CrawlJobs Logo

Cloud Security Threat Modeler Senior Analyst

https://www.citi.com/ Logo

Citi

Location Icon

Location:
Poland , Warsaw

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

Engineer the future of global finance. At Citi, our Tech team doesn’t just support finance – we are helping to redefine it. Every day, $5 trillion crosses through our network. We do business in 180+ countries operating at a scale few can match. From deploying advanced AI to helping shape global markets, we build systems that matter. Look to join a team where your work helps influence economies, your ideas can drive innovation and outcomes, and your growth is backed by mentorship, continuous learning and flexibility with potential hybrid work opportunities. Help solve real-world challenges that touch millions and get the opportunity to build the future of finance with Citi Tech. The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients', our revenue, our employees and our proprietary data. We manage information security as one end-to end program – one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions. Citi is looking for a security focused person with a good understanding of cybersecurity principles to work in the Cloud Threat Modeling team. Using threat modeling you will identify threats and specify mitigating controls which will directly reduce the risk of Citi operating in the public cloud.

Job Responsibility:

  • Perform Threat Modeling using a documented process
  • Development of automation tools as required
  • Maintain a high standard of work in identifying threats and specifying mitigating controls
  • Attending to the lifecycle of identified threats and controls
  • Delivery of threat models and supporting tasks within existing timeframes
  • Provide feedback, support, and improvements to the existing threat modeling process
  • Present work to seniors, the team, and other technical teams

Requirements:

  • 5+ years of experience in a Cybersecurity role
  • Proven experience with Jira or other similar ticketing systems
  • Strong understanding of security best practices related to Authentication, Authorization, Logging/Monitoring, Encryption, Infrastructure Security, and Network Segmentation
  • Experience with scripting languages (e.g., Python, Bash, PowerShell) or Infrastructure as Code tools (e.g., Terraform, CloudFormation)
  • Familiarity with threat modeling methodologies like STRIDE, PASTA, Attack Trees, and the MITRE ATT&CK framework, as well as threat modeling tools (e.g., IriusRisk, ThreatModeler, Microsoft Threat Modeling Tool)
  • Ability to identify vulnerabilities using CWE or OWASP frameworks
  • Working knowledge of Operating Systems (e.g., Windows, Linux) and their hardening best practices
  • Familiarity with Development Concepts such as CI/CD pipelines, and SDLC
  • Working knowledge of Cloud Platforms (e.g., AWS, Azure, GCP)
  • Ability to design and review technical architectures
  • Strong analytical skills, diligence, and attention to detail
  • Excellent skills in creating and maintaining high-quality documentation
  • Demonstrated ability to work effectively with diverse individuals and teams
  • Excellent written and verbal communication skills
  • A passion for continuous learning and staying up-to-date with new technologies and methodologies
  • Proven ability to build relationships across multiple cross-functional teams
  • Bachelor's degree in Computer related field or equivalent work experience

Nice to have:

  • 3+ years experience specifically focused on Threat Modeling
  • Experience with Docker, Kubernetes, Serverless Technologies (e.g., AWS Lambda, Azure Functions, Google Cloud Functions), and Helm
  • Familiarity with Cloud Development Kit (CDK) and GitOps principles
  • Experience supporting or performing Penetration Testing activities (e.g., vulnerability scanning, network penetration testing, web application testing, mobile application testing)
  • Experience with Snowflake, MongoDB, Terraform Cloud, GitHub, or Databricks
  • Experience working in a regulated environment (e.g., financial services)
  • Ability to think like an attacker and anticipate potential threats
  • Cloud Certifications (Foundational or Practitioner Level): AWS Certified Cloud Practitioner, AWS Certified Solutions Architect – Associate, Google Cloud Certified Professional Cloud Architect, Microsoft Certified: Azure Solutions Architect Expert, Microsoft Certified: Azure Administrator Associate, CompTIA Cloud+
  • Cybersecurity Certifications (Foundational Level): CompTIA Security+, (ISC)² Certified in Cybersecurity, GIAC Security Essentials Certification (GSEC), ISACA CSX Cybersecurity Fundamentals Certificate
What we offer:
  • Private Medical Care Program
  • Life Insurance Program
  • Pension Plan contribution (PPE Program)
  • Employee Assistance Program
  • Paid Parental Leave Program (maternity and paternity leave)
  • Sport Card
  • Holidays Allowance
  • Sport and team recreation activities
  • Special offers and discounts for employees
  • Access to an array of learning and development resources
  • A discretional annual performance related bonus
  • A chance to make a difference with various affinity networks and charity initiatives

Additional Information:

Job Posted:
December 31, 2025

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Citi - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Cloud Security Threat Modeler Senior Analyst

Cloud Security Senior Analyst

The Cloud Security Operations team works in a multi-disciplinary team of teams d...
Location
Location
Hungary , Budapest
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in a similar, offensive security related role
  • Offensive Security-oriented mindset (threat-modeling, vulnerability assessments, penetration testing, etc.)
  • Hands-on experience with cloud platforms (GCP, AWS)
  • Excellent understanding of cloud security concepts/best practices in various cloud Service Providers (for example: Azure/M365)
  • Familiarity with the current threat landscape which GCP exists in
  • Familiarity with securing containers and container orchestration frameworks (such as Kubernetes)
  • Programming/scripting languages a plus (Python and PowerShell preferred, but not required)
  • Ability to deliver presentations to technical and non-technical individuals
  • Fluency in English
  • Bachelor's Degree or equivalent working experience
Job Responsibility
Job Responsibility
  • Full end to end security assurance activities in GCP including Vulnerability Assessments (preproduction, post-production), Purple Team exercises (Red and Blue team collaboration) to identify areas of risk and ensure any gaps are documented and remediated
  • Provide threat modeling and risk assessment services to characterize the risk and severity posture of various systems and components in the cloud environment
  • Partner with Engineering and Operations teams to create, implement, and apply DevSecOps practices and processes that are consumed by developers across all sectors in Citi
What we offer
What we offer
  • Cafeteria Program
  • Home Office Allowance (for colleagues working in hybrid work models)
  • Paid Parental Leave Program (maternity and paternity leave)
  • Private Medical Care Program and onsite medical rooms at our offices
  • Pension Plan Contribution to voluntary pension fund
  • Group Life Insurance
  • Employee Assistance Program
  • Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed
  • Flexible work arrangements to support you in managing work - life balance
  • Career progression opportunities across geographies and business lines
  • Fulltime
Read More
Arrow Right

Cyber Architect - Info Security Tech Senior Analyst

The Cyber Architect - Info Security Tech Senior Analyst is an intermediate level...
Location
Location
Hungary , Budapest
Salary
Salary:
12211560.00 - 20474640.00 Ft / Month
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-8 years of relevant experience
  • Additional technical certifications are preferred
  • Demonstrated ability to research and apply current information regarding the IS field
  • Threat modelling using industry standard methodologies (e.g. STRIDE/DREAD) Experience developing Reference Security Architecture and Design Patterns to support proactive and automated controls
  • Strong knowledge of security for applications related to authentication / authorization, data protection, session management, data validation, and end point protections
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills
  • Bachelor’s degree/University degree or equivalent experience
Job Responsibility
Job Responsibility
  • Plan, research, and design security architecture for IT systems and applications (internally developed as well as vendor supplied) for processing multiple classification levels of data on prem, and cloud
  • Determine the security controls for above, document appropriately and partner with IT architecture/development stakeholders to implement during early in system development life cycle
  • Perform security architecture and risk assessment of internally developed or acquired IT systems and applications using best practices including threat modelling. Ensure that security design and controls are consistent with organization's security architecture principals
  • Establish relationships with cross-functional areas including Business, Technology, and Compliance stakeholders and serve as a SECURITY subject-matter expert
  • Manage risk by analyzing the root cause of security issues, determining compensating controls, and driving remediation
  • Coordinate with system development and infrastructure units to identify Information Security (IS) risks and the appropriate controls for development, day-to-day operation, and emerging technologies
  • Perform regular assessments based on changes in the threat landscape
  • Provide information security support with related activities during systems development (e.g. authentication, encryption)
  • Identify significant IS threats and vulnerabilities
What we offer
What we offer
  • Cafeteria Program
  • Home Office Allowance (for colleagues working in hybrid work models)
  • Paid Parental Leave Program (maternity and paternity leave)
  • Private Medical Care Program and onsite medical rooms at our offices
  • Pension Plan Contribution to voluntary pension fund
  • Group Life Insurance
  • Employee Assistance Program
  • Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed
  • Flexible work arrangements to support you in managing work - life balance
  • Career progression opportunities across geographies and business lines
  • Fulltime
Read More
Arrow Right

