Senior Application Security Architect (SASA) Cyber Defense (
Click the Facebook, Google+ or LinkedIn icons to share this job with your friends or contacts. Click the Twitter icon to tweet this job to your followers. Click the link button to view the URL of the job, which then can be copied and pasted into an e-mail or other document.
New Castle, DE 19720
Description: A Senior Application Security Architect (SASA) is one of the key positions in CISO technology IS organization. SASA is required to assess and manage technology risks and provide compliance guidance per Citi IS and application security standards and provide SME support to Technology Development Units in their development Lifecycle. The ICG Technology Information Security Team is responsible for managing risk and providing controls and compliance guidance and support to Technology Development Units by ensuring compliance with Citi standards, policies, and procedures, liaising with corporate IS and driving secure SDLC initiative for ICG sector. The team needs to expand its capability to ensure security requirements are assessed early in the development lifecycle and architecture/design of the application incorporates required security measures. The SASA will have strong technical acumen and should establish relationships with application managers, domain architects, project managers and corporate IS and other disciplines. You will join an elite team of some of the smartest minds in the business that have been tasked with performing threat modeling exercises and proposing technical controls for our top most critical applications to ensure that they are highly resilient from Internet-borne threats. You will work on some of the most cutting edge technologies and provide value by solving real world problems that our industry as a whole is facing. Your key stakeholders will be application development teams, our internal vulnerability assessment teams and the IS organization as a whole. Responsibilities: Key responsibilities for this role will be Work with the internal Applications Development function to drive the development of strategies and plans for improving both architecture and application security As part of proactive risk management agenda, engage in the initial security requirements definition cycle and conduct security reviews including Secure SDLC testing requirements throughout the development lifecycle for applications deployed on premise/ in cloud. Establish and drive the strategic direction for the Cloud security framework through partnerships with cloud engineering, operations and business. Maintain IS risk management framework and perform assessment of applications for emerging areas cloud security, Blockchain, etc. Assist with responsibilities over the technical strategy for an area, technical integrity of process, operations, and associated results Participate in the evaluation and selection of applications and systems with specific focus on IS implications Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm’s reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency. Identify new requirements / enhancements to information security standards, and processes Evaluate and recommend new and emerging vendor products and technologies to mitigate cyber risks Conduct and facilitate security reviews and table-top/red-team/scenario analysis exercises in conjunction with other Subject Matter Experts by monitoring changes in the risk profile and exposure for the application Qualifications: 10+ years of relevant experience Proven experience as Application Security Architect or Application Architect with Security knowledge is preferred Must be familiar and experienced in threat modelling practice for application or IT security Ideally candidate who has worked for a similar organization, with 5+ years of experience as application security consultant / security architect, with expertise in application security, cloud security, Blockchain, and Machine Learning projects Must have SME level knowledge of designing and implementing security guardrails for deploying applications in public Cloud environment (e.g. AWS, Google Cloud, Microsoft Azure) Strong knowledge and experience with security assessment of Blockchain Thorough understanding of industry and corporate technology standards for Information and Application Security Strong understanding of information security and risk analysis processes, including threat modeling. Software development experience is a plus Demonstrated ability to take ownership and work with cross functional teams to manage multiple projects simultaneously under pressure Advanced analytical and problem solving skills Consistently demonstrates clear and concise written and verbal communication as well as presentation skills for interaction with Sr leaders in Technology and business. Proficient in interpreting and applying policies, standards and procedures Industry certification such as CISSP, CCSP, and other vendor certification are highly preferred Education: Bachelor’s degree/University degree or equivalent experience Master’s degree preferred
-——————————————————————— Job Family Group: Technology -——————————————————————— Job Family: Information Security -—————————————————————————- Time Type: Full time -—————————————————————————- Citi is an equal opportunity and affirmative action employer. Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Citigroup Inc. and its subsidiaries (“Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi . View the " EEO is the Law " poster. View the EEO is the Law Supplement . View the EEO Policy Statement . View the Pay Transparency Posting
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.