Senior Infrastructure/Cloud Penetration Tester Senior Infrastructure/Cloud Penetration Tester …

in Singapore, Singapore, Singapore
Permanent, Full time
Last application, 03 Aug 20
in Singapore, Singapore, Singapore
Permanent, Full time
Last application, 03 Aug 20
Senior Infrastructure/Cloud Penetration Tester
Duties will include providing vulnerability assessment and penetration testing services to Citi businesses globally through a comprehensive testing process, as well as identifying weaknesses and vulnerabilities within the system and proposing countermeasures. Provide threat modeling and risk assessment services to characterize the risk and severity posture of various systems and components in the Cloud environment. Typical assignments will involve testing of the overall security of critical infrastructure components and applications to ensure they comply with internal policies, security architecture best practices, and industry standards; scanning and discovering rouge hosts, networks, and devices; and scanning and discovering vulnerable systems and applications.

Pre-requisites for this position are at least a Bachelor's Degree with 3 - 7 years of experience on most of the following:

- Offensive Security-oriented mindset (threat-modeling, vulnerability assessments, pen testing, etc.)
-       Conducting vulnerability assessments and penetration testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
-       Identifying, researching, validating, and exploiting various different known and unknown security vulnerabilities on server and client side
- Hands-on experience with Cloud platforms (AWS, GCP, Azure, etc.)
- Understanding of Cloud security concepts/best practices in various Cloud Service Providers (for example: AWS, GCP, Azure)
-       Vulnerability Assessment tools, e.g. Nessus, Qualys, etc
-       OS Security, e.g. Unix, Linux, Windows, Cisco, etc
-       Understanding of common protocols, e.g. LDAP, SMTP, DNS, Routing Protocols
-       Web application infrastructure, e.g. Application Servers, Web Servers, Databases
-       Web development and programming languages i.e. Python, Perl, Ruby, Java, and/or .Net
- Automation frameworks (Ansible, Terraform, Chef, Salt, Puppet, etc.)
- Containers and container orchestration frameworks (such as Kubernetes)

Industry-accredited security certifications will be required (the candidate must have or be willing to obtain all of the following certifications - GIAC GXPN, GPEN, GCIH, CISSP, and CEH). Candidates without certification must be willing to purse them during the course of employment. Knowledge of tools and processes used to expose known and undocumented vulnerabilities in various different systems.
Grade :All Job Level - All Job FunctionsAll Job Level - All Job Functions - SG ------------------------------------------------------
Time Type : ------------------------------------------------------
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity CLICK HERE .
To view the "EEO is the Law" poster CLICK HERE . To view the EEO is the Law Supplement CLICK HERE .
To view the EEO Policy Statement CLICK HERE .
To view the Pay Transparency Posting CLICK HERE .