Skip to main content

Cloud Incident Responder (Vice President)

Job Req Id:

26963020

Location(s):

Singapore, Singapore, Singapore

Job Type:

On-Site/Resident

Posted:

May. 20, 2026

Discover your future at Citi

Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.

Job Overview

At Citi, we get to connect millions of people across hundreds of cities and countries every day.  And we've been doing it for more than 200 years.  We do this through our unparalleled global network.  We provide a broad range of financial services and products to our clients – whether they be consumers, corporations, governments or institutions – to help them meet their biggest opportunities and face the world's toughest challenges.

Citi's Cloud Incident Response (Cloud IR) team is seeking an expertCloud Incident Responder (VP)to take a leading role in strategically managing and responding to security incidents across our vast and dynamic technology landscape. You will be at the forefront of protecting Citi's critical assets, including our multi-cloud environments onAWSandGCP, and vital data platforms likeSnowflakeandDatabricks. Your leadership will be crucial in safeguarding the integrity of our services and the trillions of dollars that flow through our network daily.

In this role, you will work with global stakeholders to drive the evolution of our security processes, procedures, and cutting-edge tools. You will ensure the firm is prepared to meet the most critical security challenges in an evolving cloud ecosystem.

Responsibilities:

As a Cloud Incident Responder, you will perform a full range of incident response functions, including but not limited to:

  • Lead and Build Response Automation:Architect, refine, and champion the development of cutting-edge incident response playbooks and automation capabilities, with a primary focus on enhancing our response mechanisms forDatabricksandSnowflake.

  • Conduct In-Depth Investigations:Perform detailed, cloud-focused investigations by analyzing logs and telemetry from Cloud Service Providers (AWS, GCP), data platforms (Snowflake, Databricks), and enterprise SaaS applications (M365).

  • Orchestrate Forensic Analysis:Coordinate the execution of automated workflows to gather critical forensic artifacts (memory, disk, cloud resource configurations) for in-depth analysis.

  • Implement Cloud-Native Containment:Oversee the use of cloud-native automation to execute decisive containment actions across compromised environments, including sensitive data platforms.

  • Proactive Threat Hunting:Conduct advanced host-based and cloud-native analysis (digital forensics, metadata analysis) to proactively uncover Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs).

  • Strategic Collaboration:Engage with application, infrastructure, and business stakeholders to identify key information sources and influence security architecture decisions.

  • Meticulous Documentation:Ensure detailed and actionable documentation for every incident, capturing the Who, What, When, Where, Why, and How to drive continuous improvement.

  • Threat Modeling:Actively participate in threat modeling exercises for new services and capabilities, including purple team, tabletop, and CTF exercises.

Required Qualifications & Experience

  • 6-10 years of relevant experience in Cloud Security, Cybersecurity, and/or Incident Response.

  • Demonstrated hands-on security expertise in major cloud platforms such asAWSandGCP.

  • Proven experience with security constructs and incident response within SaaS/PaaS offerings and data platforms likeSnowflakeandDatabricks.

  • Strong problem-solving capabilities with an in-depth understanding of security incident response processes and proven analytical skills to tackle complex security challenges.

  • Experience with log aggregation and security analytics tools (e.g., Splunk, Sentinel, Chronicle).

  • Excellent technical documentation and communication skills.

  • Ability to operate independently with minimal oversight while dealing with complex technical analysis.

Highly Preferred Qualifications

  • Deep expertise in Databricks and Snowflake security, including hands-on experience in monitoring, threat detection, building response playbooks, and automation.

  • Security-specific certificationsrelated to Databricks, Snowflake, or other major cloud platforms (e.g., AWS Certified Security - Specialty, Google Professional Cloud Security Engineer).

  • Hands-on experience with cloud-native security posture and tooling platforms (e.g., Wiz, Aquasec, AppOmni) is a strong advantage.

Education

  • Bachelor's degree/University degree or equivalent experience is required.

  • A Master's degree in a related field is preferred.

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Most Relevant Skills

Please see the requirements listed above.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.

A man walks his dog, enjoying a well-earned break from work.

Global Benefits

Discover the top benefits offered to our global workforce, designed to support your well-being, growth and work-life balance. Explore a few of the highlights that make working with us rewarding.

Learn About Global Benefits

A woman enjoying work-life balance with her family

Explore More Jobs

  • Early Career Talent Network

    Sign up to receive personalized job matches based on your skills and interests. We'll help you discover opportunities that align with your goals.

    Join Early Career Network

  • 4 people standing on a staircase

    Career Professionals Talent Network

    Sign up to receive tailored job matches based on your skills and experience. Discover opportunities that align with your ambitions.

    Join Career Professionals Network