Skip Navigation

open main navigation menu
city landscape

WHAT PROGRESS WILL YOU MAKE?

Advanced Search

Search Jobs

Match Your Skills

Search jobs based on your LinkedIn profile.

Match Now

Career Opportunity

CSIS Global VA/CIC Response Senior Analyst

Locations: Budapest, Budapest Job Function: Corporate Services, Operations & Technology Employee Status: Regular Job ID: 20211101

Opportunity

Citi's Cyber Investigations Team seeks a highly skilled and experienced Analyst to support critical efforts aimed at protecting Citi infrastructure, assets, clients and stakeholders. This is a demanding role with global exposure and responsibility. You will serve as a technical subject matter expert to assess Vulnerability Assessment (VA) and Cyber Intelligence Center (CIC) high level findings. You will be co-located in Citi's Cyber Security Fusion Center, and will collaborate closely with a talented cadre of security specialists from VA and CIC teams. Your work's findings will result in large scale investigations globally therefore contributes in maturing Citi's security posture.

Responsibilities

As a CSIS Global VA/CIC Response Analyst, your primary responsibility is to serve as a partner for VA and CIC teams and conduct a thorough investigation against their high risk findings. You will perform a hands-on day to day technical work, and be responsible for documenting your investigative methodology and analytical efforts. Related activities include but are not limited to:

  • Partner with VA, CIC, and other stakeholders to assess criticality of security alerts and establish requisite investigative actions
  • Conduct deep dive forensic investigations (on-premises and Cloud) to uncover evidence of compromise and identify inadequate security controls.
  • Document investigative methods and findings for a broad audience, including technical, executive and regulatory groups.
  • Engage in training and peer exercise opportunities to keep abreast with changes in the security threat landscape, and best practices.

Qualifications

You should be all of the following:

A skilled and creative investigator. Success will depend on your ability to:

Stay current with the evolving landscape of threat activities and cybersecurity best practices

Quickly synthesize information from disparate sources

Scrutinize evidence thoroughly to identify relationships and develop leads

Establish defensible working theories to explain observations and findings

Perform investigations in a forensically sound manner

A goal oriented individual contributor. Success will depend on your ability to:

Stay motivated and work independently with minimal oversight

Adapt to changing requirements in a fast paced environment

Multitask and meet deadlines despite competing priorities

Navigate operational impediments in order to complete time sensitive tasks

Identify and document any opportunities for process improvement

A reliable team player. Success will depend on your ability to:

Practice mutual respect at all times

Establish trust and build strong partnerships

Resolve conflict in a constructive manner and use as an opportunity to develop team unity

Prioritize collective success ahead of individual ambition

A great communicator. Success will depend on your ability to:

Establish clear narratives to describe investigative findings and working theories

Clearly and concisely articulate any recommendations that arise from investigative activities

Motivate colleagues and partners to cooperate and support as needed

Exert influence both verbally and in writing

A passionate leader. Success will depend on your ability to:

Lead by example

Enable team success by being approachable and available

Innovate and inspire self and others

Not be afraid to fail, but able to learn from your experiences.

Minimum Requirements

  • Education and Experience
    • Bachelor’s degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, etc, or equivalent professional experience
    • Minimum 5 years of professional experience as digital forensic investigator and/or incident responder, or demonstrated equivalent capability.
  • Knowledge and Skills
    • Strong understanding of how computer applications, systems, and networks are managed and secured.
    • Strong understanding of common security threats and vulnerabilities, attack vectors, and adversary tactics, techniques and procedures (TTP's).
    • Strong understanding of cyber forensic and eDiscovery procedures to collect, handle, examine, and analyze evidentiary artifacts while preserving integrity and maintaining a strict chain of custody.
    • Strong understanding of OSI model
    • Proficient in forensic analysis and collection of memory, disk, logs and other artifacts originating from a wide variety of applications, devices and operating systems.
    • Proficient in a DFIR toolset (e.g. EnCase, FTK, Sleuth Kit)
    • Proficient in some of the following tools: Metasploit, Nuix, Plaso, Powergrep, Relativity, Security Onion, SIFT Workstation, Splunk, Tanium, Volatility, Wireshark, Yara, ELK.
    • Working knowledge of network components such as switches, routers, firewalls in both Windows/Linux environments
    • Working knowledge of virtualization products (e.g. VMware Workstation)
  • Other
    • Must have flexibility to work outside of normal business hours when necessary

Preferred Requirements

  • Education and Experience
    • Graduate degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, etc.
    • Minimum 10 years of professional experience as a digital forensic investigator and/or incident responder.
    • Previous experience in a fusion center, Security Operations Center (SOC), and/or exposure to large scale incident response
    • Prior success leading forensic investigations and/or managing individual contributors
    • Prior experience with information technology and/or information security in the financial services industry.
    • Prior experience with adversary emulation, red teaming, blue teaming.
    • Prior experience with one or moreSIEMs (e.g. ArcSight, LogRythm, AlienVault)
    • Prior experience with penetration testing of cloud environments (e.g. AWS, GCP, Azure) and DevOps technologies (e.g. Docker, Kubernetes, Jenkins, Git)
    • Strong understanding of Cloud Incident Response (AWS, Azure, GCP)
    • Working knowledge in some of the following: Python, C++, C#, PowerShell, as well as scripting with Bash
  • Knowledge and Skills
    • Any professional certifications issued by GIAC, AWS, etc.
    • Working knowledge of common security models (Defense-in-Depth), standards (NIST 800-53, CIS 20 Controls) and frameworks (MITRE Attack, Cyber Kill Chain, STIX)
    • Working knowledge of reverse engineering, vulnerability discovery/analysis, and/or exploit development
    • Proficient in any query language (e.g. SQL)
    • Working knowledge of security and/or incident response in cloud environments
    • Working knowledge of software development best practices, including agile methods

Primary LocationBudapest

Job Function:    Corporate Services

Job Family:    Cyber Investigations

Job family description:Roles in this family are responsible for investigating VA and CIC findings that present increased risk or a threat to the firm, its customers, employees, shareholders, information, systems/networks, assets and clients.

Job Title:CSIS Global VA/CIC Response Analyst

Job Grade:C13 (Bonus eligible)

Job Code:

Schedule Full-time

Shift Day Job

Employee Status Regular

Travel Yes, 10 % of the Time

Relocation:No

-------------------------------------------------

Job Family Group:

Corporate Services

-------------------------------------------------

Job Family:

Investigations

------------------------------------------------------

Time Type:

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting