跳到主要內容

工作機會

COVID-19:

我們同事和求職者的健康和安全是我們的重中之重。 因此,花旗繼續密切監視COVID-19的情況。 我們已在全球範圍內對整個公司實施了預防措施,包括暫時地進行所有面對面面試,直到需要時另行通知。

Cloud Security Operations (Cloud SecOps) Lead Analyst (VP)

工作 ID 21374737 主要地點 Irving, Texas, Fort Lauderdale, Florida, Jacksonville, Florida, Virginia; 工作類別 Technology
立即申請
Job Description

About the Position:

The Cloud Security Operations team works in a multi-disciplinary team of teams driving cyber security services and solutions to enable Citi to securely adopt private, hybrid, and public Cloud platforms. This role is one of the primary security interfaces with development teams, architects, engineers, and operational teams involved in Cloud-related projects. Our operating model emphasizes DevSecOps, that is, automation, integration, and agility based on Security as a Service / Security as Code concepts.

Day-to-Day Responsibilities:

  • Partner with Engineering and Operations teams to create, implement, and apply DevSecOps practices and processes that are consumed by developers across all sectors in Citi.

  • Full end to end security assurance activities including Vulnerability Assessments (pre-production, post-production), Red Team end to end exercises, and Purple Team exercises (Read and Blue team collaboration) in order to identify areas of risk and ensure any gaps are documented and remediated.

  • Supplement Cloud monitoring tool(s) by adding new capabilities, security checks, and automation using the tool’s extension capabilities and/or the SDK/API

  • Provide threat modeling and risk assessment services to characterize the risk and severity posture of various systems and components in the Cloud environment.

  • Run Cloud Continuous Monitoring reporting/metrics governing all security compliance/hygiene issues across the entire Cloud ecosystem.

  • Support the implementation of Infrastructure as Code (IaC) security checks as part of the end to end Cloud Service enablement work stream.

  • Develop and Deploy security guardrails through reusable patterns using standardized development frameworks

  • Run and operate Breach and Attack Simulation (BAS) platform(s) to continually simulate, validate, and remediate potential attackers’ paths to critical Cloud assets.

  • Collect security-related operational metrics through automation and increase security visibility across the organization; measure the coverage and effectiveness of security tools; transparency over the security state of the Cloud)

Technical Skills:

- Bachelor's degree or equivalent work experience

- 6+ years of relative experience

- Candidates should have knowledge of the tools and processes to provide operational security support to our Cloud ecosystem.

- Hands-on experience with Cloud platforms (AWS, GCP, Azure, etc.)

- Excellent understanding of Cloud security concepts/best practices in various Cloud Service Providers (for example: AWS, GCP, Azure)

- Hands-on experience with cloud security tools and Security as a Service solutions (Redlock, Dome9, SiftSecurity, etc.)

- Familiarity with automation frameworks (Ansible, Terraform, Chef, Salt, Puppet, etc.)

- Familiarity with securing containers and container orchestration frameworks (such as Kubernetes)

- Fluent in one or more programming/scripting languages (Python preferred, but not required)

- Offensive Security-oriented mindset (threat-modeling, vulnerability assessments, pen testing, etc.)

- Industry-accredited certifications will be required. Candidates with Cloud security certifications (ex: AWS Certified Security – Specialty, GCP Professional Cloud Security Engineer, Azure Security Engineer Associate, etc.), non-security Cloud certifications (AWS SysOp Admin, AWS Solutions Architect Associate/professional, GCP Associate Cloud Engineer, GCP Professional Cloud Architect, etc.) and other security certifications (for example: OSCP,OSCE, GXPN,GPEN, GCIH, GWAPT, etc.) will be preferred.

- Candidates without certification must be willing to purse them during the course of employment.

#CISO

-------------------------------------------------

Job Family Group:

Technology

-------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting

-----------------------------

Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.

立即申請
  • 加入我們超過 200,000 人實力堅強的多元化團隊

  • 熱心公益的員工在 90 個國家/地區的社區擔任志工

  • 在超過 98 個市場擁有實體據點,提供富有意義的工作機會

我們培養一種文化,擁抱所有個體並鼓勵多元觀點,您可以發揮影響力並發展職業生涯。在 Citi,我們重視展現高度專業水準、有強烈道德感和慷慨大方、對知識充滿好奇又有活力的同事。我們了解擁有一份職業的重要性,且承諾您,若您擁有了,我們一定會提供長遠保障。

已儲存工作

您沒有保存的工作

瀏覽過的工作

您沒有瀏覽過的工作