Senior Security Engineer - AI Products & Platforms - Citi

Discover your future at Citi. Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you'll have the opportunity to grow your career, give back to your community and make a real impact.

We are Citi's Application, Platform and Engineering team, a start‑up with the exciting mission of shaping the direction of travel for the entire bank under the Chief Technology Office. We define the tech and engineering strategy for the bank, focusing on generative AI, cloud, security, modern app stacks, and Kubernetes.

You Might Be a Good Fit If You:

• Bring deep‑dive application security engineering expertise from building production systems
• Thrive in a results‑driven environment where flexibility fuels impact
• Be a game‑changer ready to step beyond your designated role
• Love pair programming and collaborative development
• Are passionate about AI security, LLM attacks, and shaping Citi's secure AI future

Responsibilities:

• Build secure AI products from 0‑1 – engineer production‑grade, business‑facing AI platforms with security built in from day one
• Conduct ethical hacking and red team activities—penetration testing, vulnerability research, and attack simulation to make products bulletproof
• Design and build security tools and frameworks that scale across fast‑paced development cycles
• Secure novel AI attack surfaces—identify and mitigate LLM‑specific vulnerabilities, prompt injection attacks, and AI model security risks
• Lead shift‑left security—embed security practices throughout the rapid development lifecycle while maintaining velocity
• Mentor security practices—guide other engineers on secure coding, vulnerability remediation, and security‑first thinking

Qualifications:

• Proven experience building secure, large‑scale production applications and business‑facing platforms from the ground up
• Hands‑on experience in ethical hacking, penetration testing, red team exercises, and attacker thinking
• Strong security engineering with Go, Python, JavaScript, and experience building security tools in fast‑paced environments
• Deep experience with HashiCorp Vault—custom plugins, secrets engines, dynamic credentials, and enterprise‑scale secrets management
• Design and implementation expertise in OAuth, JWT, RBAC, and complex identity systems with fine‑grained access controls
• API security and threat modelling—secure REST/GraphQL APIs, conduct threat assessments, implement advanced security patterns in high‑traffic systems
• Understanding of AI/ML security—LLM vulnerabilities, model security, prompt injection attacks, and AI‑specific threat vectors
• Security automation and tooling to automate manual security processes
• Cloud‑native security—secure containerised applications in Kubernetes, service mesh security, and cloud‑native patterns at enterprise scale
• Incident response and forensics – investigate, analyse, and respond to security incidents in live production systems

Benefits:

• 27 days annual leave (plus bank holidays)
• Discretionary annual performance‑related bonus
• Private medical care & life insurance
• Employee assistance program
• Pension plan
• Paid parental leave
• Special discounts for employees, family, and friends

Work Environment:

• Hybrid working model: up to 2 days working at home per week.
• Competitive base salary (annually reviewed) and a host of additional benefits as part of Citi London.

Citi is an equal opportunity employer. Qualified candidates will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.