Vulnerability Research (Principal Application Security Analyst - Senior Vice President)

Sorry, this job was removed at 02:01 p.m. (UTC) on Tuesday, Feb 17, 2026
Be an Early Applicant
Singapore, SGP
In-Office
Fintech • Financial Services
The Role

Discover your future at Citi

Citi is a preeminent banking partner for institutions with cross-border needs, a global leader in wealth management, and a valued personal bank in its home market of the United States. Citi does business in more than 160 countries and jurisdictions, providing corporations, governments, investors, institutions, and individuals with a broad range of financial products and services.

About the job

Citi is seeking a highly skilled and experienced application security analyst with a specialized focus on vulnerability research, third-party component analysis, and advanced whitebox testing methodologies, including comprehensive source code review. The successful candidate will play a critical role in identifying, exploiting, and providing remediation guidance for complex security vulnerabilities within Citi's diverse technology landscape. This role demands deep technical expertise, a proactive approach to security challenges, and the ability to work collaboratively with development teams to enhance the security posture of our applications and infrastructure.

Who we are

This team specializes in conducting deep-dive penetration testing on a variety of Citi applications (Web, Mobile, Thick Client, and APIs) by manually identifying, researching, validating, and exploiting various known and unknown application security vulnerabilities.

What you’ll do

As a principal application security analyst on our Offensive Security & Vulnerability Management team, you are responsible for:

  • Vulnerability Research & Exploitation: Conduct in-depth research to discover new attack vectors and zero-day vulnerabilities in enterprise applications, systems, and third-party components. Develop proof-of-concept exploits to effectively demonstrate risk.

  • Whitebox Penetration Testing: Perform comprehensive whitebox penetration tests, leveraging access to source code, design documentation, and internal system knowledge to uncover sophisticated security flaws that blackbox testing might miss.

  • Source Code Review: Conduct manual and automated source code reviews across various programming languages (e.g., Java, C#, Python, JavaScript) to identify security vulnerabilities, misconfigurations, and adherence to secure coding practices.

  • Third-Party Component Analysis: Evaluate the security of third-party libraries, frameworks, and open-source components integrated into Citi's applications. Identify known vulnerabilities (e.g., CVEs) and assess potential risks.

  • Remediation Guidance: Provide clear, concise, and actionable remediation recommendations to development teams, offering expert advice on secure coding, configuration, and architectural solutions.

  • Tooling & Automation: Utilize and contribute to the development of advanced security testing tools, static analysis (SAST), and dynamic analysis (DAST) solutions to improve efficiency and coverage.

  • Reporting & Communication: Prepare detailed technical reports outlining findings, risk levels, and recommended mitigations for both technical and non-technical audiences.

  • Mentorship & Knowledge Sharing: Mentor junior penetration testers and security engineers, sharing expertise in vulnerability research, source code analysis, and whitebox testing techniques.

  • Stay Current: Continuously research and stay abreast of the latest security threats, vulnerabilities, attack techniques, and industry best practices.

Job Skills/Qualifications:

  • 8+ years of experience in penetration testing, ethical hacking, or application security, with a significant focus on whitebox testing and/or source code review.

  • Proven expertise in vulnerability research, including the ability to identify novel vulnerabilities and develop reliable exploits.

  • Strong proficiency in at least one major programming language (e.g., Java, C#, Python) and familiarity with others.

  • In-depth understanding of common web application vulnerabilities (OWASP Top 10) and API security best practices.

  • Experience with static application security testing (SAST) tools and dynamic application security testing (DAST) tools.

  • Strong understanding of cloud computing platforms (AWS, Google Cloud, Azure) and experience in securing applications and infrastructure deployed in these environments.

  • Experience with microservices architecture and securing containerized applications (e.g., Docker, Kubernetes).

  • Experience with mobile application penetration testing (iOS and Android).

  • Excellent written and verbal communication skills, with the ability to articulate complex security issues to diverse audiences.

  • Ability to work independently and as part of a team in a fast-paced, dynamic environment.

  • Relevant industry certifications such as OSCE, GIAC GWAPT, GPEN, GXPN, or similar.

An ideal candidate will have both an engineering and security background. However, irrespective of your current role, if you have a Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience and meet most of the above-listed requirements, then don't miss this opportunity to join our team. Apply today!

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Most Relevant Skills

Please see the requirements listed above.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

 

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View Citi’s EEO Policy Statement and the Know Your Rights poster.

Citi Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Citi and has not been reviewed or approved by Citi.

  • Healthcare Strength Benefits coverage is positioned as comprehensive, including health, dental, and vision insurance plus on-site clinics, prescription drug support, and disability coverage. Family-building support such as fertility assistance is described as a notable differentiator within the overall package.
  • Retirement Support Retirement benefits are framed as strong, highlighted by a 401(k) with matching and additional plan options like a Roth 401(k). Financial support is reinforced through discounts and broader financial guidance resources tied to the benefits ecosystem.
  • Wellbeing & Lifestyle Benefits Wellbeing support extends beyond insurance through programs like an Employee Assistance Program, counseling/legal resources, and gym or wellness reimbursement. These offerings increase the perceived total rewards value even when cash compensation sentiment varies by role.

Citi Insights

Similar Jobs

Micron Technology Logo Micron Technology

Staff Engineer

Artificial Intelligence • Hardware • Information Technology • Machine Learning
In-Office
Singapore, SGP
45000 Employees

Micron Technology Logo Micron Technology

SNR/STAFF SHIFT ENGINEER LEAD, TD MFG DEV ENGG

Artificial Intelligence • Hardware • Information Technology • Machine Learning
In-Office
Singapore, SGP
45000 Employees

Micron Technology Logo Micron Technology

SR SHIFT ENGINEER, TD MFG DEV ENGG

Artificial Intelligence • Hardware • Information Technology • Machine Learning
In-Office
Singapore, SGP
45000 Employees

Micron Technology Logo Micron Technology

Senior Engineer

Artificial Intelligence • Hardware • Information Technology • Machine Learning
In-Office
Singapore, SGP
45000 Employees
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Kwun Tong, Kowloon
223,850 Employees

What We Do

Citi's mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients. We have 200 years of experience helping our clients meet the world's toughest challenges and embrace its greatest opportunities. We are Citi, the global bank – an institution connecting millions of people across hundreds of countries and cities.

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account