Generative AI Security Engineer
About Citi:
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.
Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.
About our Team:
The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients', our revenue, our employees and our proprietary data. We manage information security as one end-to end program – one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions.
Citi has an extensive and robust AI program, with strong global partnerships and business activities in progress. We view Generative AI as a significant opportunity, one we want to move quickly and embrace, but also one we want to embed security principles and engineering excellence into early. The security engineer reports into the CISO organization with dedicated functional alignment to Citi’s Generative AI enablement group to enable close, collaborative strategic work to jointly design, engineer and run the capabilities needed to enable Gen AI and protect Citi and our assets.
Key Responsibilities -
Work within a dedicated security engineering function that accelerates and delivers creative and secure capabilities to unlock the value of Gen AI
Perform security assessments including threat modelling and security integration of Gen AI platforms and business solutions. Ensure that security design and controls are consistent with organization's security architecture principals.
Perform model input and output security including prompt injection and security assurance
Provide thought leadership and creativity to mature Gen AI security governance embedding into our existing cyber security risk appetite framework
Build internal and external networks to ensure alignment across programs, industry best practices, and to maintain current knowledge regarding cybersecurity threats and risks. Communicate with peers, regulators, law enforcement etc., when necessary.
Understand the current external threat environment and advise relevant stakeholders on the appropriate courses of action, promoting security as an enabler for business innovation and digitization, including the evaluation and recommendation of technical controls. Leverage threat intelligence to enhance engineering and operations
Identify, assess, track and report on security issues identified in supplier/third-party due diligence processes, self-assessments, architectural reviews, application testing, vulnerability scans, bug bounty programs, penetration testing, change management, cyber exercises, reviews and audits. Technically advise stakeholders on recommendations and remediation/mitigation plans.
Ideate and leverage Gen AI to solve cybersecurity problems at scale for Citi
Support Global Information Security policies, standards, and initiatives development and implementation by representing in different Citi action groups such as Delegated Action Groups (DAG).
Partner with CISO engineering and Gen AI engineering organizations, directly embedded, in both leading and supporting capacities
Qualifications include:
7+ years of Information Security experience in areas of Information/Application Security
5+ years of experience performing security engineering
Detailed understand of application and data security, AI, machine learning, data science
Demonstrated knowledge of software development processes (SLDC/Agile/Iterative/DevOps)
Experience of delivering security solution architecture from end-to-end.
Threat modelling using industry standard methodologies (e.g. STRIDE/DREAD)
Security architecture assessments for one or more IT systems such as Web, Mobile, APIs/Microservices, Cloud (AWS/GCP/Azure/Oracle)
Experience developing Reference Security Architecture and Design Patterns to support proactive and automated controls
Demonstrated experience with cyber engineering and operations, which could include devsecops and MLsecops
A demonstrated knowledge of information security standards, rules and regulations related to information security and data confidentiality and other various security standards and policies.
Ability to understand not only emerging industry trends as far as cyber security is concerned, but also the landscape of emerging threats, making appropriate adjustments within the ICG program.
Ability to operate effectively across a highly matrixed, global business environment.
Good leadership, strategic thinking, and large-scale planning abilities.
Good interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex IS topics
Excellent problems solving abilities and analytical skills
Ability to apply a broad and comprehensive understanding across multiple functional areas.
Strong work ethic, and an excellent use of discretion and judgment.
Ability to organize, prioritize, and lead multiple deliverables simultaneously across a large, global corporate environment.
Education:
- Bachelor’s degree/University degree or equivalent experience
- Master’s degree preferred
-------------------------------------------------
Job Family Group:
Technology-------------------------------------------------
Job Family:
Systems & Engineering------------------------------------------------------
Time Type:
Full time------------------------------------------------------
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View the "EEO is the Law" poster. View the EEO is the Law Supplement.
View the EEO Policy Statement.
View the Pay Transparency Posting