Cloud Incident Responder (Vice President)
Job Req Id:
26963020
Location(s):
Singapore, Singapore, Singapore
Job Type:
On-Site/Resident
Posted:
May. 20, 2026
Discover your future at Citi
Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.
Job Overview
Citi's Cloud Incident Response (Cloud IR) team is seeking an expertCloud Incident Responder (VP)to take a leading role in strategically managing and responding to security incidents across our vast and dynamic technology landscape. You will be at the forefront of protecting Citi's critical assets, including our multi-cloud environments onAWSandGCP, and vital data platforms likeSnowflakeandDatabricks. Your leadership will be crucial in safeguarding the integrity of our services and the trillions of dollars that flow through our network daily.
In this role, you will work with global stakeholders to drive the evolution of our security processes, procedures, and cutting-edge tools. You will ensure the firm is prepared to meet the most critical security challenges in an evolving cloud ecosystem.
Responsibilities:
As a Cloud Incident Responder, you will perform a full range of incident response functions, including but not limited to:
Lead and Build Response Automation:Architect, refine, and champion the development of cutting-edge incident response playbooks and automation capabilities, with a primary focus on enhancing our response mechanisms forDatabricksandSnowflake.
Conduct In-Depth Investigations:Perform detailed, cloud-focused investigations by analyzing logs and telemetry from Cloud Service Providers (AWS, GCP), data platforms (Snowflake, Databricks), and enterprise SaaS applications (M365).
Orchestrate Forensic Analysis:Coordinate the execution of automated workflows to gather critical forensic artifacts (memory, disk, cloud resource configurations) for in-depth analysis.
Implement Cloud-Native Containment:Oversee the use of cloud-native automation to execute decisive containment actions across compromised environments, including sensitive data platforms.
Proactive Threat Hunting:Conduct advanced host-based and cloud-native analysis (digital forensics, metadata analysis) to proactively uncover Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs).
Strategic Collaboration:Engage with application, infrastructure, and business stakeholders to identify key information sources and influence security architecture decisions.
Meticulous Documentation:Ensure detailed and actionable documentation for every incident, capturing the Who, What, When, Where, Why, and How to drive continuous improvement.
Threat Modeling:Actively participate in threat modeling exercises for new services and capabilities, including purple team, tabletop, and CTF exercises.
Required Qualifications & Experience
6-10 years of relevant experience in Cloud Security, Cybersecurity, and/or Incident Response.
Demonstrated hands-on security expertise in major cloud platforms such asAWSandGCP.
Proven experience with security constructs and incident response within SaaS/PaaS offerings and data platforms likeSnowflakeandDatabricks.
Strong problem-solving capabilities with an in-depth understanding of security incident response processes and proven analytical skills to tackle complex security challenges.
Experience with log aggregation and security analytics tools (e.g., Splunk, Sentinel, Chronicle).
Excellent technical documentation and communication skills.
Ability to operate independently with minimal oversight while dealing with complex technical analysis.
Highly Preferred Qualifications
Deep expertise in Databricks and Snowflake security, including hands-on experience in monitoring, threat detection, building response playbooks, and automation.
Security-specific certificationsrelated to Databricks, Snowflake, or other major cloud platforms (e.g., AWS Certified Security - Specialty, Google Professional Cloud Security Engineer).
Hands-on experience with cloud-native security posture and tooling platforms (e.g., Wiz, Aquasec, AppOmni) is a strong advantage.
Education
Bachelor's degree/University degree or equivalent experience is required.
A Master's degree in a related field is preferred.
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
------------------------------------------------------
Job Family Group:
Technology------------------------------------------------------
Job Family:
Information Security------------------------------------------------------
Time Type:
Full time------------------------------------------------------
Most Relevant Skills
Please see the requirements listed above.------------------------------------------------------
Other Relevant Skills
For complementary skills, please see above and/or contact the recruiter.------------------------------------------------------
Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.
If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View Citi’s EEO Policy Statement and the Know Your Rights poster.
Global Benefits
Discover the top benefits offered to our global workforce, designed to support your well-being, growth and work-life balance. Explore a few of the highlights that make working with us rewarding.
Explore More Jobs
-
Supply Chain Sourcing Intmd Analyst
- Heredia, Provincia de Heredia
-
Senior Business Execution Analyst – Vendor Management
- Heredia, Provincia de Heredia
-
Reconciliation & Proofing Analyst 2 - C10 - CIUDAD DE MEXICO
- Ciudad De Mexico, Ciudad De Mexico
-
Developer Enablement, Technical Architect – Release on Demand (SVP)
- London, England
-
Early Career Talent Network
Sign up to receive personalized job matches based on your skills and interests. We'll help you discover opportunities that align with your goals.
-
Career Professionals Talent Network
Sign up to receive tailored job matches based on your skills and experience. Discover opportunities that align with your ambitions.