Vulnerability Assessments Analyst - Red Team Dev Sec Ops - AVP

Vulnerability Assessments Analyst - Red Team, AVP (C12)

The Role:

The Red Team DevOps Analyst - Red Team, AVP will design, manage, and support Red Team infrastructure that drives complex engagements. The candidate will additionally support the on-going Red Team and Purple Team programs and is expected to take an active hands-on role in focusing on reducing technical overhead through design simplification, orchestration, and automation.

In addition, this role will expose the DevOps analyst to complex Red Team operations in a fast-paced environment where the ability to perform under pressure is key to success.

Responsibilities

• Support existing Red Team lab infrastructure, and build out new requirements to align with exercise requirements

• Ensuring effective design, safe and secure deployment, continued patching and assurance of these systems from cradle to grave

• Manage keys, and user access to systems within the lab

• Manage logging and auditing of user access to infrastructure and tooling within the lab

• Manage risk appropriately for mission critical, and sensitive systems

• Develop and maintain automation scripts for rapid deployment, configuration management, and gold images

• Demonstrate consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency

Qualifications

4+ years’ experience or equivalent knowledge and exposure are required with most of the following:

• Understanding and able to deploy and orchestrate virtualized systems

• Understanding and ability to apply secure network design concepts, systems hardening, and RBAC/AAA

• Familiarity with common network and host security and logging platforms and products such as firewalls, VPNs, EDRs, SIEMs

• Familiarity with logging, log forwarding, and resource monitoring of deployed services and infrastructure

• Familiarity with CI/CD concepts and how it can be applied with Infrastructure as Code.

• Understanding and ability to develop automation and maintain scripts such as terraform, ansible, chef/puppet to deploy and management systems at scale

• Hands on experience and functional experience in deploying common C2 frameworks such as Sliver, and Mythic

Education:

• Bachelor’s degree/University degree or equivalent experience

• Industry-accredited security certifications highly preferred but not required

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.