Match Your Skills
Search jobs based on your LinkedIn profile.
CSIS Global VA/CIC Response Senior AnalystApply Now Locations: Budapest, Budapest Job Function: Corporate Services, Operations & Technology Employee Status: Regular Job ID: 20211101
Citi's Cyber Investigations Team seeks a highly skilled and experienced Analyst to support critical efforts aimed at protecting Citi infrastructure, assets, clients and stakeholders. This is a demanding role with global exposure and responsibility. You will serve as a technical subject matter expert to assess Vulnerability Assessment (VA) and Cyber Intelligence Center (CIC) high level findings. You will be co-located in Citi's Cyber Security Fusion Center, and will collaborate closely with a talented cadre of security specialists from VA and CIC teams. Your work's findings will result in large scale investigations globally therefore contributes in maturing Citi's security posture.
As a CSIS Global VA/CIC Response Analyst, your primary responsibility is to serve as a partner for VA and CIC teams and conduct a thorough investigation against their high risk findings. You will perform a hands-on day to day technical work, and be responsible for documenting your investigative methodology and analytical efforts. Related activities include but are not limited to:
- Partner with VA, CIC, and other stakeholders to assess criticality of security alerts and establish requisite investigative actions
- Conduct deep dive forensic investigations (on-premises and Cloud) to uncover evidence of compromise and identify inadequate security controls.
- Document investigative methods and findings for a broad audience, including technical, executive and regulatory groups.
- Engage in training and peer exercise opportunities to keep abreast with changes in the security threat landscape, and best practices.
You should be all of the following:A skilled and creative investigator. Success will depend on your ability to:
Stay current with the evolving landscape of threat activities and cybersecurity best practices
Quickly synthesize information from disparate sources
Scrutinize evidence thoroughly to identify relationships and develop leads
Establish defensible working theories to explain observations and findings
Perform investigations in a forensically sound mannerA goal oriented individual contributor. Success will depend on your ability to:
Stay motivated and work independently with minimal oversight
Adapt to changing requirements in a fast paced environment
Multitask and meet deadlines despite competing priorities
Navigate operational impediments in order to complete time sensitive tasks
Identify and document any opportunities for process improvementA reliable team player. Success will depend on your ability to:
Practice mutual respect at all times
Establish trust and build strong partnerships
Resolve conflict in a constructive manner and use as an opportunity to develop team unity
Prioritize collective success ahead of individual ambitionA great communicator. Success will depend on your ability to:
Establish clear narratives to describe investigative findings and working theories
Clearly and concisely articulate any recommendations that arise from investigative activities
Motivate colleagues and partners to cooperate and support as needed
Exert influence both verbally and in writingA passionate leader. Success will depend on your ability to:
Lead by example
Enable team success by being approachable and available
Innovate and inspire self and others
Not be afraid to fail, but able to learn from your experiences.
- Education and Experience
- Bachelor’s degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, etc, or equivalent professional experience
- Minimum 5 years of professional experience as digital forensic investigator and/or incident responder, or demonstrated equivalent capability.
- Knowledge and Skills
- Strong understanding of how computer applications, systems, and networks are managed and secured.
- Strong understanding of common security threats and vulnerabilities, attack vectors, and adversary tactics, techniques and procedures (TTP's).
- Strong understanding of cyber forensic and eDiscovery procedures to collect, handle, examine, and analyze evidentiary artifacts while preserving integrity and maintaining a strict chain of custody.
- Strong understanding of OSI model
- Proficient in forensic analysis and collection of memory, disk, logs and other artifacts originating from a wide variety of applications, devices and operating systems.
- Proficient in a DFIR toolset (e.g. EnCase, FTK, Sleuth Kit)
- Proficient in some of the following tools: Metasploit, Nuix, Plaso, Powergrep, Relativity, Security Onion, SIFT Workstation, Splunk, Tanium, Volatility, Wireshark, Yara, ELK.
- Working knowledge of network components such as switches, routers, firewalls in both Windows/Linux environments
- Working knowledge of virtualization products (e.g. VMware Workstation)
- Must have flexibility to work outside of normal business hours when necessary
- Education and Experience
- Graduate degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, etc.
- Minimum 10 years of professional experience as a digital forensic investigator and/or incident responder.
- Previous experience in a fusion center, Security Operations Center (SOC), and/or exposure to large scale incident response
- Prior success leading forensic investigations and/or managing individual contributors
- Prior experience with information technology and/or information security in the financial services industry.
- Prior experience with adversary emulation, red teaming, blue teaming.
- Prior experience with one or moreSIEMs (e.g. ArcSight, LogRythm, AlienVault)
- Prior experience with penetration testing of cloud environments (e.g. AWS, GCP, Azure) and DevOps technologies (e.g. Docker, Kubernetes, Jenkins, Git)
- Strong understanding of Cloud Incident Response (AWS, Azure, GCP)
- Working knowledge in some of the following: Python, C++, C#, PowerShell, as well as scripting with Bash
- Knowledge and Skills
- Any professional certifications issued by GIAC, AWS, etc.
- Working knowledge of common security models (Defense-in-Depth), standards (NIST 800-53, CIS 20 Controls) and frameworks (MITRE Attack, Cyber Kill Chain, STIX)
- Working knowledge of reverse engineering, vulnerability discovery/analysis, and/or exploit development
- Proficient in any query language (e.g. SQL)
- Working knowledge of security and/or incident response in cloud environments
- Working knowledge of software development best practices, including agile methods
Job Function: Corporate Services
Job Family: Cyber Investigations
Job family description:Roles in this family are responsible for investigating VA and CIC findings that present increased risk or a threat to the firm, its customers, employees, shareholders, information, systems/networks, assets and clients.
Job Title:CSIS Global VA/CIC Response Analyst
Job Grade:C13 (Bonus eligible)
Shift Day Job
Employee Status Regular
Travel Yes, 10 % of the Time
Job Family Group:Corporate Services
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View the EEO Policy Statement.
View the Pay Transparency Posting