Vulnerability Assessments Analyst Budapest, Hungary 09/16/2019 hos Citi

Pardon our dust! We are enhancing our application system to improve the Citi recruitment experience. Due to this upgrade you may be asked to create a new profile when you apply for a new job. If you submitted an application prior to July 21st you can view the status of your application and manage your documents via the Manage Existing link in the Create/Manage Profile drop down in the top right corner of this page.

Job Purpose

Citi's Vulnerability Assessment (VA) team is responsible for providing Vulnerability Assessment services to all Citi businesses and technology teams globally. The duties of a VA analyst will include manual and automated testing through a defined testing process. The analyst will be identifying weaknesses and vulnerabilities within the Citi infrastructure and applications. Recommend countermeasures to business contacts and developers to resolve identified issues during ethical hacking. Commercial and open source vulnerability assessment tools/utilities are leveraged during these assessments.

Job Background

The technical analyst role is in the Budapest team, which is part of a larger global team responsible for providing vulnerability assessment to all business within Citi.


  • Providing vulnerability assessment and penetration testing services to Citi businesses globally through a comprehensive testing process
  • Identifying weaknesses and vulnerabilities within the system and proposing countermeasures.
  • Testing of the overall security of critical infrastructure components and applications to ensure they comply with internal policies, security architecture best practices, and industry standards
  • Scanning and discovering rouge hosts, networks, and devices
  • Scanning and discovering vulnerable systems and applications
  • Reporting information security vulnerabilities to businesses.


  • The candidate is expected to already be familiar with the majority of the below tools:
  • Experience in Web development and programming languages i/e Java/J2EE (Servlets/JSPs, STRUTS, Spring Flow, JavaServer Faces, Hibernate, JDBC, Enterprise Java Beans)

  • Vulnerability Assessment tools, e.g. Nessus, Qualys, etc
  • Exploitation frameworks, e.g. Metasploit, CANVAS, Core Impact
  • Social Engineering campaigns, e.g. email phishing, phone calls, SET
  • Deep understanding of OSI model
  • Security devices, e.g. Firewalls, VPN, AAA systems
  • OS Security, e.g. Unix, Linux, Windows, Cisco, etc
  • Understanding of common protocols, e.g. LDAP, SMTP, DNS, Routing Protocols
  • Web application infrastructure, e.g. Application Servers, Web Servers, Databases
  • Web development and programming languages i.e. Python, Perl, Ruby, Java, and/or .Net

The following requirements are a plus as we are willing to invest in training and development in the security and vulnerability space:
  • Conducting application vulnerabilities assessments and articulating security issues to technical and non-technical audience
  • Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures
  • Experience using open source and vendor vulnerability assessment tools
  • Background in a similar role
  • Understanding enterprise networks


  • Education Level Required: Bachelor's Degree
  • 3-5 years’ experience in ethical hacking

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
  • ------------------------------------------------ Grade :All Job Level - All Job FunctionsAll Job Level - All Job Functions - HU
  • ----------------------------------------------------- Time Type :Full time
  • -----------------------------------------------------

Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity CLICK HERE.
To view the "EEO is the Law" poster CLICK HERE. To view the EEO is the Law Supplement CLICK HERE.
To view the EEO Policy Statement CLICK HERE.
To view the Pay Transparency Posting CLICK HERE.

Kom ihåg att ange att du hittade dette via MyCareer