Artificial Intelligence Security Specialist EMEA in London

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. Our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience.

Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.

The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients', our revenue, our employees and our proprietary data. We manage information security as one end-to-end program – one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the businesses and functions.

AI models can now autonomously discover and exploit zero-day vulnerabilities in production software — and we're building the defensive capability to match. We're hiring across four CISO teams working at the intersection of AI and cyber security.

What Makes This Different:

• AI-driven vulnerability management. When frontier models can generate thousands of findings in a weekend, the bottleneck shifts from discovery to triage, verification, and remediation. We're building the pipeline that makes this sustainable.
• Security architecture for the AI era. Defining how a global bank deploys, monitors, and governs agentic AI — from standards and evaluation frameworks to production runtime monitoring.
• AI at scale, not in a lab. Citi has deployed AI tools to 180,000+ employees, equipped 30,000 developers with AI coding assistants, and is rolling out agentic AI capabilities firm wide. Securing that footprint and the platforms that underpin them is the job.
• Securing AI agents that can behave like insider threats. Frontier models can harvest credentials, escape sandboxes, and adapt when they detect monitoring. We're designing the containment architectures and runtime controls to operate them safely at enterprise scale.
• Real security engineering. This isn't a cyber seat where you'll spend your time in administration. You will be expected to understand the code, the architecture, the threats, and find solutions. You'll have the mandate and the backing to build something meaningful.

What You'll Work On:

Depending on your background and interests, you could join one of four teams:

• Offensive Security & Vulnerability Management — AI-assisted pen testing at a scale previously impossible. Automated exploit validation. Bridge the gap from "AI found a vulnerability" to "the application team has a PR to fix it."
• AI & Emerging Technology Security — Define how the bank deploys AI safely. Security architecture and assurance for new implementations, plus building the next generation of AI-powered tools for our CISO colleagues. Test new models at the cutting edge of creation and influence.
• Cyber Security AI Services — Own the AI products CISO depends on in production — security assurance, cyber security operations, governance and controls, vulnerability assessment. Keep them reliable, evolve them fast.
• Cyber Security Operations — Detection, triage, and response for a world where adversaries use AI to find and exploit vulnerabilities faster than traditional detection can keep up. Behavioral analytics for AI agents. Playbooks for AI-originated attack scenarios.

What We're Looking For:

The right person might come from AI/ML engineering, offensive security, detection engineering, software engineering, or security research. Depth in at least one; genuine curiosity about the intersection.

• AI/ML Engineering — Hands-on LLM API experience (context management, tool use, evaluation, failure modes). Agentic systems design. AI safety at the infrastructure level, not just the prompt level.
• Cyber Security — Vulnerability research, exploit development, or pen testing with real depth. Detection engineering for novel attack patterns. Threat modelling (STRIDE, ATT&CK). Security architecture.
• Software Engineering — You've built and operated production systems, not just prototypes. Strong Python and/or systems programming. Bonus if you're comfortable reading disassembly or tracing through kernel code.
• Research & Communication — Can digest dense technical research and turn it into actionable security recommendations. Published research, conference talks, or open-source contributions.
• Mindset - You love to engineer solutions to problems vs purchasing tools, and you see problems as opportunities.
• At any level: genuinely curious, comfortable with ambiguity, biased toward building, able to work across disciplines.

Levels:

• Assistant Vice President (C12 Mid - Senior Level): 5-7+ years. Own workstreams end-to-end with real autonomy. You'll go deep on problems that most organizations don't even know they have yet.
• Vice President (C13 Senior - Lead/Staff Level): 8-10+ years. Define technical approach, make architectural decisions, mentor others. The scope here is wider than most senior IC roles — you're not optimizing an existing system; you're designing ones that don't exist yet.
• Senior Vice President (C14 Lead/Staff - Principal Level): 10+ years. Set technical direction for a function and influence the firm's approach to AI security. If you've hit a ceiling elsewhere because the problem space isn't big enough, it's big enough here.

Why Citi, Why Now:

• Real and urgent. Not an innovation lab. The threats are active, the work ships into production, and it protects one of the world's largest financial institutions.
• Technical teams. These are engineering-led functions. Small teams, high autonomy, minimal governance overhead. We build tools, ship code, and measure ourselves by what we deliver — not slide decks.
• Strong mandate. Executive sponsorship to move fast. You'll have the backing and resources to act on what you find.
• Unique scope. Very few organizations operate at this intersection at this scale. The solutions you build will influence how the industry responds.

Education:

Bachelor’s degree/University degree or equivalent experience. Master’s degree preferred.