AppSec Jobs
← Back to all jobs

Citi

Vulnerability Research (Principal Application Security Analyst - Senior Vice President)

Singapore, SingaporeWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Citi

Citi, officially known as Citigroup Inc., is a prominent global financial institution founded in 1812 and headquartered in New York. Operating in nearly 100 countries and 160 markets, Citi has a rich history of innovation, including the introduction of the world's first ATM. The company has grown through significant mergers, such as with Travelers Group in 1998, and has a strong focus on international expansion and consumer services. Citi offers a wide range of financial services for consumers, corporations, governments, and financial institutions. Its Institutional Clients Group (ICG) operates in over 100 countries, providing services in banking, capital markets, advisory, and treasury solutions. Additionally, Citi is involved in consumer and corporate banking, investment banking, and social finance, with a commitment to sustainable development in underserved markets. The company emphasizes building long-term relationships and delivering exceptional customer service across its diverse client base.

Industry

financial services

Employees

229,000

11026 engineers

Revenue

$168B

Website

Visit →

Security at Citi

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Citi emphasizes "shifting left"and automated testing in the software lifecycle.
  • Citi leaders have publicly framed supply chain security and secure ingestion of OSS as AppSec priorities, exemplified by the Continuous Secure Software Ingestion (CSSI) project.

Security Team

  • Jonathan Meadows leads cloud security and application security functions at Citi.
  • Roberto Armenteros is listed as "Head of Vulnerability Assessments, AppSec and Cloud SecOps".
  • Job postings indicate AppSec responsibilities include resolving vulnerabilities and automating security controls.
  • James Holland and other AppSec practitioners are involved in supply chain and application security work.

Key Initiatives

  • Citi has contributed tooling and processes for software supply chain security by donating a security kit to OpenSSF.
  • The Continuous Secure Software Ingestion (CSSI) project, presented by James Holland, is a "policy driven system built on Tekton & Open Policy Agent (OPA)"to automate OSS ingestion checks.
  • Citi also participates in panels and webinars discussing supply chain security and automated testing practices.
  • Job descriptions highlight operational practices like supporting teams to resolve vulnerabilities and identifying automation opportunities.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.