Senior Consultant - Proactive Services

As a Senior Consultant in Unit 42 you will have the opportunity to work across a...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
paloaltonetworks.it Logo
Palo Alto Networks Italia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3+ years of consulting experience in SOC, security engineering, SIEM administration, and incident management
  • Demonstrated success with serving large, multinational organisations in designing and implementing an organisation’s security operations program
  • Possess a deep technical knowledge in Security Incident and Event Management (SIEM) platforms, Security Orchestration and Response (SOAR) technologies, Endpoint Protection and Response/Next Gen Protection and Response (EDR/XDR) tools, Next GenFirewalls, Threat Intelligence and Hunting platforms
  • Experience in security operations design, engineering and/or analysis and investigations, ideally in complex environments
  • Ability to perform detailed assessments, identify areas for improvement and make recommendations to transform an organisation's cyber security operations
  • Demonstrated experience in improving an organisations security operations capabilities
  • Experience in conducting threat hunting and/or compromise assessments
  • Relevant industry certifications including GIAC Defensible Security Architect (GDSA), GIAC Intrusion Analyst (GCIA), GIAC Continuous Monitoring (GMON), CISSP
  • Understanding of cyber risk frameworks or industry standards such as 800-53, ISO 27001/2, PCI, CIS 18, CMMC
  • 3+ years of experience performing cloud security advisement and risk assessments
Job Responsibility
Job Responsibility
  • Work across a number of proactive cyber security domains including Cloud Security, Security Operations, Cyber Risk Management and Artificial Intelligence in cyber security
  • Deliver the best consulting outcomes for clients, as they work to address the challenges associated with today’s cyber threat landscape
  • Fulltime
Read More
Arrow Right

Product Security Engineer - AI

At Crusoe, the AI Security Engineer is central to ensuring the safety, integrity...
Location
Location
United States , San Francisco
Salary
Salary:
135000.00 - 150000.00 USD / Year
crusoe.ai Logo
Crusoe
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3+ years of professional experience building and maintaining production systems
  • Strong Python programming skills and experience across the stack (backend/frontend)
  • Deep expertise in advanced Generative AI techniques, including implementing Retrieval-Augmented Generation (RAG), designing AI Agents and Multi-step Cognitive Processes (MCP), and building with workflow orchestration frameworks
  • Proven ability to own the entire model lifecycle by designing and managing robust MLOps pipelines
  • Experience with containerization (Docker), virtualization (VMs), and cloud platforms (AWS, GCP, Azure) is a plus
  • Experience in designing, implementing, and fine-tuning custom LLMs
  • Strong understanding of NLP fundamentals, transformer architectures, PyTorch/TensorFlow, and data structures
  • Strong curiosity about security, privacy, and threat modeling
  • Strong product sense for rapid iteration and refinement based on data
  • Collaborative mindset to work closely with engineers, product managers, and security analysts in a fast-paced environment
Job Responsibility
Job Responsibility
  • Act as the technical leader and SME on the practical security of our AI and LLM ecosystem
  • Define the long-term technical roadmap for AI security architecture and drive high-impact cross-functional initiatives
  • Lead the design and implementation of highly secure Generative AI solutions for security applications, focusing on architectural patterns like Retrieval-Augmented Generation (RAG)
  • Architect and implement custom, AI-powered security tooling that automates threat detection, vulnerability analysis, and data access control
  • Establish governance and processes for secure MLOps pipelines
  • Define standards for model versioning, deployment, and monitoring
  • Lead threat modeling exercises for novel AI systems
  • Apply advanced security and privacy best practices
  • Mentor senior engineers on secure development practices in the GenAI domain
  • Drive the entire lifecycle of critical AI security projects
What we offer
What we offer
  • Restricted Stock Units in a fast growing, well-funded technology company
  • Health insurance package options that include HDHP and PPO, vision, and dental for you and your dependents
  • Employer contributions to HSA accounts
  • Paid Parental Leave
  • Paid life insurance, short-term and long-term disability
  • Teladoc
  • 401(k) with a 100% match up to 4% of salary
  • Generous paid time off and holiday schedule
  • Cell phone reimbursement
  • Tuition reimbursement
  • Fulltime
Read More
Arrow Right

