Skip Navigation

open main navigation menu
city landscape


Advanced Search

Search Jobs

Match Your Skills

Search jobs based on your LinkedIn profile.

Match Now

Career Opportunity

Incident Response / Triage Team Lead

Locations: Irving, Texas Job Function: Incident Management Employee Status: Regular Job ID: 20196629


A role in our cyber investigations function means you will have the opportunity to work with a group of individuals whose collective mission is to investigate information security risks or wrongdoing against our firm. We are a globally dispersed group of hybrid cyber investigators / computer forensic specialists that provide independent root cause and contributing factors reporting to various lines of business. Our teams are regionally managed and globally governed. We conduct professional and independent cyber investigations in order to ensure the confidentiality, integrity, and availability of Citi controlled or owned information. You’ll make connections with fellow colleagues that share your diverse background and experiences.  On our team, we relish unique individuals, collaborative teams and inclusive leaders, because they are the engines of new ideas. With operations around the world and staff from a variety of disciplines, you will benefit from working alongside and learning from the best and the brightest in the Cyber Security industry.

As a Cyber Manager, you will provide strategic leadership. This position will tap into your expertise while continuing to hone your skills in establishing strong partnerships, mentoring, motivating and managing high performing teams. One guarantee is that no two days will be the same. 


Related activities include but are not limited to:

  • Conduct or support teams for in-depth high profile/ impact cyber investigations
  • Collaborate with global multidisciplinary groups for triaging and defining the scope of high profile/ impact cyber investigations.
  • Work with SME of involved apps and infrastructure to identify key components and information sources such as environments (on-premisesversus cloud), servers, workstations, middleware, applications, databases, logs, etc.
  • Support the evidence collection and analysis.
  • Work with multidisciplinary groups for defining remediation activities.
  • Document high profile Cyber investigations.
  • Train less experienced cyber investigators.

Education and Experience Required

  • Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, etc.
  • 8+ years of professional experience in cybersecurity and/or information security, or demonstrated equivalent capability.
  • 5+ years managing a team professional staff, cyber program or resources.
  • 5+ years working in Cyber incidents analysis in medium to large organizations.
  • Demonstrated experience in digital forensics (e.g. computer, network, mobile device forensics, and forensic data analysis, etc).
    • Activities include but not limited to:
      • e-Discovery process and procedures.
      • Memory collection and analysis from various platforms.
      • Evidence preservation.
      • Malware analysis.
      • File system knowledge and analysis.
      • Timeline analysis.
      • Registry, event, and other log file and artifact analysis.
  • Prior experience with a DFIR toolset (e.g. EnCase, FTK, Sleuth Kit) and related scripting (e.g. EnScripts, EnConditions)
  • Previous experience using SIEM tools such as Splunk.
  • Prior experience with some of the following tools: Splunk, Volatility, YARA, FastAPI, CrowdStrike Falcon, SIFT Workstation, Security Onion, Wireshark, Plaso, Nuix, IBM I2, Metasploit, ServiceNow.
  • Previous experience with an EDR system (e.g. Tanium, Crowdstrike Falcon)
  • Previous Dev/Sec/Ops experience with cloud environments (e.g. AWS, GCP, Azure) and underlying storage, compute and monitoring services (e.g. AWS S3, EC2, CloudTrail, CloudWatch)
  • Excellent communication and presentation skills, analytical ability, strong judgment and leadership skills, and the ability to work effectively with clients and IT management and staffs.
  • Ability to communicate technical issues to technical and non-technical business representatives.
  • Ability to understand strategic objectives and vision, and work towards those goals.
  • Dedicated and self-driven desire to research current information security landscape.
  • Exhibit strong influencing / negotiation skills as well as written/verbal communication skills.
  • Ability to work without constant supervision.
  • Ability to share knowledge with teammates.
  • Must have flexibility to work outside of normal business hours when necessary.
  • Exceptional candidates who do not meet these criteria may be considered for the role provided they have the commensurate skills and experience from non-traditional backgrounds.

Education and Experience Preferred

  • Thorough understanding of compiled and interpreted programming languages (C,Powershell, Java, JavaScript, Ruby, Python, etc.).
  • Some knowledge of SDLC best practices,secure code practices, and agile methods. 
  • Previous middleware experience including infrastructure related to web servers, authentication systems or messaging tools.
  • Previous experience with both relational and non-relational databases.
  • Previous experience with forensic investigations or large scale incident response in cloud environments (e.g. AWS, GCP, Azure) 
  • Previous experience with containerization methods and tools (e.g. Docker, Kubernetes)
  • Previous experience with security in cloud infrastructure, including API security best practices
  • Working knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols.
  • Proficient in LINUX, AIX, Solaris, OS X, and Windows operating systems.
  • Previous experience with Reverse Engineering malicious code, disassembler tools and Web/Network Penetration Testing.
  • Any Information Security and/or Cyber Security professional certifications issued by GIAC, AWS, etc.


Grade :All Job Level - All Job FunctionsAll Job Level - All Job Functions - US


Time Type :


Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity CLICK HERE.

To view the "EEO is the Law" poster CLICK HERE. To view the EEO is the Law Supplement CLICK HERE.
To view the EEO Policy Statement CLICK HERE.
To view the Pay Transparency Posting CLICK HERE.