Senior SIRT Cyber Investigator
• Conduct proactive, complex, variable and high profile/sensitive cyber investigations with the goal of developing cases to a successful conclusion and providing cyber security intelligence to business and functional partners
• Actively engage partners and management to ensure they are kept apprised of any significant changes during the progress of a cyber investigation
• Build external relationships with members of law enforcement, industry peers and other sources of support
• Engage with internal and external suspects, witnesses and third parties through interview and interrogation, evidence collection and forensic examination
• Represent Citi in criminal and civil court matters and have the ability to show knowledge and provide accurate and supportive testimony
• Mentor and train junior staff members
• Brief others on an ongoing investigations/investigative projects
Ensure that all cyber investigative referrals are properly investigated and managed in a professional and consistent manner relative to the regional investigative standards, protocol and aging standards.
• Provide regular feedback, guidance and consultation to cyber investigative staff, offering direction and expertise to further an investigation.
• Conduct detailed reviews of cyber investigations reports and case management system to assess data/content quality, supporting evidence and the appropriateness of case outcomes.
• Brief management on ongoing major investigations in a professional manner
- Participate in forensic investigations of critical cloud security events
- Provide subject matter expertise to investigative colleagues and cyber fusion center partners as they seek to disrupt, contain, eradicate, and remediate cyber threats in cloud environments
- Participate in purple teams, table tops, AWS Jams, regulatory exercises, etc
Education and Experience Required:
- Bachelor's degree (US only)
• Ability to conduct cyber investigative interviews and recording techniques that tie the facts and evidence together
• Experience investigating complex and variable cyber and information security case(s) that have substantial impact
• Understanding of cyber forensic and eDiscovery processes and procedures to include the collection, examination, and analysis of data while preserving integrity and maintaining a strict chain of custody
• Conveys mastery of cyber investigative concepts
• Demonstrated report writing that would present the case and evidences gathered in a cohesive and comprehensive manner
• Exceptional candidates who do not meet these criteria may be considered for the role provided they have the necessary skills and experience.
• Demonstrated a clear understanding of cyber investigation techniques and shares those insights appropriately with others
Education and Experience Preferred:
- Graduate degree (US only)
• 5+ years relevant experience in a private/public sector investigative environment
• Previous US Intelligence, military, law enforcement, law firm or government service background
• Experience working in an in-house cyber investigations team
• Experience with e-discovery tools, forensic accounting and data analytics
- Professional certifications. One or more of the DOD 8075 required certifications, including GREM, GSEC, GCIH, GCIA, GCED, GCPM, etc.
• Proficiency in Microsoft Office products - Word, Excel, Outlook, PowerPoint, & SharePoint for compiling written reports and spreadsheets on an investigation
- 2nd Language skills
Knowledge and Skills Required:
- Excellent communication needed for marketing case work and obtaining cooperation of other parties
• Good report writing skills to accurately articulate the circumstances and events of the investigation
• Good analytical skills needed to assess evidence, identify relationships and develop leads in an investigation
• An ability to multi-task, demonstrated attention to detail with ability to manage caseload and produce accurate, concise analytical reports
• Solid judgment and decision making skills
• Ability to brief management and others on an investigative case or findings
- Prior dev/sec/ops experience in cloud environments
- Prior experience with AWS security services (e.g. CloudWatch, CloudTrail, GuardDuty, AWS Config, KMS, IAM, Athena, Detective)
- Prior experience with AWS common services (e.g. EC2, S3, Federation, Organizations, Lambda, DynamoDB, Route53, VPC)
- Prior experience as a forensic investigator and/or incident responder for security events in AWS
- Prior experience with one or more SIEMs (e.g. ArcSight, LogRythm, AlienVault)
- Foundational or Associate AWS Certification (e.g. Cloud Practitioner, Developer, SysOps Administrator), or demonstrated equivalent capability
Knowledge and Skills Preferred:
• Expresses ideas or facts in a clear, concise and open manner
• Communication indicates a consideration for the feelings and needs of others
• Actively listens and proactively shares knowledge
• Handles conflict effectively, by overcoming differences of opinion and finding common ground
• Evaluates data and courses of action to reach logical, pragmatic decisions
• Takes an unbiased, rational approach with calculated risks
• Applies innovation and creativity to problem-solving
• Open to change and flexible in a fast paced environment
• Performance is consistent, even under pressure
• Always pursues continuous improvements
• Effectively adapts own approach to suit changing circumstances or requirements.
• Demonstrates understanding of the impact of own role on all partners and always puts the end beneficiary first
• Develops and implements sustainable strategies on how to perform their role, with an eye on improvement based on changes needed or refinement of approach
• 2nd language skills
- Familiar with Atlassian tools (Jira, Confluence, BitBucket)
- Working knowledge of identity management (e.g. KMS, HSM, LDAP, JWT, SAML, Federation)
• Flexibility to work on call off hours/weekends during critical project phases if necessary
Job Family Group:Corporate Services
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View the EEO Policy Statement.
View the Pay Transparency Posting
Join our team
strong diverse employees
Socially minded employees volunteering in communities across 90 countries
Meaningful career opportunities thanks to a physical presence in over 98 markets
We foster a culture that embraces all individuals and encourages diverse perspectives, where you can make an impact and grow your career. At Citi, we value colleagues that demonstrate high professional standards, a strong sense of integrity and generosity, intellectual curiosity, and rigor. We recognize the importance of owning your career, with the commitment that if you do, we promise to meet you more than half way.
You have no saved jobs
Previously Viewed Jobs
You have no viewed jobs