Red Team Senior Analyst - C13/VP

Join to apply for the Red Team Senior Analyst - C13/VP role at Citi . Get AI-powered advice on this job and more exclusive features. The Role: The Vulnerability Assessments Senior Analyst - Red Team, VP will participate in the Adversary Emulation program by emulating cyber and criminal threat actors targeting Citi. The candidate will conduct Intelligence-led Red Team Testing and Penetration Testing targeting people, process, and technology. The candidate may also conduct regulatory driven Red Team Testing. To be successful in this role, the ideal candidate will have verifiable experience in executing reconnaissance and attack surface mapping techniques. Responsibilities Support Citi’s Red, Blue, and Purple Teams during the execution of offensive security assessment operations. Present the outcome of Red and Purple Team Testing to senior management and support the Blue Team with remediation efforts by acting as an SME and retesting findings. Establish meaningful partnerships with relevant stakeholders across the enterprise to build and maintain a comprehensive model of applicable, feasible threats, and risks to the business. Participate in advanced exploitation operations against a large global enterprise, including Red and Purple Team operations. Identify opportunities to automate and standardize information security controls. Resolve vulnerabilities or issues detected in applications or infrastructure. Analyze source code to mitigate vulnerabilities within the system. Review and validate automated testing results and prioritize actions based on risk. Scan and analyze applications with automated tools, and perform manual testing if necessary. Reduce risk by analyzing root causes and impacts of issues. Coordinate with business and technical contacts to develop and deliver secure solutions. Assess risks when making business decisions. Drive compliance with laws, regulations, and policies, and report control issues transparently. Qualifications 5 years’ experience or equivalent knowledge, including: Attack surface management assistance Leveraging the MITRE ATT&CK Framework Leading or conducting Adversary Emulations or Assumed Breach Exercises Knowledge of industry frameworks like PTES, CBEST, iCAST, GFMA Tools for exposing vulnerabilities (e.g., Nessus, Qualys) Security testing tools like Cobalt Strike, Metasploit Understanding of OSI model and security devices Proficiency in OS (Unix/Linux, Windows, OSX) and protocols (HTTP, LDAP, SMTP, DNS) Web infrastructure and programming languages (Python, Perl, Ruby, Java, .Net) Education Bachelor’s degree or equivalent; Master’s preferred. Security certifications (PNPT, OSCP, OSCE, etc.) are highly preferred but not required. This description provides a high-level overview of the role. Other duties may be assigned as needed. J-18808-Ljbffr

Location: Singapore, SG

Posted Date: 6/5/2025