Senior Vice President, Cloud Security Threat Modeler

Citi
Full_timeβ€’$156k-234k/year (USD)β€’Irving, United States

πŸ“ Job Overview

  • Job Title: Senior Vice President, Cloud Security Threat Modeler
  • Company: Citi
  • Location: Irving, Texas, United States
  • Job Type: On-site
  • Category: Information Security
  • Date Posted: 2025-07-31
  • Experience Level: 10+ years

πŸš€ Role Summary

  • Lead the Cloud Security Threat Modeling team to identify and mitigate threats in Citi's public cloud environment.
  • Collaborate with cross-functional teams to ensure security is integrated into the software development lifecycle (SDLC).
  • Develop and maintain threat modeling processes, tools, and documentation.
  • Provide technical guidance and mentorship to junior team members.
  • Stay up-to-date with emerging cloud security trends and best practices.

πŸ’» Primary Responsibilities

  • Threat Modeling: Identify, quantify, and prioritize threats to Citi's cloud infrastructure using established methodologies such as STRIDE, PASTA, Attack Trees, and MITRE ATT&CK.
  • Automation: Develop and maintain automation tools to streamline threat modeling processes and improve efficiency.
  • Mitigation Controls: Specify and implement mitigating controls to reduce identified risks.
  • Threat Lifecycle Management: Attend to the lifecycle of identified threats and controls, ensuring they are tracked, reviewed, and updated as needed.
  • Delivery: Deliver threat models and supporting tasks within existing timeframes, balancing quality and speed.
  • Process Improvement: Provide feedback and support to enhance the existing threat modeling process.
  • Communication: Present work to senior management, the team, and other technical teams, clearly and concisely.
  • Training: Train newer members of the team on threat modeling best practices and tools.
  • Supervision: Supervise junior members of the team, delegating tasks, and ensuring they meet quality and timeline expectations.
  • Service Delivery: Run parts of the threat model service, ensuring it meets the needs of Citi's cloud teams.
  • Collaboration: Assist in wider threat modeling activities across Citi, working with other teams to ensure consistent security standards.
  • Independent Work: Work with little supervision to complete tasks, demonstrating strong initiative and self-management skills.

πŸŽ“ Skills & Qualifications

Education:

  • Bachelor’s degree/University degree or equivalent experience
  • Master's degree is preferred

Experience:

  • 10+ years of experience in a Cybersecurity or Information Security role.
  • 5+ years of Experience specifically focused on Threat Modeling in Cloud Environments.

Required Skills:

  • Expertise in Threat Modeling Methodologies like STRIDE, PASTA, Attack Trees, and the MITRE ATT&CK framework, as well as threat modeling tools (e.g., IriusRisk, ThreatModeler, Microsoft Threat Modeling Tool).
  • Proven ability to identify and analyze vulnerabilities using CWE or OWASP frameworks.
  • Deep understanding of security principles related to authentication, authorization, logging/monitoring, encryption, infrastructure security, and network segmentation.
  • Mastery of Operating Systems (e.g., Windows, Linux) and their hardening best practices.
  • Strong familiarity with Development Concepts such as CI/CD pipelines and SDLC.
  • Extensive experience with major Cloud Platforms (e.g., AWS, Azure, GCP), including their security services and best practices.
  • Proficiency in scripting languages (e.g., Python, Bash, PowerShell) or Infrastructure as Code (IaC) tools (e.g., Terraform, CloudFormation).
  • Proven ability to design, review, and critique technical architectures for security vulnerabilities and risks.
  • Excellent written and verbal communication skills, with a demonstrated ability to collaborate effectively with diverse teams.
  • Strong analytical and problem-solving skills, with a meticulous attention to detail.

Preferred Skills:

  • Experience with Docker, Kubernetes, Serverless Technologies (e.g., AWS Lambda, Azure Functions, Google Cloud Functions), and Helm.
  • Familiarity with Cloud Development Kit (CDK) and GitOps principles.
  • Experience supporting or performing Penetration Testing activities (e.g., vulnerability scanning, network penetration testing, web application testing, mobile application testing).
  • Experience with Snowflake, MongoDB, Terraform Cloud, GitHub, or Databricks.
  • Experience working in a regulated environment (e.g., financial services).

Certifications (Highly Preferred):

  • Professional Level Cloud Certification: AWS Certified Solutions Architect, AWS Certified DevOps Engineer, Google Cloud Architect, Cloud Developer, Data Engineer, Network Engineer, Oracle Cloud Infrastructure Certified Architect Professional, Oracle Cloud Infrastructure HPC and Big Data Solutions Associate, Microsoft Certified: Azure Solutions Architect Expert.
  • Cloud Security Certification: Google Professional Cloud Security Engineer, Microsoft Certified Azure Security Engineer Associate, AWS Certified Security - Specialty.
  • Professional Cybersecurity Certification: ISACA Certified Information Security Manager (CISM), GIAC Certified Enterprise Defender (GCED), GIAC Certified Intrusion Analyst (GCIA), GIAC Open Source Intelligence (GOSI), ISC2 Certified Information Systems Security Professional (CISSP), CompTIA CASP+, CompTIA PenTest+, Microsoft Certified: Identity and Access Administrator Associate.

