Senior SOC Incident Response Analyst, VP (C13)
Irving, Texas| Fort Lauderdale, Florida| Tampa, Florida| New York, New York| New Castle, Delaware
Job Req ID 23609118Overview
Citi’s technology team is growing at lightning speed, and we’re looking for talented technologists to help build the future of global banking. Our teams are creating innovations used across the globe – we’re changing the way people bank and how the world does business. Citi’s technology team supports business operations in 100+ countries, across multiple lines of business spanning both Institutional and retail businesses. The group works to optimize the IT environment by standardizing production platforms, reducing complexity, and introducing innovative solutions that provide new business capabilities, reduce total cost of ownership, and create a competitive advantage for Citi. Join an environment with a laser focus on growth and progress, and take your career to the next level through the power of Citi’s unmatched globality and vast expertise.
Success Profile
As one of the world’s most global banks, Citi gives you the tools to be a trailblazer. We’re not just building technology, we’re building the future of banking. With thousands of employees located around the globe, we are an international team encompassing a broad range of teams, roles, and cultures, and we invite you to come and join us!
- Creative
- Analytical
- Collaborative
- Productive
- Adaptable
- Relationship Expertise
Glassdoor Reviews
Responsibilities
About Citi:
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.
Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.
The Role:
The Senior Security Operations Center (SOC) Incident Response Analyst is a highly skilled and experienced Incident Response (IR) practitioner tasked to support critical efforts aimed at protecting Citi infrastructure, assets, clients and stakeholders. This is a high level role with global exposure and responsibility. This person will serve as both a technical subject matter expert (SME) and an ambassador for the incident response team.
Within Citi's SOC, this individual will collaborate closely with a talented cadre of security specialists and incident responders to react urgently to security events. The individual's observations and recommendations will impact security decisions across the organization playing an important part in maturing Citi's security posture.
As an individual contributor, the Senior SOC Incident Responder will be a hands-on first responder that triages and investigates cybersecurity incidents in cloud, traditional (i.e. on-premises), and hybrid environments. This position will be technically challenging, rewarding, and will provide ample opportunity to establish partnerships, mentor colleagues and shape team culture.
Responsibilities:
- Lead and/or support in-depth triage and investigations of urgent cyber incidents in cloud, traditional, and Hybrid environments
- Perform incident response functions per the examples below
- Host-based analytical functions (e.g. digital forensics, metadata, malware analysis, etc.) through investigating Windows, Unix based, appliances, and Mac OS X systems to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs)
- Create and track metrics based on the MITRE ATT&CK Framework and other standard security-focused models
- Collaborate with application and infrastructure stakeholders to identify key components and information sources such as environments (on-premises versus cloud), servers, workstations, middleware, applications, databases, logs, etc.
- Assist in incident response efforts using forensic and other custom tools to identify any sources of compromise and/or malicious activities taking place
- Collaborate with global multidisciplinary groups for triaging and defining the scope of large scale incidents
- Document and present investigative findings for high profile events and other incidents of interest
- Participate in readiness exercises such as purple team, table tops, etc.
- Train junior colleagues on relevant best practices as needed
Qualifications:
- 5+ years' professional experience in Cybersecurity and/or Information Security, or demonstrated equivalent capabilities
- 1-2+ years hands-on experience in Cyber Incident Response and Investigations with Cloud and Forensics components (preferably in medium to large organizations)
- Strong working knowledge of relational database systems/concepts and virtualization products
- Must be open to working outside of normal business hours if and when necessary
- Experience with most of the following Core Competencies is required for this role:
Experience in Cloud Forensics/IR
- Hands-on Dev/Sec/Ops experience with Cloud environments and underlying storage, compute and monitoring services
- Prior experience with Cloud Common Services
- Hands-on experience with forensic investigations or large scale incident response in cloud environments
- Hands-on experience with containerization methods and tools (e.g. Docker, Kubernetes) including incident response and digital forensics
Experience in Incident Response
- Hands-on experience with analyzing and pivoting through large data sets
- Recent hands-on experience in digital forensics (e.g. computer, network, mobile device forensics, and forensic data analysis, etc.)
- Experience with activities like:
- Memory collection and analysis from various platforms
- Evidence preservation in line with industry best practices
- Familiarity with malware analysis and Reverse Engineering of samples (e.g. static, dynamic, de-obfuscation, unpacking)
- In-depth experience with timeline analysis, Registry, event, and other log file and artifact analysis
- Strong background with File system knowledge and analysis
- Hands-on experience with a DFIR toolset and related scripting
- Expertise with an EDR system
Experience in the following Operating Systems
- Windows OS , UNIX, Mac OS X specifically in system administration, command line use, and file system knowledge
Experience in Basic Scripting and Automation
- Proficient in basic scripting and automation of tasks (e.g. C/C++, PowerShell, JavaScript, Python, bash, etc.)
