Senior Vice President, Cloud Security Threat Modeler

Citi
Full_timeβ€’$156k-234k/year (USD)β€’Fort Lauderdale, United States

πŸ“ Job Overview

  • Job Title: Senior Vice President, Cloud Security Threat Modeler
  • Company: Citi
  • Location: Irving, Texas, United States
  • Job Type: On-site, Full-Time
  • Category: Information Security
  • Date Posted: July 15, 2025

πŸš€ Role Summary

  • Key web technology aspect 1: The role involves threat modeling to identify threats and specify mitigating controls to reduce risks associated with operating in the public cloud.
  • Key web technology aspect 2: Responsibilities include developing automation tools, maintaining high standards of work, and supervising junior team members.
  • Key web technology aspect 3: The role requires expertise in various threat modeling methodologies and tools, as well as a deep understanding of security principles.
  • Key web technology aspect 4: Candidates should have over 10 years of experience in cybersecurity, with at least 5 years focused on threat modeling in cloud environments.

πŸ“ Enhancement Note: The role is heavily focused on cloud security and threat modeling, making it an excellent fit for experienced cybersecurity professionals seeking to specialize in cloud security and threat modeling.

πŸ’» Primary Responsibilities

  • Web technology responsibility 1: Conduct threat modeling using a documented process to identify threats and specify mitigating controls.
  • Web technology responsibility 2: Develop automation tools as required to streamline threat modeling processes.
  • Web technology responsibility 3: Maintain a high standard of work in identifying threats and specifying mitigating controls.
  • Web technology responsibility 4: Attend to the lifecycle of identified threats and controls, ensuring they are up-to-date and effective.
  • Web technology responsibility 5: Deliver threat models and supporting tasks within existing timeframes, meeting project deadlines and quality standards.
  • Web technology responsibility 6: Provide feedback, support, and improvements to the existing threat modeling process, driving continuous improvement.
  • Web technology responsibility 7: Present work to seniors, the team, and other technical teams, effectively communicating complex security concepts.
  • Web technology responsibility 8: Train newer members of the team, sharing knowledge and expertise to enhance the team's capabilities.
  • Web technology responsibility 9: Supervise junior members of the team, providing guidance and mentorship to support their professional development.
  • Web technology responsibility 10: Run parts of the threat model service, ensuring smooth operation and high-quality deliverables.
  • Web technology responsibility 11: Assist in wider threat modeling activities across Citi, collaborating with other teams and stakeholders to drive enterprise-wide security improvements.

πŸ“ Enhancement Note: The role requires strong problem-solving skills, attention to detail, and the ability to work independently or in a team environment to complete tasks on time and to a high standard.

πŸŽ“ Skills & Qualifications

Education: Bachelor’s degree or equivalent experience in a relevant field, with a master’s degree preferred.

Experience:

  • Required: Over 10 years of experience in a cybersecurity or information security role, with at least 5 years of experience specifically focused on threat modeling in cloud environments.
  • Preferred: Experience with cloud development kit (CDK) and GitOps principles, as well as supporting or performing penetration testing activities.

Required Skills:

  • Expertise in threat modeling methodologies such as STRIDE, PASTA, attack trees, and the MITRE ATT&CK framework, as well as threat modeling tools like IriusRisk, ThreatModeler, and Microsoft Threat Modeling Tool.
  • Proven ability to identify and analyze vulnerabilities using CWE or OWASP frameworks.
  • Deep understanding of security principles related to authentication, authorization, logging/monitoring, encryption, infrastructure security, and network segmentation.
  • Mastery of operating systems (e.g., Windows, Linux) and their hardening best practices.
  • Strong familiarity with development concepts such as CI/CD pipelines and SDLC.
  • Extensive experience with major cloud platforms (e.g., AWS, Azure, GCP), including their security services and best practices.
  • Proficiency in scripting languages (e.g., Python, Bash, PowerShell) or infrastructure as code (IaC) tools (e.g., Terraform, CloudFormation).

Preferred Skills:

  • Experience with Docker, Kubernetes, serverless technologies (e.g., AWS Lambda, Azure Functions, Google Cloud Functions), and Helm.
  • Familiarity with cloud development kit (CDK) and GitOps principles.
  • Experience supporting or performing penetration testing activities (e.g., vulnerability scanning, network penetration testing, web application testing, mobile application testing).
  • Experience with Snowflake, MongoDB, Terraform Cloud, GitHub, or Databricks.
  • Experience working in a regulated environment (e.g., financial services).

Certifications (Highly Preferred):

  • Professional cloud certifications (e.g., AWS Certified Solutions Architect – Professional, Google Cloud Certified Professional Cloud Architect, Microsoft Certified: Azure Solutions Architect Expert).
  • Cloud security certifications (e.g., AWS Certified Security - Specialty, Google Professional Cloud Security Engineer, Microsoft Certified: Azure Security Engineer Associate).
  • Professional cybersecurity certifications (e.g., (ISC)Β² Certified Information Systems Security Professional (CISSP), ISACA Certified Information Security Manager (CISM), GIAC Certifications (e.g., GCED, GCIH, GPEN)).

πŸ“Š Web Portfolio & Project Requirements

Portfolio Essentials:

  • Portfolio requirement 1: Demonstrate a strong understanding of threat modeling methodologies and tools, showcasing your ability to identify threats and specify mitigating controls.
  • Portfolio requirement 2: Highlight your experience with cloud platforms, showcasing your ability to work with AWS, Azure, or GCP and their security services.
  • Portfolio requirement 3: Showcase your problem-solving skills and attention to detail, demonstrating your ability to analyze vulnerabilities and implement security best practices.
  • Portfolio requirement 4: Display your ability to work with scripting languages or IaC tools, showcasing your proficiency in automating threat modeling processes.

Technical Documentation:

  • Technical documentation requirement 1: Demonstrate your ability to write clear and concise code, with a focus on code quality, commenting, and documentation standards.
  • Technical documentation requirement 2: Showcase your experience with version control, deployment processes, and server configuration, highlighting your ability to manage and maintain secure infrastructure.
  • Technical documentation requirement 3: Demonstrate your understanding of testing methodologies, performance metrics, and optimization techniques, showcasing your ability to ensure high-quality, secure software.

πŸ“ Enhancement Note: While a portfolio is not explicitly mentioned in the job listing, showcasing relevant skills and experience through a portfolio is highly recommended to strengthen your application and demonstrate your qualifications for the role.

πŸ’΅ Compensation & Benefits

Salary Range: $156,160 - $234,240 per year

Benefits:

  • Medical, dental, and vision coverage
  • 401(k) plan
  • Life, accident, and disability insurance
  • Wellness programs
  • Paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays

Working Hours: 40 hours per week, with flexible scheduling for deployment windows, maintenance, and project deadlines.

πŸ“ Enhancement Note: The salary range provided is based on the AI's estimation of the role's complexity, experience level, and regional market standards for senior vice president roles in information security. The benefits listed are based on the company's description and industry standards for large financial institutions.

🎯 Team & Company Context

Company Culture:

  • Industry: Financial services, with a focus on cloud security and threat modeling.
  • Company Size: Large, with a global presence and a significant focus on technology and innovation.
  • Founded: 1812, with a rich history and extensive experience in the financial services industry.

Team Structure:

  • Team size: Large, with a dedicated team focused on cloud security and threat modeling.
  • Reporting structure: The team reports directly to the chief information security officer (CISO), ensuring a clear line of accountability and a strong focus on enterprise-wide security.
  • Cross-functional collaboration: The team works closely with other teams, including development, infrastructure, and business stakeholders, to drive security improvements and ensure the safety of Citi's clients, revenue, employees, and proprietary data.

Development Methodology:

  • Development process 1: The team follows modern control and architectural frameworks, ensuring a structured and systematic approach to threat modeling and security management.
  • Development process 2: The team emphasizes code review, testing, and quality assurance practices, driving continuous improvement and high-quality deliverables.
  • Development process 3: The team leverages deployment strategies, CI/CD pipelines, and server management tools to automate and streamline threat modeling processes.

Company Website: Citi

πŸ“ Enhancement Note: The company culture, team structure, and development methodology are based on Citi's description and industry standards for large financial institutions, with a focus on cloud security and threat modeling.

πŸ“ˆ Career & Growth Analysis

Web Technology Career Level: Senior vice president, with a strong focus on cloud security and threat modeling, driving strategic decision-making and enterprise-wide security improvements.

Reporting Structure: The role reports directly to the chief information security officer (CISO), ensuring a clear line of accountability and a strong focus on enterprise-wide security.

Technical Impact: The role has a significant impact on Citi's cloud security posture, driving strategic decision-making and ensuring the safety of Citi's clients, revenue, employees, and proprietary data.

Growth Opportunities:

  • Growth opportunity 1: The role offers the opportunity to work on high-impact, strategic projects, driving enterprise-wide security improvements and enhancing Citi's cloud security posture.
  • Growth opportunity 2: The role provides the opportunity to develop expertise in cloud security and threat modeling, with exposure to cutting-edge technologies and best practices.
  • Growth opportunity 3: The role offers the opportunity to mentor and guide junior team members, driving the team's professional development and enhancing the team's capabilities.

πŸ“ Enhancement Note: The career and growth analysis is based on the role's complexity, Citi's description, and industry standards for senior vice president roles in information security, with a focus on cloud security and threat modeling.

🌐 Work Environment

Office Type: On-site, with a focus on collaboration, knowledge sharing, and continuous learning.

Office Location(s): Irving, Texas, United States, with additional offices in Fort Lauderdale, Florida, United States, and other global locations.

Workspace Context:

  • Workspace aspect 1: The workspace emphasizes collaboration and knowledge sharing, with dedicated spaces for team meetings, training, and skill development.
  • Workspace aspect 2: The workspace is equipped with development tools, multiple monitors, and testing devices to support high-quality threat modeling and security analysis.
  • Workspace aspect 3: The workspace encourages cross-functional collaboration, with opportunities to work with development, infrastructure, and business teams to drive security improvements and enhance user experience.

Work Schedule: The work schedule is flexible, with a focus on meeting project deadlines, deployment windows, and maintenance requirements.

πŸ“ Enhancement Note: The work environment is based on Citi's description and industry standards for large financial institutions, with a focus on cloud security and threat modeling.

πŸ“„ Application & Technical Interview Process

Interview Process:

  • Process step 1: The technical preparation recommendations focus on threat modeling methodologies, cloud security principles, and scripting languages proficiency.
  • Process step 2: The interview process includes a technical assessment, focusing on threat modeling, cloud security, and problem-solving skills.
  • Process step 3: The interview process includes a cultural fit assessment, focusing on communication skills, teamwork, and adaptability.
  • Process step 4: The final evaluation criteria focus on technical expertise, strategic thinking, and leadership potential.

Portfolio Review Tips:

  • Portfolio tip 1: Tailor your portfolio to showcase your threat modeling expertise, highlighting your ability to identify threats and specify mitigating controls.
  • Portfolio tip 2: Structure your portfolio with case studies, demonstrating your problem-solving skills and attention to detail.
  • Portfolio tip 3: Showcase your proficiency in scripting languages or IaC tools, highlighting your ability to automate threat modeling processes.
  • Portfolio tip 4: Tailor your portfolio to Citi's culture and values, emphasizing your ability to work collaboratively and drive enterprise-wide security improvements.

Technical Challenge Preparation:

  • Challenge preparation 1: Brush up on your threat modeling methodologies, cloud security principles, and scripting languages proficiency.
  • Challenge preparation 2: Practice problem-solving techniques, focusing on identifying threats, specifying mitigating controls, and implementing security best practices.
  • Challenge preparation 3: Familiarize yourself with Citi's culture, values, and interview process, focusing on communication skills, teamwork, and adaptability.

πŸ“ Enhancement Note: The interview process, portfolio review tips, and technical challenge preparation are based on Citi's description, industry standards for large financial institutions, and the role's complexity, with a focus on cloud security and threat modeling.

πŸ“Œ Application Steps

To apply for this senior vice president, cloud security threat modeler position:

  1. Concrete preparation step 1: Tailor your portfolio to showcase your threat modeling expertise, highlighting your ability to identify threats and specify mitigating controls.
  2. Concrete preparation step 2: Research Citi's culture, values, and interview process, focusing on communication skills, teamwork, and adaptability.
  3. Concrete preparation step 3: Brush up on your threat modeling methodologies, cloud security principles, and scripting languages proficiency.
  4. Concrete preparation step 4: Practice problem-solving techniques, focusing on identifying threats, specifying mitigating controls, and implementing security best practices.

⚠️ Important Notice: This enhanced job description includes AI-generated insights and web technology industry-standard assumptions. All details should be verified directly with the hiring organization before making application decisions.

Application Requirements

Candidates should have over 10 years of experience in cybersecurity, with at least 5 years focused on threat modeling in cloud environments. Expertise in various threat modeling methodologies and tools, as well as a deep understanding of security principles, is essential.