πŸ“Š Web Portfolio & Project Requirements

  • Portfolio Essentials:
    • A comprehensive portfolio showcasing your threat modeling expertise, including case studies, threat models, and risk assessments.
    • Examples of automation tools you've developed to streamline threat modeling processes.
    • Documentation demonstrating your understanding of cloud security principles and best practices.
  • Technical Documentation:
    • Code quality, commenting, and documentation standards for threat modeling tools and automation scripts.
    • Version control, deployment processes, and server configuration best practices.
    • Testing methodologies, performance metrics, and optimization techniques tailored to cloud security.

πŸ’΅ Compensation & Benefits

  • Salary Range: $156,160.00 - $234,240.00 per year
  • Benefits:
    • Medical, dental & vision coverage
    • 401(k)
    • Life, accident, and disability insurance
    • Wellness programs
    • Paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays

🎯 Team & Company Context

🏒 Company Culture

  • Industry: Financial Services
  • Company Size: Large (200,000+ employees)
  • Founded: 1812
  • Team Structure:
    • Large, global team with specialized roles and cross-functional collaboration.
    • Diverse teams with expertise in various aspects of cloud security and threat modeling.
  • Development Methodology:
    • Agile/Scrum methodologies for software development and threat modeling processes.
    • Collaborative approach to code review, testing, and quality assurance.
    • CI/CD pipelines for automated deployment and continuous integration.

πŸ“ˆ Career & Growth Analysis

  • Web Technology Career Level: Senior Vice President, Cloud Security Threat Modeler
  • Reporting Structure: Reports directly to the Chief Information Security Officer (CISO) or a senior manager within the CISO organization.
  • Technical Impact: Leads the Cloud Security Threat Modeling team, driving security decisions and influencing cloud infrastructure design.
  • Growth Opportunities:
    • Technical Growth: Expand expertise in cloud security, emerging technologies, and threat modeling methodologies.
    • Leadership Development: Gain experience managing teams, mentoring junior team members, and driving process improvements.
    • Architecture Decisions: Contribute to strategic architecture decisions, shaping Citi's cloud security posture.

🌐 Work Environment

  • Office Type: On-site, with remote work options available for some roles.
  • Office Location(s): Irving, Texas, United States (headquarters), with global offices in over 160 countries.
  • Workspace Context:
    • Collaborative workspaces with access to specialized tools, multiple monitors, and testing devices.
    • Cross-functional team interaction and knowledge sharing opportunities.
  • Work Schedule: Full-time, with flexible hours and remote work options available for some roles.

πŸ“„ Application & Technical Interview Process

  • Interview Process:
    • Technical assessment of threat modeling skills and cloud security expertise.
    • Behavioral and situational interviews to evaluate problem-solving skills and cultural fit.
    • Case studies and scenario-based exercises to demonstrate threat modeling capabilities.
  • Portfolio Review Tips:
    • Highlight your threat modeling expertise, automation tools, and cloud security knowledge.
    • Showcase your understanding of Citi's industry and the unique challenges it faces in cloud security.
  • Technical Challenge Preparation:
    • Brush up on threat modeling methodologies, cloud security principles, and relevant tools.
    • Practice threat modeling exercises and case studies to build confidence in your abilities.
    • Prepare for scenario-based interviews and be ready to discuss your threat modeling approach and decision-making processes.

πŸ›  Technology Stack & Web Infrastructure

  • Frontend Technologies: Not applicable (focus on backend and infrastructure)
  • Backend & Server Technologies:
    • Cloud platforms: AWS, Azure, GCP
    • Threat modeling tools: IriusRisk, ThreatModeler, Microsoft Threat Modeling Tool
    • Scripting languages: Python, Bash, PowerShell
    • Infrastructure as Code (IaC) tools: Terraform, CloudFormation
  • Development & DevOps Tools:
    • Version control: Git
    • CI/CD pipelines: Jenkins, GitHub Actions, CircleCI
    • Monitoring tools: Prometheus, Grafana, Datadog
    • Containerization: Docker, Kubernetes

πŸ‘₯ Team Culture & Values

  • Web Development Values:
    • Security-focused mindset, prioritizing threat identification and risk mitigation.
    • Collaborative approach to threat modeling, working closely with cross-functional teams.
    • Continuous learning and adaptation to emerging cloud security trends and best practices.
  • Collaboration Style:
    • Cross-functional integration between security, development, and operations teams.
    • Code review culture and peer programming practices for threat modeling processes.
    • Knowledge sharing, technical mentoring, and continuous learning opportunities.

⚑ Challenges & Growth Opportunities

  • Technical Challenges:
    • Staying up-to-date with emerging cloud security trends and best practices.
    • Identifying and mitigating complex, evolving threats in Citi's dynamic cloud environment.
    • Balancing security, performance, and cost optimization in cloud infrastructure design.
  • Learning & Development Opportunities:
    • Expanding threat modeling expertise and cloud security knowledge.
    • Gaining experience in team leadership, process improvement, and architecture decision-making.
    • Contributing to Citi's cloud security roadmap and driving innovation in threat modeling practices.

πŸ’‘ Interview Preparation

  • Technical Questions:
    • Threat modeling methodologies and tools (STRIDE, PASTA, Attack Trees, MITRE ATT&CK, IriusRisk, ThreatModeler, Microsoft Threat Modeling Tool).
    • Cloud security principles and best practices for AWS, Azure, and GCP.
    • Scripting languages (Python, Bash, PowerShell) and Infrastructure as Code (IaC) tools (Terraform, CloudFormation).
    • Technical architecture and design for secure cloud infrastructure.
  • Company & Culture Questions:
    • Citi's cloud security challenges and industry-specific threats.
    • Collaboration and communication within Citi's global, cross-functional teams.
    • Citi's commitment to security, compliance, and regulatory requirements in the financial services industry.
  • Portfolio Presentation Strategy:
    • Highlight your threat modeling expertise, automation tools, and cloud security knowledge.
    • Showcase your understanding of Citi's industry and the unique challenges it faces in cloud security.
    • Demonstrate your ability to collaborate with cross-functional teams and drive security decisions.

πŸ“Œ Application Steps

To apply for this Senior Vice President, Cloud Security Threat Modeler position:

  1. Submit your application through the application link provided.
  2. Prepare a comprehensive portfolio showcasing your threat modeling expertise, automation tools, and cloud security knowledge.
  3. Tailor your resume to highlight your relevant threat modeling, cloud security, and leadership experience.
  4. Research Citi's industry, cloud security challenges, and company culture to demonstrate your understanding and fit for the role.
  5. Prepare for technical interviews by brushing up on threat modeling methodologies, cloud security principles, and relevant tools.

Content Guidelines (IMPORTANT: Do not include this in the output)

Web Technology-Specific Focus:

  • Tailor every section specifically to information security, threat modeling, and cloud security roles.
  • Include threat modeling methodologies, cloud security principles, and relevant tools throughout the description.
  • Emphasize the importance of collaboration, communication, and cross-functional teamwork in threat modeling processes.
  • Address the unique challenges and considerations of threat modeling in financial services and regulated environments.

Quality Standards:

  • Ensure no content overlap between sections; each section must contain unique information.
  • Only include Enhancement Notes when making significant inferences about threat modeling processes, cloud security principles, or team structure.
  • Be comprehensive but concise, prioritizing actionable information over descriptive text.
  • Strategically distribute web technology and cloud security keywords throughout all sections naturally.
  • Provide realistic salary ranges based on location, experience level, and cloud security specialization.

Industry Expertise:

  • Include specific threat modeling methodologies, cloud security principles, and relevant tools prominently.
  • Address cloud security career progression paths and technical leadership opportunities in threat modeling teams.
  • Provide tactical advice for threat modeling portfolio development, live demonstrations, and project case studies.
  • Include cloud security-specific interview preparation and coding challenge guidance.
  • Emphasize the importance of collaboration, communication, and cross-functional teamwork in cloud security roles.

Professional Standards:

  • Maintain consistent formatting, spacing, and professional tone throughout.
  • Use web technology and cloud security industry terminology appropriately and accurately.
  • Include comprehensive benefits and growth opportunities relevant to cloud security professionals.
  • Provide actionable insights that give web development and server administration candidates a competitive advantage.
  • Focus on cloud security team culture, cross-functional collaboration, and user impact measurement.

Technical Focus & Portfolio Emphasis:

  • Emphasize threat modeling best practices, cloud security principles, and performance optimization.
  • Include specific portfolio requirements tailored to the cloud security discipline and role level.
  • Address browser compatibility, accessibility standards, and user experience design principles in the context of cloud security.
  • Focus on problem-solving methods, performance optimization, and scalable cloud architecture.
  • Include technical presentation skills and stakeholder communication for cloud security projects.

Avoid:

  • Generic business jargon not relevant to cloud security roles.
  • Placeholder text or incomplete sections.
  • Repetitive content across different sections.
  • Non-technical terminology unless relevant to the specific cloud security role.
  • Marketing language unrelated to cloud security, threat modeling, or user experience.

Generate comprehensive, cloud security-focused content that serves as a valuable resource for web developers, server administrators, and infrastructure professionals seeking their next opportunity in cloud security and threat modeling roles.

Application Requirements

Candidates should have over 10 years of experience in cybersecurity, with at least 5 years focused on threat modeling in cloud environments. Expertise in various threat modeling methodologies and tools, as well as a deep understanding of security principles, is required.