Skip to main content



The health and safety of our colleagues and candidates for employment are our highest priority. Accordingly, Citi continues to monitor the COVID-19 situation closely. We have implemented precautionary measures across our firm globally, including conducting all candidate interviews virtually on a temporary basis until further notice where needed.

Senior SIRT Cyber Investigator

Job Req ID 21270765 Primary Location Irving, Texas Job Category Corporate Services
Apply Now


• Conduct proactive, complex, variable and high profile/sensitive cyber investigations with the goal of developing cases to a successful conclusion and providing cyber security intelligence to business and functional partners

• Actively engage partners and management to ensure they are kept apprised of any significant changes during the progress of a cyber investigation

• Build external relationships with members of law enforcement, industry peers and other sources of support

• Engage with internal and external suspects, witnesses and third parties through interview and interrogation, evidence collection and forensic examination 

• Represent Citi in criminal and civil court matters and have the ability to show knowledge and provide accurate and supportive testimony 

• Mentor and train junior staff members

• Brief others on an ongoing investigations/investigative projects

Ensure that all cyber investigative referrals are properly investigated and managed in a professional and consistent manner relative to the regional investigative standards, protocol and aging standards. 

• Provide regular feedback, guidance and consultation to cyber investigative staff, offering direction and expertise to further an investigation. 

• Conduct detailed reviews of cyber investigations reports and case management system to assess data/content quality, supporting evidence and the appropriateness of case outcomes. 

• Brief management on ongoing major investigations in a professional manner

  • Participate in forensic investigations of critical cloud security events
  • Provide subject matter expertise to investigative colleagues and cyber fusion center partners as they seek to disrupt, contain, eradicate, and remediate cyber threats in cloud environments
  • Participate in purple teams, table tops, AWS Jams, regulatory exercises, etc

Education and Experience Required:

  • Bachelor's degree (US only)

• Ability to conduct cyber investigative interviews and recording techniques that tie the facts and evidence together

• Experience investigating complex and variable cyber and information security case(s) that have substantial impact

•  Understanding of cyber forensic and eDiscovery processes and procedures to include the collection, examination, and analysis of data while preserving integrity and maintaining a strict chain of custody

• Conveys mastery of cyber investigative concepts

• Demonstrated report writing that would present the case and evidences gathered in a cohesive and comprehensive manner

• Exceptional candidates who do not meet these criteria may be considered for the role provided they have the necessary skills and experience.

• Demonstrated a clear understanding of cyber investigation techniques and shares those insights appropriately with others

Education and Experience Preferred:

  • Graduate degree (US only)

•  5+ years relevant experience in a private/public sector investigative environment

• Previous US Intelligence, military, law enforcement, law firm or government service background

• Experience working in an in-house cyber investigations team

• Experience with e-discovery tools, forensic accounting and data analytics

  • Professional certifications. One or more of the DOD 8075 required certifications, including GREM, GSEC, GCIH, GCIA, GCED, GCPM, etc.

• Proficiency in Microsoft Office products - Word, Excel, Outlook, PowerPoint, & SharePoint for compiling written reports and spreadsheets on an investigation

  • 2nd Language skills

Knowledge and Skills Required:

  • Excellent communication needed for marketing case work and obtaining cooperation of other parties 

•  Good report writing skills to accurately articulate the circumstances and events of the investigation 

•  Good analytical skills needed to assess evidence, identify relationships and develop leads in an investigation 

•  An ability to multi-task, demonstrated attention to detail with ability to manage caseload and produce accurate, concise analytical reports 

•  Solid judgment and decision making skills

• Ability to brief management and others on an investigative case or findings

  • Prior dev/sec/ops experience in cloud environments
  • Prior experience with AWS security services (e.g. CloudWatch, CloudTrail, GuardDuty, AWS Config, KMS, IAM, Athena, Detective)
  • Prior experience with AWS common services (e.g. EC2, S3, Federation, Organizations, Lambda, DynamoDB, Route53, VPC)
  • Prior experience as a forensic investigator and/or incident responder for security events in AWS
  • Prior experience with one or more SIEMs (e.g. ArcSight, LogRythm, AlienVault)
  • Foundational or Associate AWS Certification (e.g. Cloud Practitioner, Developer, SysOps Administrator), or demonstrated equivalent capability

Knowledge and Skills Preferred:

• Expresses ideas or facts in a clear, concise and open manner

• Communication indicates a consideration for the feelings and needs of others

• Actively listens and proactively shares knowledge

•  Handles conflict effectively, by overcoming differences of opinion and finding common ground

• Evaluates data and courses of action to reach logical, pragmatic decisions

• Takes an unbiased, rational approach with calculated risks

• Applies innovation and creativity to problem-solving

• Open to change and flexible in a fast paced environment

• Performance is consistent, even under pressure

• Always pursues continuous improvements

• Effectively adapts own approach to suit changing circumstances or requirements.

• Demonstrates understanding of the impact of own role on all partners and always puts the end beneficiary first

• Develops and implements sustainable strategies on how to perform their role, with an eye on improvement based on changes needed or refinement of approach

• 2nd language skills

  • Familiar with Atlassian tools (Jira, Confluence, BitBucket)
  • Working knowledge of identity management (e.g. KMS, HSM, LDAP, JWT, SAML, Federation)

Other requirements:

• Flexibility to work on call off hours/weekends during critical project phases if necessary


Job Family Group:

Corporate Services


Job Family:



Time Type:


Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting

Apply Now
  • Join our team
    of 200,000+
    strong diverse employees

  • Socially minded employees volunteering in communities across 90 countries

  • Meaningful career opportunities thanks to a physical presence in over 98 markets

We foster a culture that embraces all individuals and encourages diverse perspectives, where you can make an impact and grow your career. At Citi, we value colleagues that demonstrate high professional standards, a strong sense of integrity and generosity, intellectual curiosity, and rigor. We recognize the importance of owning your career, with the commitment that if you do, we promise to meet you more than half way.

Saved Jobs

You have no saved jobs

Previously Viewed Jobs

You have no viewed jobs