Security Engineer – Identity and Access Management (Cyber Security Services - Secrets Management) (Hybrid)

We are opening our doors for talented individuals who are passionate about Cyber Security, want to be part of innovation by implementing and driving cutting edge technologies within a world class organization.

If you have a strong background in Cloud or On-Prem hosted technologies and consider yourself a leader with excellent communication skills, have a wide variety of skillset including a firm grasp of operating systems, hands on scripting/programming, networking protocol implementation and various virtualization technologies, then Citi is a place for you to be, as we offer the environment where skills like these can thrive.

Responsibilities

• Manage various franchise critical security application Infrastructure, specifically in secrets and privileged access management domain.
• Own and drive the deployment (from scratch), maintenance and L3 support of managed applications.
• Collaborate with various internal and external stakeholders/support teams and product vendors to manage all the aspects of the support process.
• Gather product requirements, deploy solutions mapped to business needs and continuously evaluate to stay current with evolving requirements.
• Size and procure the required hardware/software for new deployments and collaborate with various teams like system admin, DBA and others to build the required Infra.
• Work with client applications to provide integration/onboarding guidance.
• Facilitate security assessments and remediation to ensure safety and soundness. 
• Document the product, process, and train L1/2 teams for BAU support.
• Automation of manual tasks and continuous review/upgrade of stale processes.
• Provide SME (Subject Matter Expert) support for the managed applications.
• Capacity, Performance and Stability reporting and Management.
• Lead initiative to develop/improve scripts and other programs for system monitoring and maintenance.
• Lead Infrastructure projects and facilitate security assessment and remediation for the infrastructure associated the applications in scope.
• Be responsible to assess the risk and associated impact of all operational issues and change events and react quickly to escalate to technology management in a timely manner when required.
• Continuously keep the Knowledge Share repository up to date.
• Work with demanding global partners within aggressive timelines; analyze and resolve technical problems with application, system and network.

Required Technical Skills:

• Hands-on experience working with Linux and Windows Servers
• Proficiency in one or more of these scripting languages – Python, Unix Shell, Perl & PowerShell scripting.
• Experience/basic understanding of CHEF, Ansible, CI/CD.
• Good grasp of networking concepts and protocols
• DevOps/DevSecOps/SRE experience
• Experience with Web Servers/Application deployment
• Experience interacting with Web APIs using various protocols and framework (E.g. REST)
• Experience with RDBMS or NoSQL databases from application programmer’s perspective. Understanding of how to interface with these databases, analyze & write complex queries/procedures.
• Understanding of containerization and associated technologies like Kubernetes/OpenShift.

Qualifications and Additional Skills

• 6-10 years of relevant experience
• Bachelor’s degree/University degree or equivalent experience
• Master’s degree preferred
• Excellent written and verbal communication skills
• Ability to work across all levels of the organization.
• Must have good analytical skills
• Strong customer and quality-focus
• Sound problem resolution, judgment, and decision-making skills
• Excellent organizational, interpersonal and project management skills
• Ability to work well individually and as part of a team

Good to Have

• Experience managing PAM services including CyberArk and HashiCorp Vault would be a big plus.
• Hands on experience with IGA including SailPoint & Omada Identity
• Programming experience in Python, Core Java, Perl, .NET languages
• SRE/DevSecOps Foundation Certification
• CyberArk Sentry, HashiCorp Vault Associate
• Cloud Certifications including AWS, GCP and Azure
• Security Certifications like CISM, CISSP, CISA, CompTIA Security+ / CASP+
• Operating System certifications like MCSA (Windows Server), RHCSA, RHCE, CompTIA Server+

-------------------------------------------------

Job Family Group:

Technology

-------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting