Skip Navigation
open main navigation menu
city landscape


Pardon our dust! We are enhancing our application system to improve the Citi recruitment experience. Due to this upgrade you may be asked to create a new profile when you apply for a new job. If you submitted an application prior to July 21st you can view the status of your application and manage your documents via the Manage Existing link in the Create/Manage Profile drop down in the top right corner of this page.







Vulnerability Assessments and Cloud SecOps Analyst

Citi's Vulnerability Assessments and Cloud SecOps team is responsible for providing Vulnerability Assessment services and Cloud Security Operations to all Citi businesses and technology teams globally. The duties of a VA analyst will include manual and automated testing through a defined testing process.  The analyst will be identifying weaknesses and vulnerabilities within the Citi infrastructure and applications. Recommend countermeasures to business contacts and developers to resolve identified issues during ethical hacking. Commercial and open source vulnerability assessment tools/utilities are leveraged during these assessments.

The technical analyst role is in the Budapest team, which is part of a larger global team responsible for providing vulnerability assessment to all business within Citi.


  • Providing vulnerability assessment and penetration testing services to Citi businesses globally through a comprehensive testing process
  • Identifying weaknesses and vulnerabilities within the system and proposing countermeasures.
  • Testing of the overall security of critical infrastructure components and applications to ensure they comply with internal policies, security architecture best practices, and industry standards
  • Scanning and discovering rouge hosts, networks, and devices
  • Scanning in Citi’s network – including Hybrid and Public Cloud
  • Implement new security solutions in Cloud and Container security
  • Reporting information security vulnerabilities to businesses.


  • The candidate is expected to already be familiar with the majority of the below tools:

  • Knowledge of Cloud Security fundamentals in Amazon Web Services, Azure and Google Cloud Platform
  • Experience in Web development and programming languages i/e Java/J2EE (Servlets/JSPs, STRUTS, Spring Flow, JavaServer Faces, Hibernate, JDBC, Enterprise Java Beans)
  • OR

  • Vulnerability Assessment tools, e.g. Nessus, Qualys, etc
  • Deep understanding of OSI model
  • Security devices, e.g. Firewalls, VPN, AAA systems
  • OS Security, e.g. Unix, Linux, Windows, Cisco, etc
  • Understanding of common protocols, e.g. LDAP, SMTP, DNS, Routing Protocols
  • Web application infrastructure, e.g. Application Servers, Web Servers, Databases
  • Web development and programming languages i.e. Python, Perl, Ruby, Java, and/or .Net


  • Education Level Required: Bachelor's Degree
  • 10+ years’ work experience in IT (at least 3 years’ experience in Information Security field)

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.


Grade :All Job Level - All Job FunctionsAll Job Level - All Job Functions - HU


Time Type :


Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity CLICK HERE.

To view the "EEO is the Law" poster CLICK HERE. To view the EEO is the Law Supplement CLICK HERE.
To view the EEO Policy Statement CLICK HERE.
To view the Pay Transparency Posting CLICK HERE.