Threat Intelligence Analyst

Threat Intelligence Analyst - initial 3-6 month contract. We're seeking a highly...
Location
Location
United Kingdom , Portsmouth or London
Salary
Salary:
Not provided
triarecruitment.com Logo
TRIA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years' experience in Threat Intelligence, SOC or Incident Response
  • Strong working knowledge of MITRE ATT&CK and threat actor lifecycle analysis
  • Hands-on experience with threat intelligence platforms such as MISP, Recorded Future, Anomali or similar
  • Strong experience with Microsoft security tooling, ideally Sentinel and Defender
  • Proficiency in KQL and working knowledge of Python for automation and enrichment
  • Experience integrating intelligence into SIEM, EDR/XDR, and cloud security platforms (Microsoft, AWS, CrowdStrike, etc.)
  • Deep understanding of the UK cyber threat landscape, particularly critical national infrastructure and public sector threats
  • Comfortable operating as a sole senior threat intelligence specialist while collaborating across SOC and InfoSec teams
Job Responsibility
Job Responsibility
  • Lead threat actor tracking and attribution, focusing on APTs, ransomware, supply chain attacks and UK-relevant campaigns
  • Maintain adversary profiles using MITRE ATT&CK, Diamond Model and sector-specific threat frameworks
  • Correlate internal security telemetry with external intelligence feeds (e.g. MISP, Recorded Future, ISACs, Microsoft TI)
  • Operationalise STIX/TAXII feeds and enrich IOC/IOA pipelines for SOC and Incident Response teams
  • Translate threat intelligence into actionable detections, working with engineers on KQL/SPL queries and proactive threat hunts
  • Produce regular threat reports and briefings for SOC leadership, CISO and senior stakeholders, including board-level risk narratives
  • Manage and oversee a third-party cyber threat intelligence provider, ensuring quality, relevance and value
  • Engage with UK threat-sharing communities and maintain internal threat intelligence documentation and playbooks
  • Fulltime
Read More
Arrow Right
New

Senior Application Security Analyst

Senior Application Security Analyst - Vice President role at Citi. The team spec...
Location
Location
United States , Fort Lauderdale
Salary
Salary:
117440.00 - 176160.00 USD / Year
https://www.citi.com/ Logo
Citi
Expiration Date
February 18, 2026
Flip Icon
Requirements
Requirements
  • 6-10 years of experience in an engineering role
  • Minimum of 3-5 years of experience in a penetration testing or application development role
  • Strong understanding of a variety of application architectures (Microservices, REST APIs, SOA, MVC), software development methodologies (Agile, DevOps, Waterfall), programming/scripting languages (Java, .NET/C#, C/C++, Python, Ruby), development frameworks (Spring, Struts, AngularJS, NodeJS), and application infrastructure (web/app servers, middleware components, databases, public/private/hybrid cloud deployment, cloud service models - SaaS/PaaS/IaaS)
  • Hands on knowledge and experience in a subset of the following tools: BurpSuite Proxy, AppScan, WebInspect, CheckMarx, BlackDuck, Snyk, Nessus, NMAP
  • Must have or be willing to obtain Industry-accredited security certifications such as: GIAC GWEB, GWAPT, GMOB, GPEN, GXPN, OSCP, OSWE, CISSP
  • Deep knowledge of common application security related industry standards such as OWASP Top 10, CWE/SANS Top 25
  • Demonstrated experience in vulnerability discovery, analysis, and exploitation
  • Understand CVEs and should be able to reproduce proof-of-concept easily
  • Comfortable with manual application penetration testing and threat modeling
  • Master’s Degree in Computer Science, Cyber Security or related field
Job Responsibility
Job Responsibility
  • Act as a subject matter expert in offensive information security, application pentesting, networking, operating systems, and databases
  • Research and identify potential security issues within Citi Applications
  • Demonstrate the impact of any identified vulnerability through the development of proof-of-concept code
  • Drive remediation by outlining a defense-in-depth approach to business stakeholders and providing strategic solutions to developers on effective security controls and counter measures
  • Have strong technical writing and presentation skills to report and articulate the vulnerability assessment results to any audience
  • Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation
What we offer
What we offer
  • medical, dental & vision coverage
  • 401(k)
  • life, accident, and disability insurance
  • wellness programs
  • paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays
  • discretionary and formulaic incentive and retention awards
  • Fulltime
!
Read More
Arrow Right

Applications Development Senior Programmer Analyst

The Applications Development Senior Programmer Analyst is an intermediate level ...
Location
Location
India , Chennai
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of relevant experience
  • Experience in systems analysis and programming of software applications
  • Experience in managing and implementing successful projects
  • Working knowledge of consulting/project management techniques/methods
  • Ability to work under pressure and manage deadlines or unexpected changes in expectations or requirements
  • Bachelor’s degree/University degree or equivalent experience
  • 10+ years of hands-on experience in software development
  • Proficiency in .NET Ecosystem: Expert-level knowledge and practical experience with .NET Framework, .NET Core, C#, ASP.NET, and Entity Framework
  • Database Management: Strong experience with SQL Server, including database design, T-SQL development, performance tuning, and administration
  • API Development: Extensive experience in designing, developing, and managing REST APIs and traditional Web Services
Job Responsibility
Job Responsibility
  • Lead and participate in all phases of the Secure Software Development Life Cycle (SDLC), ensuring security best practices are integrated from design to deployment
  • Architect, design, develop, and maintain high-quality software solutions using .NET, C#, ASP.NET, .NET Core, SQL Server, and Entity Framework
  • Manage and implement RESTful APIs and traditional Web Services, ensuring efficient and secure communication
  • Develop modern front-end applications using Angular, providing intuitive and responsive user interfaces
  • Utilize and enforce best practices for source control management with Bitbucket and GitHub, overseeing code integrity and versioning
  • Oversee and contribute to Release Lifecycle Management, leveraging tools like Jenkins and JIRA for continuous integration, continuous deployment (CI/CD), and project tracking
  • Lead and mentor offshore development teams, providing technical guidance, managing tasks, and ensuring successful delivery from requirements gathering to production
  • Collaborate effectively with other technology partners, including SA (System Administrator) and DBA (Database Administrator) teams, to ensure seamless integration and adherence to technical and security standards
  • Execute and oversee Windows server migrations, including IIS and SQL Server, ensuring minimal downtime and data integrity
  • Proactively identify and address system and application security threats and vulnerabilities, implementing robust solutions to mitigate risks
  • Fulltime
Read More
Arrow Right
New

Assistant F&B Operations Manager

Assists with supervising food and beverage/culinary daily operations. Responsibi...
Location
Location
United States , Atlanta
Salary
Salary:
25.77 - 27.40 USD / Hour
https://www.marriott.com Logo
Marriott Bonvoy
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • High school diploma or GED
  • 3 years experience in the food and beverage, culinary, or related professional area
  • OR 2-year degree from an accredited university in Food Service Management, Hotel and Restaurant Management, Hospitality, Business Administration, or related major
  • 1 year experience in the food and beverage, culinary, or related professional area
Job Responsibility
Job Responsibility
  • Assists in the ordering of F&B supplies, cleaning supplies and uniforms
  • Supervises daily F&B shift operation and ensures compliance with all F&B policies, standards and procedures
  • Supports and supervises an effective monthly self inspection program
  • Operates all department equipment as necessary and reports malfunction
  • Supervises staffing levels to ensure that guest service, operational needs, and financial objective are met
  • Encourages and builds mutual trust, respect, and cooperation among team members
  • Develops specific goals and plans to prioritize, organize, and accomplish your work
  • Celebrates and fosters decisions that result in successes as well as failures
  • Communicates areas that need attention to staff and follows up to ensure understanding
  • Coordinates cleaning program in all F&B areas (including General clean), identifying trends and making recommendation for improvements
What we offer
What we offer
  • Training
  • Development
  • Recognition
  • A place where you can pursue your passions in a luxury environment with a focus on holistic well-being
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy