---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Threat Analyst
Location: Fort Lauderdale, Florida, United States
Type: Permanent F/T
Closing Date: 2006-10-20
This position can be located in Fort Lauderdale, FL or Warren, NJ
Citigroup Technology Infrastructure (CTI) contains the Vulnerability Assessment
(VA) process. The scope includes all Citigroup business functions,
subsidiaries, managed facilities and service provider arrangements including
Citigroup branded and co-branded internet-based applications. Additionally, it
covers initial deployment of internet-based applications (product, services and
technology platforms) and internet-facing applications obtained through merger
and acquisition. In addition the new policy manadates the testing of Top Tier
Intranet websites.
The Vulnerability Assessment team is responsible for providing VA services to
all Citigroup businesses globally. The Citigroup Information Security Standards
(CISS) and the Citigroup Application Vulnerability Assessment guidelines (CAVA)
requires that all websites be tested in accordance with the requirements
specified in these documents. Internal Vulnerability Assessments (officially
recognized by CAVA) allow businesses to satisfy the majority of VA requirements
without using a costly external service provider. With the release of the
second version of the CAVA document (projected date June 5th, 2006), there will
be additional tests required by the Internal VA team on an annual basis. We are
eager to take advantage of this large cost savings opportunity going forward.
As a member of the Vulnerability Assessment team, the analyst will be
responsible for providing vulnerability assessment services to Citigroup
businesses globally using a comprehensive testing process. The Vulnerability
Assessment process is comprised of manual testing procedures and specialized
tools. The candidate must be a skilled professional who knows how to identify
weaknesses and vulnerabilities within a system. This individual should be
knowledgeable of tools and processes used to expose common vulnerabilities and
those used by security professionals for implementing countermeasures. The
majority of the team has achieved industry standard security and hacking
certifications (CISSP, CEH and GIAC).
The Vulnerability Assessment team is responsible for testing the overall
security of an application. This includes a review of the website to ensure
compliance with internal policies and industry standards.
JOB REQUIREMENTS
---------------------------------------------------
Will consider an entry level candidate with a technical Bachelor's degree or a
candidate with the following experience:
*3-5 years of experience in web development. *Knowledge and experience with
programming languages such as Java, XML, Perl and HTML.
*An understanding of security and web based vulnerabilities.
*Experience conducting vulnerability assessments and articulating security
issues to both a technical and non-technical audience.
*Industry accredited security certifications are required. The candidate must
have or be willing to obtain all of the following certifications, CISSP, CEH
and GIAC.
*Must have excellent communication skills (written and verbal) and have the
ability to communicate with all levels of staff and management.
CONTACT
---------------------------------------------------
To be considered, please visit www.careers.citigroup.com and type "06038367" in
the keword field to locate the position and apply on-line.
Citigroup
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