Network Concepts and Understanding
- Working knowledge of networking protocols and infrastructure designs including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols
Education:
- Bachelor's degree in Computer Science, Information Security, Engineering, Digital Forensics, etc. or equivalent experience
- Cloud Certifications (e.g. GIAC, AWS, etc.) or other comparably relevant certifications are required or willingness to attain within 12 months of starting
- One or more GIAC (e.g. GCFE, GCFA, GREM, GCIH, GASF, GNFA, etc.) or other digital forensic and/or incident response certifications or willingness to attain within 12 months of starting
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
-------------------------------------------------
Job Family Group:
Technology-------------------------------------------------
Job Family:
Information Security------------------------------------------------------
Time Type:
Full time------------------------------------------------------
Primary Location:
Irving Texas United States------------------------------------------------------
Primary Location Salary Range:
$121,560.00 - $182,340.00------------------------------------------------------
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View the "EEO is the Law" poster. View the EEO is the Law Supplement.
View the EEO Policy Statement.
View the Pay Transparency Posting
-
Join our team
of 220,000+
strong diverse employees -
Socially minded employees volunteering in communities across 90 countries
-
Meaningful career opportunities thanks to a physical presence in over 95 markets
We foster a culture that embraces all individuals and encourages diverse perspectives, where you can make an impact and grow your career. At Citi, we value colleagues that demonstrate high professional standards, a strong sense of integrity and generosity, intellectual curiosity, and rigor. We recognize the importance of owning your career, with the commitment that if you do, we promise to meet you more than half way.
Innovation Through Diversity
-
Citi has an immense network with over 200,000 colleagues across 6 continents in over 100 countries and has been able to serve over 200 million clients for over 200 years. Gain insights into how our firm draws from a diverse pool of ideas and talent to transform ideas into strategies and deliver diverse opportunities to our colleagues.
Success Stories
Isabelle Noelene Chong
Applications Development Supervisor
Tenure at Citi: 2 years and 5 months.
How did you begin a career in Technology?
As a Computer Science graduate from NTU, I wanted to work somewhere where I would be able to make use of my technical skills, as well as explore the world of finance. Citi seemed like the perfect place for me to give me the exposure in both Technology and Finance. I was also drawn to Citi’s Technology Management Associate Program, as I knew that being in the program would equip me with the technical skills, in-depth business knowledge, as well as interpersonal skills that would accelerate my career development. The rotation structure would also give me the exposure to different parts of the bank and help me decide on my final placement after the program.
What does your day-to-day job entail and what do you like most about it?
My current role in GCT’s Digital Department allows me to work with stakeholders from Technology, Business, and Citi’s external partners. I am currently the lead of Emerging Payments module for the Enterprise Service Bus team in the Digital Department and am also part of the team spearheading a new initiative – Citi E-Marketplace, which will not only add value to Citi’s consumers, but also Citi and it’s partner merchants, too.
What do you enjoy most about your role?
What I love most about my role is being able to make a difference in the lives of Citi’s consumers, which includes yours and mine, too.
What do you enjoy most about your role?
I enjoy being able to interact with stakeholders from Technology and Business, as it helps me to understand the different perspectives of these stakeholders and helps bridge the gap whenever necessary. I also love working on new digital-related ideas and turning them it into reality.
What skill set does someone working in this kind of area need?
I think an important attribute someone working in this area would need to have is the willingness to learn. As technology is constantly evolving, we need to consistently upgrade ourselves in order to stay relevant. Hence, it is essential that one is able to adapt according to the needs of the organization.
What advice would you give to someone looking to break into a career in Technology?
Go for it! You never know till you try. I feel that as long as you are willing to put in the extra effort to learn new technical skills, you will be able to ease into the technical role in no time.
Where can a career at Citi/Technology take you?
I think a career in Citi/Technology gives me endless opportunities – not just locally, but around the world, too. The only limitation to where your career can take you is yourself. More often than not, we find ourselves too shy to ask for what we want. Not all of us are lucky enough to have opportunities thrown on our lap; hence, in order to reach our career aspirations, we must be willing to speak up for ourselves.
What makes Citi a great place to work?
My favourite parts about Citi include culture, people, and opportunities. I will elaborate on culture in the next question. As for people, I think I have been very lucky throughout my career with Citi to have been able to work with such fantastic people. In the four teams I have worked with so far, everyone I met was always ever so willing to share their knowledge with me, and lend me a helping hand when I needed. It is their energy and intelligence that stretches and motivates me to further my career.
I have also gotten a countless number of opportunities here in Citi – the opportunity to learn through various trainings; the opportunity to lead initiatives, be it within my job scope or through Citi’s APAC O&T Women In Leadership (WIL) Council and CitiClub; the opportunity to try different job roles through the Technology Analyst Program, etc., which I am incredibly thankful for.
What is the culture like at Citi?
I think a large part of Citi’s culture is made up of the various clubs/groups in Citi. To give an idea of what the culture in Citi is like, let me share my experience at the clubs that I was most involved in – CitiClub and the APAC O&T WIL Council. Through CitiClub, I was not only able to engage with my fellow employees by organizing various employee-engagement activities, I was also able to collaborate with like-minded people to pursue various passions, such as playing sports or giving back to society. As the Engagement Lead of APAC O&T WIL Council, I was able to raise awareness of gender issues, help O&T women to achieve both their personal and career goals, as well as to promote diversity at the workplace. Personally, I see diversity as an important element for growth, as teams with diverse backgrounds usually work better together and produce more effective results. It is heartening to see that Citi takes diversity in the organization seriously, as evidenced by the various diversity-related initiatives in place.
Yoshi
Markets and Securities Services Technology – Australia Production Support Lead
Tenure at Citi: 10 years
Can you tell me a bit about yourself and your background?
When I first introduce myself to someone new, or someone who doesn’t quite know me sees my name, more often than not a perception is formed that I am Japanese. Although I do have a Japanese name and although I was indeed born in Japan, it’s not quite so simple. Through my family, I have Vietnamese and Chinese heritage – although living here in Sydney, Australia for practically my whole life, I consider myself an Aussie. When I’m not at work, I enjoy being active outdoors, whether it be playing basketball, going to the beach, or going for weekend road trips.
How did you begin a career in Technology?
After graduating from Sydney University with a Software Engineering degree, I started my career at Citi as a graduate. I was hired into the Equities Production Support team, which allowed me to enhance my technical skills and develop an understanding of financial markets/business trading flows. Over the years, I was fortunate to have multiple internal opportunities opened up to me, where I now lead the Markets and Securities Services (MSST) Production Support team in Australia.
What does your day-to-day job entail and what do you like most about it?
Working for MSST Production Support keeps you on your toes (literally). The Support team sits with the Markets traders on the Dealing Room Trading Floor. For someone who hasn’t seen what a trading floor looks like, imagine a large hall full of computer screens stacked side by side, big-screen electronic notice boards, traders standing and shouting instructions at each other and phones constantly ringing. The noise and furious pace of the trade floor can be quite a spectacle. The MSST Production Support team is responsible for keeping trading systems up and functional, allowing the traders to transact on behalf of the firm or on behalf of clients.
What do you enjoy most about your role?
Every day on the trade floor brings something new, e.g., winning new clients and learning new business flows, keeping up with constant change both internally and externally, such as changes to infrastructure, technology enhancements, and market regulations, and continuously looking for ways to stay on top of our competitors. This is a fast-paced area, and those that remain stagnant will fall behind!
What skill set does someone working in this kind of area need?
A tertiary qualification in Business Information Technology or Computer/Software Engineering is recommended. Knowledge of financial markets is useful. Experience with multiple operating systems, databases, programming languages are key technical requirements. We also look for people with strong soft skills such as communication (both written and verbal), time management, and being able to succeed in a demanding environment.
What advice would you give to someone looking to break into a career in Technology?
Technology is the future! Why wait? Technology companies are always looking to make things faster, bigger (or smaller, depending on what the object is), more stable, having improved performance. This is an exciting age we are living in.
Where can a career at Citi/Technology take you?
From starting my career 10 years ago as a graduate to now being responsible for production support of Australia’s Markets and Securities Services business, this is an example of where your career at Citi could go. Leveraging from your existing networks/connections and constantly looking to build new networks will hopefully open up opportunities for you as it did to me.
What makes Citi a great place to work?
Working for a global company, there are countless career mobility/career opportunities that could take you around the world. With so many different departments, you’re bound to meet great people at work. Citi also promotes personal development and offers a vast range of training programs covering technical areas, interpersonal behaviors and leadership programs. What you take away from these training sessions can help you in the workplace but can also be applied to your everyday lifestyle.
What is the culture like at Citi?
Citi is a diverse workplace full of employees with a wide range of backgrounds. Cultural events, such as Diwali and Chinese New Year, are celebrated at work. Much thought goes into the planning of these events, which shows the appreciation and respect the company has of its employees. Citi also uses a framework to recognize employees who provide significant contributions toward company goals. Recognition is one of the common motivating factors for employees, so it’s great to see that in use here at Citi.
Can you tell me a bit about yourself and your background?
I graduated from the National University of Singapore in 2016 with a Computer Engineering degree. I first joined Citi in July 2016 under the Technology Analyst Program, which seeks to provide structure and exposure to fresh graduates joining Citi Technology. I have always been interested in technology from my childhood days, and actively pursuing it as my university education was a real joy for me. In my spare time, I like to stay active by doing Mixed Martial Arts or playing soccer. I also enjoy making music and reading.
