SOC Analyst - L1

Discover your future at Citi

Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.

Job Overview

About Citi:

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.

Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.

The Role:

This role is a frontline Security Operations Center (SOC) Analyst position responsible for 24x7 monitoring, alert triage, and initial investigation of security events across endpoint, network, email, and web platforms within a large-scale enterprise financial services environment. The analyst serves as a critical first line of defense — validating threats, documenting incidents with forensic integrity, and delivering escalation-ready analysis to L2 and Incident Response teams. The position demands active contribution to playbook development, automation and AI-assisted workflow enablement, and team knowledge sharing, reflecting the operational maturity standards expected across leading financial institutions. Candidates who thrive at the intersection of disciplined security operations, continuous improvement, and responsible AI adoption will find this role both impactful and professionally expansive.

Qualifications

• 1-3 years of experience in a SOC, security operations, or equivalent hands-on cybersecurity role, including direct experience in a 24x7 shift environment.
• Foundational knowledge of cybersecurity principles, network security, incident response, intrusion detection, and cyber defense monitoring. Includes understanding of common attack characteristics, attack stages, and intrusion activity phases.
• Hands-on experience with SIEM, EDR, IDS/IPS, email security, and web security platforms for alert validation, log analysis, event correlation, and case documentation.
• Demonstrated ability to perform log, metadata, and network traffic analysis across multiple data sources. Ability to distinguish benign activity from potentially malicious behavior when forming triage conclusions.
• Strong incident documentation skills including structured evidence collection, artifact preservation, case timeline construction, and production of complete, escalation-ready case packages that maintain forensic integrity.
• Knowledge of network protocols (e.g., TCP/IP, DNS, HTTP/S), network architecture fundamentals, and the ability to apply packet or metadata analysis to support alert triage and initial investigation.
• Understanding of cybersecurity policies, privacy obligations, data-classification standards, and risk management concepts as applied to incident analysis, reporting, and escalation.
• Experience contributing to playbooks, runbooks, workflow improvements, or detection-support content. Able to translate lessons learned into repeatable, standardized investigative procedures.
• Demonstrated ability to use approved AI/LLM tools responsibly, including prompt development, critical output validation, and documentation of analyst review in alignment with acceptable-use and governance requirements.
• Strong analytical, written, and verbal communication skills. Able to produce clear incident reports, operational summaries, and stakeholder communications that preserve investigative continuity across shifts and teams.

Responsibilities

• Monitor and triage security alerts 24x7 from SIEM, EDR, IDS/IPS, email, and web security platforms. Validate alerts using log analysis, metadata review, event correlation, and network telemetry to determine credibility, cause, and potential impact.
• Conduct initial investigations to establish incident scope, urgency, and impact. Collect, preserve, and document logs, artifacts, and indicators of compromise (IOCs) in a manner that maintains forensic integrity for downstream incident response and investigative activities.
• Produce complete, escalation-ready incident packages including timelines, affected assets, observed behaviors, and recommended next steps. Escalate incidents to L2 and Incident Response teams in accordance with defined notification and response procedures.
• Coordinate initial containment recommendations with L2 and Incident Response teams, including identification of affected systems, suspected attack vectors, and immediate mitigation options. Track cases from detection through escalation and closure milestones.
• Author, maintain, and continuously improve SOC playbooks and runbooks by translating recurring investigative outcomes, after-action reviews, and lessons learned into updated triage steps, escalation criteria, and decision logic.
• Identify automation opportunities for repetitive triage, enrichment, and documentation tasks. Use approved AI/LLM tools to assist with alert summarization, IOC extraction, and case narrative drafting while critically validating all outputs for accuracy, bias, and trustworthiness prior to operational use.
• Perform ongoing threat pattern and trend analysis by correlating indicators and behaviors across incidents. Feed analytical findings back into detection tuning, playbooks, and response workflows to surface adversary techniques proactively.
• Identify potential malware-related and intrusion activity through alert, log, telemetry, and artifact review. Support containment coordination by documenting affected hosts, execution evidence, and recommended immediate response actions for L2/Incident Response review.
• Apply cybersecurity policies, privacy obligations, and data-classification requirements across all alert handling, evidence management, and case reporting. Support SOC governance activities including documentation standards and risk-aware escalation practices.
• Contribute to peer investigations, shift handoff summaries, and knowledge-sharing artifacts to sustain investigative continuity, response readiness, and team operational effectiveness.

Education

• Bachelor’s degree/University degree or equivalent experience.

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Primary Location:

Irving Texas United States

------------------------------------------------------

Primary Location Full Time Salary Range:

$96,400.00 - $144,600.00

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Most Relevant Skills

Please see the requirements listed above.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Anticipated Posting Close Date:

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.