Security Operations Center (SOC) Cloud Incident Responder (Remote) C13 - VP

About Citi:

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.

Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.

SOC Cloud Incident Responder (VP)

Citi's Security Operations Center (SOC) Cloud Incident Response Team seeks a highly skilled and experienced cloud incident response practitioner to support critical efforts aimed at protecting Citi public cloud infrastructure, assets, clients and stakeholders. This is a demanding role with global exposure and responsibility. You will serve both as a technical subject matter expert and as an ambassador for the cloud incident response team. You will be assigned to Citi's SOC and will collaborate closely with a talented cadre of cloud security specialists and cloud incident responders to react urgently to security events. Your observations and recommendations will impact security decisions across the organization, and play an important part in maturing Citi's security posture. As an individual contributor, you will be a hands-on first responder who triages and investigates cybersecurity incidents in Citi's public cloud environments. This position will be technically challenging and rewarding, but will also provide ample opportunity to establish partnerships, mentor colleagues and shape team culture. One guarantee is that no two days will be the same. 

Responsibilities:

• Lead and/or support in-depth triage and investigations of urgent cyber incidents in cloud.
• Execution of cloud-native automation to run containment actions on cloud resources based on sources of compromise and/or malicious activities taking place.
• Execution of automation to gather forensic artifacts such as memory, disk, etc. for in-depth analysis and investigations.
• Host-based analytical functions (e.g. digital forensics, metadata, etc.) through investigating cloud-native workloads to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs).
• Detailed cloud focused investigations by analyzing relevant logs such as Cloud Trail, VPC Flow, Cloud Watch, etc. based on alerts generated by detective controls and cloud-native services such as Guard Duty.
• Develop, document and maintain operationally effective playbooks to deal with cloud based incidents.
• Work with application and infrastructure stakeholders to identify key components and information sources such as cloud environments, instances, middleware, applications, databases, logs, etc.
• Collaborate with global multidisciplinary groups for triaging and defining the scope of large scale incidents.
• Document and present investigative findings for high profile events and other incidents of interest.
• Participate in readiness exercises such as purple team, table tops, etc.
• Train junior colleagues on relevant best practices.
• Develop corrective action language for Information Security (IS) gaps and ensure risk closure meets Citi requirements or industry best practices.
• Facilitate the implementation of approved IS tools and identify/recommend new or improved security solutions or emerging technologies.
• Mitigate risk by analyzing the root cause of issues, impacts to business, and required corrective actions and develop security solutions.
• Ensure IS compliance and seek opportunities to enhance the efficiency of IS policies and procedures.
• Identify significant IS threats and vulnerabilities, and define appropriate controls for discovered threats, documenting the business response.
• Disseminate changes to IS regulations and standards to Business and Program owners.
• Provide Information Security advice and counsel as needed.
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.

Qualifications:

• 5+ years of professional experience in cloud security and/or information security, or demonstrated equivalent capability.
• 2+ years hands-on working in cyber incident response and investigations in medium to large organizations with cloud and forensics components.
• Additional technical certifications are preferred.
• Demonstrated ability to research and apply current information regarding the IS field.
• Consistently demonstrates clear and concise written and verbal communication.
• Proven influencing and relationship management skills.
• Proven analytical skills.
• Experience in Cloud Forensics/IR
• Hands-on Dev/Sec/Ops experience with cloud environments and underlying storage, compute and monitoring services.
• Hands-on experience with analyzing and pivoting through large data sets.
• Prior experience with common security-focused cloud services on Amazon Web Services and Google Cloud Platform.
• Hands-on experience with cyber security, forensic investigations or large scale incident response in cloud environments.
• Experience with container orchestration services such as AWS EKS and/or GCP GKE along with methods and tools (e.g. Docker, Kubernetes). 
• GCP Professional Architect and/or Professional Cloud Security Engineer.
• Certified Kubernetes Administrator and /or Security Specialist.
• AWS Solutions Architect - Professional and/or AWS Security Specialty
• Windows Operating Systems / UNIX specifically in command line use and basic file system knowledge.
• Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.).

Education:

• Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc. or equivalent experience.
• Master’s degree preferred

-------------------------------------------------

Job Family Group:

Technology

-------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Primary Location:

Irving Texas United States

------------------------------------------------------

Primary Location Salary Range:

$116,880.00 - $175,320.00

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting