1+ months

Security Operations Center (SOC) Cloud Incident Responder (VP)

Citigroup
Irving, TX 75062
**About Citi:**


Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.


As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.


Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. Well enable growth and progress together.


**SOC Cloud Incident Responder (VP)**


Citi's Security Operations Center (SOC) Cloud Incident Response Team seeks a highly skilled and experienced cloud incident response practitioner to support critical efforts aimed at protecting Citi public cloud infrastructure, assets, clients and stakeholders. This is a demanding role with global exposure and responsibility. You will serve both as a technical subject matter expert and as an ambassador for the cloud incident response team. You will be assigned to Citi's SOC and will collaborate closely with a talented cadre of cloud security specialists and cloud incident responders to react urgently to security events. Your observations and recommendations will impact security decisions across the organization, and play an important part in maturing Citi's security posture. As an individual contributor, you will be a hands-on first responder who triages and investigates cybersecurity incidents in Citi's public cloud environments. This position will be technically challenging and rewarding, but will also provide ample opportunity to establish partnerships, mentor colleagues and shape team culture. One guarantee is that no two days will be the same.


**Responsibilities:**


+ Lead and/or support in-depth triage and investigations of urgent cyber incidents in cloud.

+ Perform incident response functions including but not limited to:

+ Detailed cloud focused investigations by analyzing relevant logs such as CloudTrail, VPC Flow, Cloud Watch, etc. based on alerts generated by detective controls and cloud-native services such as GuardDuty.

+ Execution of cloud-native automation to run containment actions on cloud resources based on sources of compromise and/or malicious activities taking place.

+ Execution of automation to gather forensic artifacts such as memory, disk, etc. for in-depth analysis and investigations.

+ Host-based analytical functions (e.g. digital forensics, metadata, etc.) through investigating cloud-native workloads to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs).

+ Develop, document and maintain operationally effective playbooks to deal with cloud based incidents.

+ Work with application and infrastructure stakeholders to identify key components and information sources such as cloud environments, instances, middleware, applications, databases, logs, etc.

+ Collaborate with global multidisciplinary groups for triaging and defining the scope of large scale incidents.

+ Document and present investigative findings for high profile events and other incidents of interest.

+ Participate in readiness exercises such as purple team, table tops, etc.

+ Train junior colleagues on relevant best practices.

+ Develop corrective action language for Information Security (IS) gaps and ensure risk closure meets Citi requirements or industry best practices.

+ Facilitate the implementation of approved IS tools and identify/recommend new or improved security solutions or emerging technologies.

+ Mitigate risk by analyzing the root cause of issues, impacts to business, and required corrective actions and develop security solutions.

+ Ensure IS compliance and seek opportunities to enhance the efficiency of IS policies and procedures.

+ Identify significant IS threats and vulnerabilities, and define appropriate controls for discovered threats, documenting the business response.

+ Disseminate changes to IS regulations and standards to Business and Program owners.

+ Provide Information Security advice and counsel as needed.

+ Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.


**Qualifications:**


+ 5+ years of professional experience in cloud security and/or information security, or demonstrated equivalent capability.

+ 2+ years hands-on working in cyber incident response and investigations in medium to large organizations with cloud and forensics components.

+ Additional technical certifications are preferred.

+ Demonstrated ability to research and apply current information regarding the IS field.

+ Consistently demonstrates clear and concise written and verbal communication.

+ Proven influencing and relationship management skills.

+ Proven analytical skills.


**Experience in Cloud Forensics/IR**


+ Hands-on Dev/Sec/Ops experience with cloud environments and underlying storage, compute and monitoring services.

+ Hands-on experience with analyzing and pivoting through large data sets.

+ Prior experience with common security-focused cloud services on Amazon Web Services and Google Cloud Platform.

+ Hands-on experience with cyber security, forensic investigations or large scale incident response in cloud environments.

+ Experience with container orchestration services such as AWS EKS and/or GCP GKE along with methods and tools (e.g. Docker, Kubernetes).

+ Possessing relevant cloud certifications (such as below) are desired.

+ AWS Solutions Architect - Professional.

+ AWS Security Specialty.

+ GCP Professional Architect.

+ GCP Professional Cloud Security Engineer.

+ Certified Kubernetes Security Specialist.


**Experience in the following:**


+ Windows Operating Systems / UNIX specifically in command line use and basic file system knowledge.

+ Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.).


**Experience in Basic Scripting and Automation**


+ Proficient in basic scripting (SSM Automation, Cloud Formation, etc.) and automation of tasks (e.g. Powershell, Python, bash, etc.).


**Network Concepts and Understanding**


+ Working knowledge of networking protocols and cloud infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols.


**Other**


+ Exceptional candidates from non-traditional backgrounds or who otherwise do not meet all of these criteria may be considered for the role provided they demonstrate sufficient skill and experience.


+ Must have flexibility to work outside of normal business hours when necessary.


**Education:**


+ Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc. or equivalent experience.

+ Masters degree preferred


This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.


-------------------------------------------------


**Job Family Group:**


Technology

-------------------------------------------------


**Job Family:**


Information Security

------------------------------------------------------


**Time Type:**


Full time

------------------------------------------------------


Citi is an equal opportunity and affirmative action employer.


Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.


Citigroup Inc. and its subsidiaries ("Citi) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review **Accessibility at Citi (https://www.citigroup.com/citi/accessibility/application-accessibility.htm)** .


View the "EEO is the Law (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/eeopost.pdf) " poster. View the EEO is the Law Supplement (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/OFCCP\_EEO\_Supplement\_Final\_JRF\_QA\_508c.pdf) .


View the EEO Policy Statement (http://citi.com/citi/diversity/assets/pdf/eeo\_aa\_policy.pdf) .


View the Pay Transparency Posting (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp\_%20English\_formattedESQA508c.pdf)


-----------------------------


Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.

Categories

Posted: 2022-06-01 Expires: 2022-08-31
Sponsored by:
ADP Logo

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Security Operations Center (SOC) Cloud Incident Responder (VP)

Citigroup
Irving, TX 75062

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast