Senior Vice President, Cloud Security Threat Modeler

📍 Job Overview

• Job Title: Senior Vice President, Cloud Security Threat Modeler
• Company: Citi
• Location: Irving, Texas, United States
• Job Type: On-site, Full-time
• Category: Information Security
• Date Posted: July 31, 2025

🚀 Role Summary

• Key web technology aspect 1: The role involves threat modeling to identify threats and specify mitigating controls to reduce risks associated with operating in the public cloud.
• Key web technology aspect 2: Responsibilities include developing automation tools, maintaining high standards of work, and supervising junior team members.
• Key web technology aspect 3: The role requires expertise in various threat modeling methodologies and tools, as well as a deep understanding of security principles.
• Key web technology aspect 4: Candidates should have over 10 years of experience in cybersecurity, with at least 5 years focused on threat modeling in cloud environments.

📝 Enhancement Note: The role is heavily focused on cloud security and threat modeling, requiring a strong background in cybersecurity and cloud environments.

💻 Primary Responsibilities

• Web technology responsibility 1: Threat modeling using a documented process to identify threats and specify mitigating controls.
• Web technology responsibility 2: Development of automation tools as required to streamline threat modeling processes.
• Web technology responsibility 3: Maintain a high standard of work in identifying threats and specifying mitigating controls.
• Web technology responsibility 4: Attend to the lifecycle of identified threats and controls, ensuring they are up-to-date and relevant.
• Web technology responsibility 5: Delivery of threat models and supporting tasks within existing timeframes, prioritizing projects based on risk and impact.
• Web technology responsibility 6: Provide feedback, support, and improvements to the existing threat modeling process, driving continuous improvement.
• Web technology responsibility 7: Present work to seniors, the team, and other technical teams, effectively communicating complex security concepts.
• Web technology responsibility 8: Train newer members of the team, sharing knowledge and best practices in threat modeling and cloud security.
• Web technology responsibility 9: Supervise junior members of the team, ensuring they meet quality standards and deliver work on time.
• Web technology responsibility 10: Run parts of the threat model service, managing resources and ensuring service level agreements are met.
• Web technology responsibility 11: Assist in the wider threat modeling activities across Citi, collaborating with other teams to identify and mitigate risks.

📝 Enhancement Note: The role requires strong problem-solving skills, attention to detail, and the ability to work independently or in a team environment.

🎓 Skills & Qualifications

Education: Bachelor’s degree or equivalent experience in a relevant field. A master’s degree is preferred.

Experience: Over 10 years of experience in a cybersecurity or information security role, with at least 5 years focused on threat modeling in cloud environments.

Required Skills:

• Expertise in threat modeling methodologies such as STRIDE, PASTA, Attack Trees, and the MITRE ATT&CK framework.
• Proven ability to identify and analyze vulnerabilities using CWE or OWASP frameworks.
• Deep understanding of security principles related to authentication, authorization, logging/monitoring, encryption, infrastructure security, and network segmentation.
• Mastery of operating systems (e.g., Windows, Linux) and their hardening best practices.
• Strong familiarity with development concepts such as CI/CD pipelines and SDLC.
• Extensive experience with major cloud platforms (e.g., AWS, Azure, GCP), including their security services and best practices.
• Proficiency in scripting languages (e.g., Python, Bash, PowerShell) or Infrastructure as Code (IaC) tools (e.g., Terraform, CloudFormation).
• Proven ability to design, review, and critique technical architectures for security vulnerabilities and risks.
• Excellent written and verbal communication skills, with a demonstrated ability to collaborate effectively with diverse teams.
• Strong analytical and problem-solving skills, with a meticulous attention to detail.

Preferred Skills:

• Experience with Docker, Kubernetes, serverless technologies (e.g., AWS Lambda, Azure Functions, Google Cloud Functions), and Helm.
• Familiarity with Cloud Development Kit (CDK) and GitOps principles.
• Experience supporting or performing penetration testing activities (e.g., vulnerability scanning, network penetration testing, web application testing, mobile application testing).
• Experience with Snowflake, MongoDB, Terraform Cloud, GitHub, or Databricks.
• Experience working in a regulated environment (e.g., financial services).

💵 Compensation & Benefits

Salary Range: $156,160 - $234,240 per year

Benefits:

• Medical, dental, and vision coverage
• 401(k) plan
• Life, accident, and disability insurance
• Wellness programs
• Paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays

Working Hours: 40 hours per week, with flexibility for deployment windows, maintenance, and project deadlines.

🎯 Team & Company Context

Company Culture:

• Industry: Financial services, with a focus on cloud security and threat modeling.
• Company Size: Large, with a global presence and diverse teams.
• Founded: 1812, with a rich history and established brand in the financial services industry.

