Red Team Junior Analyst

The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients', our revenue, our employees and our proprietary data. We manage information security as one end-to end program – one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions.

• Support Citi’s Red, Blue, and Purple Teams during the execution of offensive security assessment operations
• Participate in advanced exploitation operations against a large global enterprise, including Red and Purple Team operations
• Identify opportunities to automate and standardize information security controls and for the supported groups
• Resolve any vulnerabilities or issues detected in an application or infrastructure
• Analyze source code to mitigate identified weaknesses and vulnerabilities within the system
• Review and validate automated testing results and prioritize actions that resolve issues based on overall risk
• Scan and analyze applications with automated tools, and perform manual testing if necessary
• Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions
• Assist the development and delivery of secure solutions by coordinating with business and technical contacts
• Leveraging the MITRE ATT&CK Framework
• Helping with Vulnerability Assessments and Penetration Testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
• Proficiencies with Social Engineering Campaigns - phishing, vishing, smishing, etc.
• Understanding with OS Security: Unix/Linux, Windows, OSX
• Assist in assessing risk when making business decisions
• Demonstrate consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency

• 2+ years’ experience or equivalent knowledge and exposure with Network Penetration Testing Or Infrastructure pen testing
• Familiarity with industry Adversary Emulation Frameworks like PTES, CBEST, iCAST, GFMA
• Understanding of the OSI model
• Knowledge of tools and processes used to expose known and undocumented vulnerabilities in various systems
• Familiarity with Red Team testing tools: Cobalt Strike, Red Team Toolkit
• Familiarity with Vulnerability Assessment tools: Nessus, Qualys, etc.
• Familiarity with Exploitation frameworks: Metasploit, CANVAS, Core Impact
• Familiarity with OS Security: Unix/Linux
• Understanding of common protocols: HTTP, LDAP, SMTP, DNS
• Some Web development and programming experience: Python, Perl, Ruby, Java, .Net, etc.

• medical, dental & vision coverage
• 401(k)
• life, accident, and disability insurance
• wellness programs
• paid time off packages
• planned time off (vacation)
• unplanned time off (sick leave)
• paid holidays

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.