Citi Group SOC Insider Threat Analyst Lead VP C13 

United States, Texas, Irving 

777742411

The Role:

The SOC Insider Threat Analyst Lead is an integral part of Citi's Cybersecurity Services as part of our Global Security Operations Center. The role will be part of the Global SOC. The SOC is responsible for monitoring, analyzing, and responding to cybersecurity and infrastructure threats on a 24x7 basis.

Responsibilities

• Strong hands-on experience in security incident response and/or insider threat
• Design queries, visualizations, use cases and reports leveraging Splunk
• Evaluate controls to help mitigate negative outcomes through prevention, detection, and correction
• Follow pre-defined actions to investigate possible security incidents or perform incident response actions, including escalating to other support groups
• Identifies the risks of negative outcomes including inadvertent error or fraud
• Ensures ongoing compliance with regulatory requirements
• Recommend and review new use cases for insider threat monitoring
• Support the development and enhancement of SOC incident response capabilities
• Execute daily ad hoc tasks or lead projects as needed
• Participate in or lead daily and ad-hoc conference calls; Create, update or provide process documentation, or provide requested evidence for compliance & controls requests

Qualifications

• 5+ years' experience working in the Security Operations/SOC field with most or all of the qualifications listed below
• 2+ years' experience working in an Insider Threat capacity
• Strong hands-on experience with monitoring, research, assessment and analysis on alerts from various security technologies including SIEM, DLP (i.e. Symantec, Forcepoint), Endpoint (i.e. Tanium, Crowdstrike) anomaly detection systems, user behavior & entity analytics
• Strong proficiency with intrusion detection and prevention systems, network security products (IDS/IPS, firewalls, etc.) and host security products (HIPS, AV, EDR, etc.)
• Extensive experience using Splunk Enterprise to create queries, visualizations, and other reporting functions to identify anomalous activity
• Proven experience with insider threat investigations, network security, and working with Windows and other OS (i.e. Linux/Unix)
• Experience with scripting in Python is a big plus
• Experience with proxy devices (i.e. ArcSight, Arbor PeakFlow, Palo Alto Networks, etc.) is a big plus
• Passion for learning and collaborating with others
• Detail oriented and accustomed to working in high pressure environments
• Exposure to penetration testing is a plus

Education

• Bachelor’s degree or higher in Computer Science/Cybersecurity or equivalent work experience
• Certifications from EC-Council, GIAC, or (ISC)² are preferred (i.e. CISSP, C|EH, GCIA, CCNA) or must be willing to attain within first year of employment

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Anticipated Posting Close Date:

View the " " poster. View the .

View the .

View the