Cloud Security Threat Modeler Senior Analyst (AVP)

Engineer the future of global finance

Overview : Citi Tech supports finance and helps redefine it. Our network handles about $5 trillion daily across 180+ countries. We deploy advanced AI and build scalable systems that matter, with mentorship, continuous learning, and flexible hybrid work opportunities.Overview of Chief Information Security Office (CISO) : The Chief Information Security Office (CISO) ensures the safety of Citi''s clients, revenue, employees, and data. We manage information security as an end-to-end program anchored to modern control and architectural frameworks, aligned with the enterprise architecture and integrated into sectors and functions.Overview of the RoleCiti is looking for a security-focused person with a strong understanding of cybersecurity principles to join the Cloud Threat Modeling team. Using threat modeling, you will identify threats and specify mitigating controls to reduce Citi’s risk in the public cloud.ResponsibilitiesPerform threat modeling using a documented processDevelop automation tools as requiredMaintain high standards in identifying threats and specifying mitigating controlsManage the lifecycle of identified threats and controlsDeliver threat models and supporting tasks within existing timeframesProvide feedback, support, and improvements to the threat modeling processPresent work to seniors, the team, and other technical groupsQualificationsExtensive

experience in a

Cybersecurity

roleProven experience with

Jira

or other similar ticketing systemsStrong understanding of security best practices related to

Authentication ,

Authorization ,

Logging/Monitoring ,

Encryption ,

Infrastructure Security , and

Network SegmentationExperience with scripting languages (e.g.,

Python ,

Bash ,

PowerShell ) or Infrastructure as Code tools (e.g.,

Terraform ,

CloudFormation )Familiarity with threat modeling methodologies (e.g.,

STRIDE ,

PASTA ,

Attack Trees ,

MITRE ATTandCK ) and tools ( IriusRisk ,

ThreatModeler ,

Microsoft Threat Modeling Tool )Ability to identify vulnerabilities using

CWE

or

OWASP

frameworksWorking knowledge of operating systems (e.g.,

Windows ,

Linux ) and hardening practicesFamiliarity with development concepts such as

CI/CD

pipelines and

SDLCWorking knowledge of cloud platforms (e.g.,

AWS ,

Azure ,

GCP )Ability to design and review technical architecturesStrong analytical skills, diligence, and attention to detailExcellent documentation skillsAbility to collaborate with diverse teamsExcellent written and verbal communication skillsContinuous learning and staying up-to-date with new technologiesProven ability to build relationships across cross-functional teamsPreferred QualificationsProven experience focused on Threat ModelingExperience with

Docker ,

Kubernetes ,

Serverless

technologies (e.g.,

AWS Lambda ,

Azure Functions ,

Google Cloud Functions ), and

Helmfamiliarity with

CDK

and

GitOps

principlesExperience supporting or performing

Penetration Testing

activities (e.g., vulnerability scanning, network penetration testing, web/mobile testing)Experience with

Snowflake ,

MongoDB ,

Terraform Cloud ,

GitHub , or

DatabricksExperience in regulated environments (e.g., financial services)Ability to think like an attacker and anticipate threatsPreferred CertificationsCertifications are desirable but not required. Examples include:Cloud Certifications : AWS Cloud Practitioner, AWS Solutions Architect Associate, Google Cloud Professional Cloud Architect, Microsoft Azure Solutions Architect Expert, Microsoft Azure Administrator Associate, CompTIA Cloud+Cybersecurity Certifications : CompTIA Security+, (ISC)² Secure cybersecurity, GIAC GSEC, ISACA CSXWhat we can offer youBy joining Citi, you will have a hybrid work model (up to 2 days remote per week) and receive a competitive base salary plus a range of benefits, including:27 days annual leave (plus bank holidays)Discretionary annual bonusPrivate medical care and life insuranceEmployee assistance programPension planPaid parental leaveEmployee discountsLearning and development resourcesVisit Citi’s Global Benefits page to learn more. Citi is an equal opportunity employer and makes hiring decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected characteristic. If you require accommodations to apply, see Accessibility at Citi. View Citi’s EEO Policy Statement and Know Your Rights ..... full job details .....