Digital Cyber Forensic Investigator
Citi Security and Investigative Services (CSIS) is a global function within Citi whose mission is to protect the employees, assets, information, integrity, and reputation of Citi and its clients. CSIS accomplishes this by offering industry-leading professional security services, fraud prevention, and independent investigations to all of Citi's businesses and regions globally, and by partnering with our internal business colleagues, law enforcement agencies, and the industry externally.
Citi employees reflect the remarkable range of cultures and perspectives of our clients across more than 160 countries and jurisdictions where we do business – a powerful advantage that combines global insights with deep local knowledge. We recognize that unique individuals, collaborative teams, and inclusive leaders have far-reaching impact and are the engines of new ideas. It’s our willingness to embrace the richness of our diverse teams, ideas and possibilities that drives our growth and progress.
A role in our cyber investigations function means you will have the opportunity to work with a group of individuals whose collective mission is to investigate information security and cyber events against our firm. We conduct professional and independent investigations to identify fraud, recover lost or stolen assets, identify underlying control failures and root causes, enforce the policies of the firm, identify network security incidents and cyber events, and to cause and/or support prosecutions and civil litigation, if appropriate. You’ll make connections with fellow colleagues that share your diverse background and experiences. On our team, we relish unique individuals, collaborative teams, and inclusive leaders, because they are the engines of new ideas. With operations around the world and staff from a variety of disciplines, you will benefit from working alongside and learning from the best and the brightest in the Cyber Security industry.
As an Investigator, you will be responsible for the coordination and investigation of high-level cyber security network and/or Information security incidents. You will draw on a broad range of investigative skills that exist amongst the team and work with business, product, process subject matter experts (SMEs) and functions to arrive at the most complete and accurate findings. This role will utilize your sophisticated expertise in investigative interviewing, cyber security, network security, cyber enabled fraud, to identify cyber threats, schemes, trends, and organized rings that create a risk to our firm, its employees, shareholders, systems, assets and clients.
One guarantee is that no two days will be the same. Challenges will present themselves daily. The question is, are you up to the challenge?
- Conduct digital computer forensic investigations of Information and Network Security Incidents raised by cyber security units within the firm.
- Conduct detailed analysis of said incidents utilizing various digital forensic tools on computers, servers, and networks.
- Conduct code analysis and leverage knowledge of software development lifecycle.
- Collect and analyze digital forensic artifacts.
- Collect, search, monitor, and analyze machine-generated data and event logs.
- Collect, research, and analyze any evidence relevant to an investigation and draw conclusions.
- Filter, prioritize and validate highly technical, complex, and dynamic material from multiple sources.
- Manage and work investigative cases referred from internal and external sources utilizing technology and tools
- Provide timely investigative results
- Provide quick, accurate and formulated case decisions and/or conclusions that will reduce losses, protect our customers, and safeguard the integrity of our products and reputation
- Gather, research, and analyze facts relevant to an investigative case and draw conclusions on said facts
- Ensure proper adherence to investigative standards, case aging protocols and report writing
- Interact with law enforcement and other outside entities regarding loss recovery to include court ordered restitution
- Brief others on an ongoing investigations/investigative projects
Education and Experience Required
- Bachelor's degree (US only) or equivalent work experience
- Knowledge of Network Forensic tools (Encase, FTK, etc.) and investigation techniques.
- Strong background and understanding of Computer Science, Computer / Network Security, Information Security.
- Strong understanding of Windows/Linux (server/desktop) operating systems, network components such as switches, routers, firewalls.
- In-depth experience with and artifact analysis, registry, event logs, and other log files.
- In-depth knowledge of file systems.
- Strong understanding of Advanced Persistent Threat (APT) actors, cyber criminals, their motivations, skillsets, toolsets, and intent.
- Knowledge / Education / Experience in malicious code, infection vectors and malware types.
- Experience and ability to conduct verbal investigative interviews.
- Experience and understanding of forensic and eDiscovery processes and procedures to include the collection, examination, and analysis of data.
- Experience with writing well-articulated, professional, detailed reports showcasing investigative findings in a cohesive and comprehensive manner to a broad audience.
- Broad knowledge of business processes including business operations, information technology and security.
Education and Experience Preferred
- Graduate degree (US only)
- Cybersecurity or IT certifications (GIAC, CISSP, CEH, CCNA, etc).
- Hands-on work experience with Security Operations Center tools, methods, and procedures.
- 5 – 7 years of experience as a Cyber Investigator for a local, state, or federal law enforcement, military, or intelligence agency and/or 5 – 7 years of experience as a Cyber Investigator with any major global firm.
- Experience with Virtualization and cloud concepts.
- Memory collection and analysis from various platforms.
- Hands-on experience with a DFIR toolset and related scripting.
- Hands-on work experience with Security Operations Center tools (SIEM, SOAR, EDR tools etc.), methods, and procedures.
- Strong Understanding of malware research tools, hex editors, un-packers, virtual machines, network sniffers / packet capture tools and other reverse engineering tools.
- Scripting/programming (Python, PowerShell etc.) knowledge.
- Familiarity with Large Networks, including but not limited to IDS, Proxy, and DNS logs.
- 2nd Language skills
- Proficiency in Microsoft Office products - Word, Excel, Outlook, PowerPoint, & SharePoint for compiling written reports and spreadsheets on an investigation
- Experience representing/testifying in criminal and civil court matters
Knowledge Skills and Abilities Required
- Excellent communication needed for demonstrating case work and obtaining cooperation of other parties
- Good report writing skills to accurately articulate the circumstances and events of the investigation
- Good analytical skills needed to assess evidence, identify relationships, and develop leads in an investigation
- An ability to multi-task, demonstrated attention to detail with ability to manage caseload and produce accurate, concise analytical reports
- Solid judgment and decision-making skills
- Ability to present data, information, or findings
Knowledge Skills and Abilities Preferred
- Expresses ideas or facts in a clear, concise, and open manner
- Excellent time and case management skills
- Actively listens and proactively shares knowledge
- Handles conflict effectively, by overcoming differences of opinion and finding common ground
- Evaluates data and courses of action to reach logical, pragmatic decisions
- Takes an unbiased, rational approach with calculated risks
- Applies innovation and creativity to problem-solving
- Open to change and flexible in a fast-paced environment
- Performance is consistent, even under pressure
- Ability to brief management and others on an investigative case or findings
- Always pursues continuous improvements
- Effectively adapts own approach to suit changing circumstances or requirements.
- Demonstrates understanding of the impact of own role on all partners and always puts the end beneficiary first
- Develops and implements sustainable strategies on how to perform their role, with an eye on improvement based on changes needed or refinement of approach
- 2nd language skills
Flexibility to work on call off hours/weekends during critical project phases, if necessary
Job Family Group:Corporate Services
Time Type:Full time
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View the EEO Policy Statement.
View the Pay Transparency Posting
Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.
Join our team
strong diverse employees
Socially minded employees volunteering in communities across 90 countries
Meaningful career opportunities thanks to a physical presence in over 95 markets
We foster a culture that embraces all individuals and encourages diverse perspectives, where you can make an impact and grow your career. At Citi, we value colleagues that demonstrate high professional standards, a strong sense of integrity and generosity, intellectual curiosity, and rigor. We recognize the importance of owning your career, with the commitment that if you do, we promise to meet you more than half way.
You have no saved jobs
Previously Viewed Jobs
You have no viewed jobs