Senior Lead AI Security Specialist

About CitiCiti, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. Our technology & business enablement teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do. We keep the bank safe and provide the technical tools our workers need to be successful. We design our digital architecture and ensure our platforms provide a first-class customer experience.Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.Overview of the OrganizationAt Citi, trust is paramount, and safeguarding our customer data is a core commitment. The Chief Information Security Office (CISO) is comprised of deeply dedicated and talented professionals focused on ensuring the safety of Citi's and its clients' assets and information. We manage information security as an end-to-end program, grounded in modern control and security frameworks, fully aligned with firm technology, and driven by threat intelligence and data. Our global security program is deeply integrated across all Citi businesses.Overview of the RoleThe Advanced Pentesting and Research team, a vital component of Citi's Cyber Security Operations, provides critical security testing services that enable the rapid and secure delivery of solutions to our customers.Senior Lead AI Security Specialist is a pivotal, cross-functional role responsible for leading in-depth analysis and research into new vulnerabilities and exploits, and for identifying systemic issues within mission-critical Citi applications. Leveraging advanced AI development skills, this role will also be instrumental in designing, developing, and implementing cutting-edge AI-powered tools and solutions to significantly enhance our vulnerability assessment and penetration testing capabilities.We are seeking an innovative, analytical thinker, a collaborative team player, and an effective communicator capable of bridging intricate business, technology, and security requirements. The ideal candidate possesses a deep understanding of modern software development frameworks, AI technologies, complex enterprise architectures, and proactively stays abreast of the ever-evolving cyber security threat landscape.ResponsibilitiesPerform in-depth analysis and research of new vulnerabilities and exploits. Demonstrate the impact of these through the development of proof-of-concept code.Act as a subject matter expert in offensive information security, application pentesting, networking, operating systems, and databases.Research and identify potential security issues within Citi ApplicationsDrive remediation by outlining a defense-in-depth approach to business stakeholders and providing strategic solutions to developers on effective security controls and counter measures.Contribute to the architecture, design, and development of advanced AI tooling to assist with vulnerability detection and code analysisCollaborate with cross-functional teams to integrate AI capabilities into our existing security tools and processesDesign and implement user-friendly interfaces and workflows for AI-powered security toolsConduct thorough testing and evaluation of AI models and tools to ensure their accuracy, reliability, and effectivenessHave excellent communication (written and verbal) skills to report and articulate the results.Review internal tools, testing processes and methodologies within Application Security space and assist in identifying potential opportunities for improvement and automation.Mentor and guide junior security analysts and teams.Qualifications10 years of professional experience in an Information Security or Cybersecurity role: specifically in vulnerability discovery, analysis, and exploitation, manual application penetration testing, and threat modeling.Multiple years of professional experience (as a significant part of the overall 10 years) in an Artificial Intelligence (AI) Development role, focusing on developing AI-powered applications and tools for security, and hands-on experience with advanced AI technologies such as Large Language Models (LLMs), Agentic AI Architecture, Retrieval Augmented Generation (RAG) integrations, and frameworks like LangChain, PyTorch, or TensorFlow.Demonstrated experience in vulnerability discovery, analysis, and fortable with manual application penetration testing and threat modeling.Passion for security research, demonstrated by published research, active participation in community events, or contributions to the security community.Understand CVEs and should be able to reproduce proof-of-concept easily.Experience in developing AI-powered applications and tools, preferably in the security domainHands-on experience working with security tools such as BurpSuite Proxy, AppScan, WebInspect, SoapUI, Qualys, CheckMarx, BlackDuck, Snyk, Nessus, NMAP.Deep knowledge of common application security related industry standards such as OWASP Top 10, CWE/SANS Top 25.Excellent problem-solving skills and the ability to work in a fast-paced environment.Effective communication skills with the capacity to articulate complex security issues to technical and non-technical stakeholders.Must have or be willing to obtain industry-accredited security certification such as: GIAC GWEB, GWAPT, GMOB, GPEN, GXPN, OSCP, OSWE, CISSP, AI/ML certifications.Experience working with AI related technologies, such as Large Language Models (LLMs), Agentic AI Architecture, MCP server/clients, RAG integrations, and frameworks like LangChain, RAG, PyTorch, TensorFlow, Haystack, etc.Contributions to open-source AI or security projects.Strong understanding of a variety of application architectures (Microservices, REST APIs, SOA, MVC), software development methodologies (Agile, DevOps, Waterfall), programming/scripting languages (Java, .NET/C#, C/C++, Python, Ruby), development frameworks (Spring, Struts, AngularJS, NodeJS), and application infrastructure (web/app servers, middleware components, databases, public/private/hybrid cloud deployment, cloud service models - SaaS/PaaS/IaaS).EducationBachelor’s degree in Computer Science, Cyber Security, Artificial Intelligence, or related fieldsMaster’s Degree in Computer Science, Cyber Security, Artificial Intelligence, or related field preferredAdditional information about Citi may be found at Citi's website. For accessibility and equal opportunity information, please see Citi’s EEO policy statement and Know Your Rights postings. #J-18808-Ljbffr

Created: 2025-10-08