Senor Golang Ethical Hacker SVP

Position: Senor Golang Ethical Hacker - (SVP)
Location: Greater London

## For additional information, please review .
** Discover your future at Citi
** Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.
** Job Overview
** We are Citi’s Application, Platform and Engineering team, a start-up with the exciting mission of shaping the direction of travel for the entire bank under the Chief Technology Office, by defining the tech and engineering strategy for the bank. We are a team of talented engineers, product managers and tech SMEs, taking ambiguous concepts and making them real by engineering cutting edge products at planetary scale!

We are solely focused on the most modern technology and engineering disciplines such as generative AI, cloud, security, modern app stacks (with Golang, Gatekeeper), open source and the latest and greatest in the Kubernetes ecosystem.
Generative AI is a growing space, as a result, we ask that you share with us any specific AI engineering projects utilising LLMs that you’re proud of in your application. Ideally these projects should show off complex and clever architectures or a systematic evaluation of an LLM’s behaviour.

** You might be a good fit if you
**** What you’ll do within the Tech Strategy team:**
* ** Build secure AI products from 0-1
- ** Engineer production-grade, business-facing AI platforms with security built-in from day one
* ** Ethical hacking and red team activities** - Conduct penetration testing, vulnerability research, and attack simulation to make our products bulletproof
* ** Design and build security tools and frameworks** - Create automated security solutions that scale across fast-paced development cycles
* ** Secure novel AI attack surfaces** - Identify and mitigate LLM-specific vulnerabilities, prompt injection attacks, and AI model security risks through hands-on testing
* ** Lead "shift left" security** - Embed security practices throughout our rapid development lifecycle while maintaining velocity
* ** Mentor security practices** - Guide other engineers on secure coding, vulnerability remediation, and security-first thinking
** Experience That Will Help You Succeed In This Role**
* ** Proficient in Golang**
* ** Production system builder with security focus** - proven track record of architecting and building secure, large-scale production applications and business-facing platforms from the ground up
* ** Ethical hacking and penetration testing expertise** - hands-on experience finding and exploiting vulnerabilities, conducting red team exercises, and thinking like an attacker to strengthen defenses
* ** State-of-the-art security engineering
** with Go, Python, JavaScript - you build both security tools and secure production systems in fast-paced environments
* ** Hashi Corp Vault mastery** - deep experience writing custom plugins, creating secrets engines, implementing dynamic credentials, and extending Vault functionality for enterprise-scale secrets management
* ** Enterprise authentication & authorization** - designing and implementing OAuth, JWT, RBAC, and complex identity systems with fine-grained access controls in business-critical applications
* ** API security and threat modelling** - securing REST/Graph

QL APIs, conducting threat assessments, and implementing advanced security patterns in high-traffic production systems
* ** AI/ML security and vulnerability research** - understanding of LLM vulnerabilities, model security, prompt injection attacks, and AI-specific threat vectors through hands-on testing
* ** Security automation and tooling** – automating manual security processes
* ** Cloud-native security** - securing containerized applications in Kubernetes, service mesh security, and cloud-native security patterns at enterprise scale
* ** Incident response and forensics** - experience investigating, analyzing, and responding to security incidents in live production systems
** What We Believe In
*** We do not have boundaries between security engineering and product development, and we expect all our technical staff…