How does your role/department impact the larger Citi organization?
My department is committed to developing innovative solutions to enhance the process of Foreign Exchange trading via FX Connect (a third-party vendor application). We target to build a bridge between Citi VELOCITY and FX Connect, seamlessly integrating the end-to-end workflow between both applications and providing our users with greater ease of use.
How did you begin a career in your department/line of business?
began my career in the FX Technology in September 2017 as part of the requirements for the Technology Analyst Program. This is my second and final rotation under the program and, so far, it has been a valuable and fruitful experience. My first rotation was a one-year stint in Commodities Technology, which was fulfilling as well.
What does your day-to-day job entail and what do you enjoy most about it?
My day-to-day job consists of resolving issues and fixing bugs that are found in the application. My manager often challenges me with new enhancements to be made, and is open to hearing my opinions. I always get a sense of fulfillment when I see my changes working in a live environment. I enjoy the open discussions I have with my teammates and the freedom I get to creatively implement my changes.
What skill set does someone working in this kind of area need?
A curious mind and dedication to deliver beyond expectations. Anyone who is open to learning and exploring new solutions will fit well in this area. What advice would you give to someone looking to break into a career in your department? Read a lot and practice what you have read. Be proactive and eager to learn from people. Technology is constantly changing, and you will never know what you can learn from someone else.
Where can a career at Citi take you?
FX Technology offers vast opportunities, as the business is stable and established. With teams spread across the world, this department makes global mobility a viable and realizable option. Further to this, this department puts a strong focus on harnessing the newest technologies and integrating them into the applications we build. Being in this team will allow me to grow to be more adept in Application Development, and perhaps even lead my own projects and teams in the future.
What makes Citi a great place to work?
Great people and an empowering culture. The people in Citi are highly collaborative and are always willing to share what they know. They promote inclusiveness and I have never once felt left out. Citi believes in empowering its employees through training and celebrating excellence. Not only am I often compelled to do better and to push the boundaries of innovation and technology, I also find myself enabled to do so through the trainings I have access to and the people I have networked with.
Do you take part in any volunteering, special programs, or leadership development opportunities and/or participate in any Employee Networks? If so, please describe.
I have recently closed my chapter as the lead of CitiClub Singapore’s Terrific Thursdays committee. It is a committee that organizes weekly workshops on Thursdays to empower and engage Citi’s employees. In 2017, we had a total of 1,429 participants across 21 events that we held, a 38% increase from the previous year. I continue to actively engage myself in CitiClub activities and provide assistance whenever required.
In 2018, my goal is to be more involved in groups advocating diversity in the workplace – groups such as Women in Leadership (WIL) or Women in Technology (WiT). In addition to this, I hope to be able to participate in more leadership development programs sometime in the future.
Can you tell me a bit about yourself and your background?
I am a computer engineer from Pune University and have 13 years of overall technology experience. Started my career in 2004 as a software engineer and worked on several important initiatives for organizations like Principal Financial Group, HSBC and Patni before joining Citi..
How did you begin a career in Technology?
I always had passion for programming and, as a result, I started my career in technology as a programmer in Patni (now acquired by Capgemini) after completing my graduation in 2004.
What does your day-to-day job entail and what do you like most about it?
Day-to-day job entails working closely with business stakeholders, understanding business initiatives, and working with the team to build efficient technology solutions for the business. I enjoy building the best-in-class solutions for the business, partnering with global stakeholders, and motivating the team to achieve superior results
What do you enjoy most about your role?
I get to learn about the business functions and explore the latest and greatest technologies to build best-in-class solutions for the business and I get to work with very talented individuals.
What skill set does someone working in this kind of area need?
Some of the important ones (but not limited to) are passion for technology, ability to collaborate with different teams, enthusiasm to drive for building the best technology solutions, and the energy to embrace change and challenge the status quo.
What advice would you give to someone looking to break into a career in Technology?
Keep upgrading your technical skill set; however be technology agnostic and be flexible to work on any technology that offers the most to achieve the optimum solution for solving the problems in hand.
Where can a career at Citi take you
Sky is the limit at Citi. Multiple options are available based on one’s competencies and interest. One can shape up a career in technology leadership or tech experts can pursue a career in engineering as a tech architect/solution architect, for example.
What makes Citi a good place to work?
Global presence, challenging work opportunities, collaborative work environment, and talented people to work with make Citi a great place to work.
What is the culture like at Citi?
Culture at Citi is client focused, people focused, diverse, inclusive, and collaborative.
Featured Career Areas
Technology
Transformation
Finance
Risk ManagementSaved Jobs
You have no saved jobs
Previously Viewed Jobs
You have no viewed jobs