Citi Group Info Sec Tech Lead Analyst - C13 IRVING Hybrid 

United States, Texas, Irving 

683347568

Citi'sSecurity Operations Center (SOC) Incident ResponseTeam seeks a highly skilled and experiencedincident response practitionerto support critical efforts aimed at protecting Citi infrastructure, assets, clients and stakeholders. This is a demanding role with global exposure and responsibility. You will serve both as a technical subject matter expert and as an ambassador for the incident response team. You will be assigned to Citi's SOC and will collaborate closely with a talented cadre of security specialists and incident responders to react urgently tosecurity events. Your observations and recommendations will impact security decisions across the organization, and play an important part in maturing Citi's security posture.

As an individual contributor, you will be a hands-onfirst responder who triages and investigates cybersecurity incidents incloud,, and hybrid environments.One guarantee is that no two days will be the same.

Related activities include but are not limited to:

• Lead and/or support in-depth triage and investigations of urgent cyber incidents incloud, traditional, and hybrid environments.
• Perform incident response functions including but not limited to host-based analytical functions (e.g. digital forensics, metadata, malware analysis, etc.) through investigating Windows, Unix based, appliances, and Mac OS X systems to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs).
• Create and track metrics based on the MITRE ATT&CK Framework and otherstandard security-focusedmodels.
• Work withapplication and infrastructure stakeholdersto identify key components and information sources such as environments (on-premisesversus cloud), servers, workstations, middleware, applications, databases,logs, etc.
• Participate in incident response efforts usingforensicand other custom tools to identify any sources of compromise and/or malicious activities taking place.
• Collaborate with global multidisciplinary groups for triaging and defining the scope oflarge scaleincidents.
• Document andpresent investigative findings for high profile events and other incidents of interest.
• Participate in readiness exercises such as purple team, table tops, etc.
• Trainjunior colleagues on relevant best practices.

You should be all of the following:

A skilled and creativeincident responder.Success will depend on your ability to:

• Stay current with the evolving landscape of threat activities and cybersecurity best practices.
• Quickly synthesize information from disparate sources.
• Scrutinize evidence thoroughly to identify relationships and develop leads.
• Establish defensible working theories to explain observations and findings.
• Perform investigations in a forensically sound manner.

A goal oriented individual contributor. Success will depend on your ability to:

• Stay motivated and work independently with minimal oversight.
• Adapt to changing requirements in a fast paced environment.
• Multitask and meet deadlines despite competing priorities.
• Navigate operational impediments in order to complete time sensitive tasks.
• Identify and document any opportunities for process improvement.

. Success will depend on your ability to:

• Practice mutual respect at all times.
• Establish trust and build strong partnerships.
• Resolve conflict in a constructive manner and use as an opportunity to develop team unity.
• Prioritize collective success ahead of individual ambition.

A great communicator. Success will depend on your ability to:

• Establish clear narratives to describe investigative findings and working theories.
• Clearly and concisely articulate any recommendations that arise from investigative activities.
• Motivate colleagues and partners to cooperate and support as needed.
• Exert influence both verbally and in writing.

A passionate leader. Success will depend on your ability to:

• Lead by example.
• Enable team success by being approachable and available.
• Innovate and inspire others.
• Embrace challenges and approach any failures as opportunities for learning and improvement.

Education, knowledge, and Experience:

• Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc.
• 5+ years of professional experience in cybersecurity and/or information security, or demonstrated equivalent capability.
• 2+ years hands-on working incyber incident response and investigations in medium to large organizations with cloud and forensics components.

Incident Response

• Hands-on experience with analyzing and pivoting through large data sets
• Current hands-on experience in digital forensics (e.g. computer, network, mobile device forensics, and forensic data analysis, etc.).
  • Activities include but not limited to:
    • Memory collection and analysis from various platforms
    • Evidencepreservation, following industry best practices.
    • Familiarity with malware analysis and Reverse Engineering of samples (e.g. static, dynamic, de-obfuscation, unpacking)
    • In-depth File system knowledge and analysis.
    • In-depth experience with timeline analysis.
    • In-depth experience with Registry, event, and other log file and artifact analysis.
• Hands-on experience with a DFIR toolset and related scripting
• Current expertise with an EDR system
• One or more GIAC (e.g. GCFE, GCFA, GREM, GCIH, GASF, GNFA, etc.) or other digital forensic and/or incident response certifications.

Experience in the following operating systems:

• Windows Operating Systems / UNIX / Mac OS X, specifically in system administration, command line use, and file system knowledge.

Experience in Basic Scripting and Automation

• Proficient in basic scripting and automation of tasks (e.g. C/C++, Powershell, JavaScript, Python, bash, etc.).

Network Concepts and Understanding

• Working knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols.

Other

• Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.)
• Working knowledge of virtualization products (e.g. VMware Workstation)
• Must have flexibility to work outside of normal business hours when necessary.
• Exceptional candidates from non-traditional backgrounds or who otherwise do not meet all of these criteria may be considered for the role provided theydemonstrate sufficientskill and experience.

Anticipated Posting Close Date:

View the " " poster. View the .

View the .

View the