The text here is taken directly from the job listing. # Vulnerability Assessment Junior Analyst Job Req ID: 24751946 Location(s): Budapest, Hungary Job Type: Hybrid Job Category: Technology Citi's Vulnerability Assessments is responsible for providing Vulnerability Assessment services to all Citi businesses and technology teams globally. The duties of a VA analyst will include manual and automated testing through a defined testing process.The analyst will be identifying weaknesses and vulnerabilities within the Citi infrastructure and applications. Recommend countermeasures to business contacts and developers to resolve identified issues during ethical hacking. Commercial and open source vulnerability assessment tools/utilities are leveraged during these assessments. The Vulnerability Assessment Junior Analyst role is in the Budapest team, which is part of a larger global team responsible for providing vulnerability assessment to all business within Citi. ## What will you do Providing vulnerability assessment and penetration testing services to Citi businesses globally through a comprehensive testing process. Identifying weaknesses and vulnerabilities within the system and proposing countermeasures. Testing of the overall security of critical infrastructure components and applications to ensure they comply with internal policies, security architecture best practices, and industry standards. Scanning in Citi’s network, and discovering rogue hosts, networks, and devices. Reporting information security vulnerabilities to businesses and senior management. ## Your profile - 1-3 years of experience in a Technology Infrastructure role (education/professional) with demonstrated knowledge of operational process change and improvement. - Ability to communicate technical concepts to non-technical audience. - Bachelor’s/University degree or equivalent experience. - Ability to work with virtual and in-person teams, and work under pressure or to a deadline. - The ability to attain a GPEN or CEH certification within 3 years of joining Citi, if not already attained. The ideal candidate is expected to **already be familiar with the majority of the below tools**: - Vulnerability Assessment tools, e.g. Nessus, Qualys, etc. - Deep understanding of OSI model. - OS Security, e.g. Unix, Linux, Windows, Cisco, etc. - Understanding of common protocols, e.g. LDAP, SMTP, DNS, Routing Protocols. - Web application infrastructure, e.g. Application Servers, Web Servers, Databases. - Web development and programming languages i.e. Python, Perl, Ruby, Java, and/or .Net. ## Other The following requirements are a plus as we are willing to invest in training and development in the security and vulnerability space: - Conducting application vulnerabilities assessments and articulating security issues to technical and non-technical audience. - Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures. - Experience using open source and vendor vulnerability assessment tools. - Background in a similar role. - Understanding enterprise networks.