, put their skills to the test every day on a global scale. Background is penetration testing with expertise in API security testing such as: hands-on ethical hacking using security tools (BurpSuite, AppScan), knowledge of OWASP Top 10 API Security Risks, and understanding microservice application architecture. This team specializes in conducting various types of vulnerability assessments on a variety of Citi applications (Web, Mobile, Thick Client, and APIs) by manually identifying, researching, validating, and exploiting various known and unknown application security vulnerabilities. Core responsibilities include : Act as a subject matter expert in offensive information security performing dynamic and manual security assessments on APIs. Drive remediation by outlining a defense-in-depth approach to business stakeholders and providing strategic solutions to developers. Have strong technical writing and presentation skills to report and articulate the vulnerability assessment results. Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation. Must have or be willing to obtain Industry-accredited security certifications such as: BSCP, GWAPT, GPEN, OSCP, OSWE, CISSP, or other related certifications. An ideal candidate will have both a development and security background with knowledge of API gateway solutions such as Apigee, API Connect, etc. Additionally, experience in developing custom security scripts for offensive security tooling is a benefit. Education: Master's Degree with a minimum of 3 years of experience or a Bachelor's Degree with a minimum of 5 years of experience. ------------------------------------------------------ Job Family Group: Technology ------------------------------------------------------ Job Family: Information Security ------------------------------------------------------ Time Type: Full time ------------------------------------------------------ Primary Location: Fort Lauderdale, Florida, United States ------------------------------------------------------ Primary Location Full Time Salary Range: $117,440.00 - $176,160.00 ------------------------------------------------------ Anticipated Posting Close Date: Jan 14, 2025 ------------------------------------------------------ Citi is an equal opportunity and affirmative action employer. Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. #J-18808-Ljbffr

Created: 2025-03-01