Team Structure:

• The team is part of the Chief Information Security Office (CISO), which manages information security as a unified program.
• The team works closely with sectors and functions, integrating security into enterprise architecture and development processes.
• The team is deeply talented, with expertise in cloud security and threat modeling.

Development Methodology:

• The team uses modern control and architectural frameworks, aligning with enterprise architecture and development processes.
• The team follows Agile methodologies, with sprint planning for web projects.
• The team emphasizes code review, testing, and quality assurance practices, ensuring high-quality deliverables.

Company Website: Citi

📈 Career & Growth Analysis

Web Technology Career Level: Senior Vice President, Cloud Security Threat Modeler - A high-level role focused on cloud security and threat modeling, requiring extensive experience and expertise in cybersecurity and cloud environments.

Reporting Structure: The role reports directly to the Chief Information Security Officer (CISO) and works closely with other senior leaders within the organization.

Technical Impact: The role has a significant impact on Citi's cloud security posture, influencing architectural decisions and ensuring the safety of the company's clients, revenue, employees, and proprietary data.

Growth Opportunities:

• Growth opportunity 1: The role offers opportunities to grow within the CISO team, potentially moving into a leadership position or expanding technical responsibilities.
• Growth opportunity 2: The role provides opportunities to develop expertise in emerging cloud security technologies and trends, driving innovation within the team and across Citi.
• Growth opportunity 3: The role offers opportunities to collaborate with other teams and sectors, driving cross-functional projects and expanding technical influence.

📝 Enhancement Note: The role offers significant growth potential, with opportunities to drive innovation, influence architectural decisions, and develop expertise in cloud security and threat modeling.

🌐 Work Environment

Office Type: On-site, with a focus on collaboration and knowledge sharing within the team and across Citi.

Office Location(s): Irving, Texas, United States, with potential opportunities for remote work or flexible arrangements.

Workspace Context:

• The workspace is designed to facilitate collaboration, with multiple monitors and testing devices available for web development and security analysis.
• The workspace is equipped with development tools, automation tools, and threat modeling software to support the team's work.
• The workspace encourages knowledge sharing, technical mentoring, and continuous learning.

Work Schedule: The work schedule is flexible, with the ability to work remotely or on-site as needed. The role requires availability for deployment windows, maintenance, and project deadlines.

📝 Enhancement Note: The work environment is designed to support collaboration, knowledge sharing, and continuous learning, with a focus on driving innovation and improving cloud security posture.

📄 Application & Technical Interview Process

Interview Process:

• Process step 1: Technical preparation recommendations and coding/configuration assessment focus, with an emphasis on threat modeling and cloud security concepts.
• Process step 2: Web architecture expectations and system design discussion, focusing on cloud security principles and best practices.
• Process step 3: Web development team interaction and cultural fit assessment, evaluating communication skills and team dynamics.
• Process step 4: Final evaluation criteria and technical impact discussion, focusing on the candidate's ability to drive innovation and improve cloud security posture.

Portfolio Review Tips:

• Portfolio tip 1: Specific tactical advice for threat modeling portfolio curation, focusing on live demo presentation and responsive design standards.
• Portfolio tip 2: Project case study structure with user experience and technical implementation focus, highlighting cloud security principles and best practices.
• Portfolio tip 3: Code quality demonstration and responsive design standards for threat modeling projects, emphasizing security principles and architecture decision-making.
• Portfolio tip 4: Company-specific web technology considerations and performance optimization examples, tailored to Citi's cloud security requirements.

Technical Challenge Preparation:

• Challenge preparation 1: Typical threat modeling exercise format and expectations, focusing on cloud security principles and best practices.
• Challenge preparation 2: Time management and solution architecture for threat modeling challenges, emphasizing efficiency and scalability.
• Challenge preparation 3: Communication and technical explanation articulation for threat modeling concepts, focusing on clear and concise communication.

ATS Keywords: [Comprehensive list of web development and server administration-relevant keywords for resume optimization, organized by category: programming languages, web frameworks, server technologies, databases, tools, methodologies, soft skills, industry terms]

📝 Enhancement Note: The interview process is designed to evaluate the candidate's technical expertise in cloud security and threat modeling, as well as their ability to communicate effectively and drive innovation within the team.

📌 Application Steps

To apply for this web development/server administration position:

• Submit your application through the application link.
• Customize your portfolio with live demos and responsive examples, focusing on threat modeling and cloud security projects.
• Optimize your resume for web technology roles, highlighting project highlights and technical skills.
• Prepare for technical interviews with coding challenges and portfolio presentation, focusing on cloud security principles and best practices.
• Research Citi's web technology focus and user experience understanding, tailoring your application to the company's specific needs.

⚠️ Important Notice: This enhanced job description includes AI-generated insights and web development/server administration industry-standard assumptions. All details should be verified directly with the hiring organization before making application decisions.