Senior Lead AI Security Specialist

Be among the first 25 applicants.Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. Our Technology & Business Enablement teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do. We keep the bank safe and provide the technical tools our workers need to be successful.Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all.Overview of the Organization:The Chief Information Security Office (CISO) is comprised of deeply dedicated and talented professionals focused on ensuring the safety of Citi's and its clients' assets and information.Overview of the Role:The Advanced Pentesting and Research team provides critical security testing services that enable the rapid and secure delivery of solutions to our customers. The Senior Lead AI Security Specialist is a pivotal, cross-functional role responsible for leading in-depth analysis and research into new vulnerabilities and exploits, and for identifying systemic issues within mission-critical Citi applications.Responsibilities:Perform in-depth analysis and research of new vulnerabilities and exploits.Act as a subject matter expert in offensive information security, application pentesting, networking, operating systems, and databases.Research and identify potential security issues within Citi Applications.Drive remediation by outlining a defense-in-depth approach to business stakeholders and providing strategic solutions to developers on effective security controls and counter measures.Contribute to the architecture, design, and development of advanced AI tooling to assist with vulnerability detection and code analysis.Collaborate with cross-functional teams to integrate AI capabilities into our existing security tools and processes.Design and implement user-friendly interfaces and workflows for AI-powered security tools.Conduct thorough testing and evaluation of AI models and tools to ensure their accuracy, reliability, and effectiveness.Have excellent communication skills to report and articulate the results.Review internal tools, testing processes and methodologies within Application Security space and assist in identifying potential opportunities for improvement and automation.Mentor and guide junior security analysts and teams.Qualifications:10 years of professional experience in an Information Security or Cybersecurity role.Multiple years of professional experience in an Artificial Intelligence (AI) Development role, focusing on developing AI-powered applications and tools for security.Demonstrated experience in vulnerability discovery, analysis, and fortable with manual application penetration testing and threat modeling.Passion for security research, demonstrated by published research, active participation in community events, or contributions to the security community.Understand CVEs and should be able to reproduce proof-of-concept easily.Experience in developing AI-powered applications and tools, preferably in the security domain.Hands-on experience working with security tools such as BurpSuite Proxy, AppScan, WebInspect, SoapUI, Qualys, CheckMarx, BlackDuck, Snyk, Nessus, NMAP.Deep knowledge of common application security related industry standards such as OWASP Top 10, CWE/SANS Top 25.Excellent problem-solving skills and the ability to work in a fast-paced environment.Effective communication skills with the capacity to articulate complex security issues to technical and non-technical stakeholders.Must have or be willing to obtain industry-accredited security certification such as: GIAC GWEB, GWAPT, GMOB, GPEN, GXPN, OSCP, OSWE, CISSP, AI/ML certifications.Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. #J-18808-Ljbffr

Created: 2025-10-08