Citi Group Cloud Security Incident Response - Senior Analyst VP C13 

United States, Texas, Houston 

19065757

Responsibilities

• Lead and support in-depth triage and investigations of urgent cyber incidents and remediation in Cloud
• Facilitate Cloud focused investigations by analyzing logs relevant to the underlying cloud service provider (CSP)
• Utilize automation to gather forensic artifacts such as memory, disk, etc. for in-depth analysis and investigations
• Take ownership of Cloud incidents and drive them to conclusion while documenting investigation analysis objectively capturing the Who, What, When, Where, Why and How as related to the incident
• Develop, document and maintain operationally effective playbooks to deal with Cloud-based incidents
• Perform Cloud-native automation to run resource containment actions as relevant to sources of compromise and/or malicious activities in scope
• Conduct host-based analytical functions (e.g. digital forensics, metadata and data analysis) to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs)
• Clearly and concisely articulate any recommendations that arise from investigative activities and converse confidently with both technical and non-technical stakeholders as needed
• Own and drive the development of new automation capabilities and supporting playbooks as per assigned domains within Cloud
• Actively participate in Threat modelling of new services/capabilities, readiness exercises such as purple team, tabletops, CTF’s etc.
• Stay curious, current and up to date with the evolving landscape of threat activities, cybersecurity best practices, and newer Cloud services/capabilities

Qualifications

• 4+ years' hands-on experience in Cloud Security owning security incident remediation with at least 2 years' experience working in Cyber Incident Response and Investigations in enterprise environments with Cloud and Forensics components
• Hands-on DevSecOps experience with Cloud environments and underlying storage, compute, monitoring and security-oriented services
• Hands-on experience with analyzing and pivoting through large data sets of logs
• Prior experience with common security-focused Cloud services on one or more CSPs, i.e. AWS, GCP, Azure/M365
• Experience with Container Orchestration services such as AWS EKS and/or GCP GKE along with methods and tools (e.g., Docker, Kubernetes)
• Linux/UNIX OS specifically in command line (CLI) use and basic file system knowledge
• Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.)
• Proficient in basic scripting and automation of tasks (e.g., PowerShell, Python, CloudFormation, SSM Automation etc.)
• Strong working knowledge of Networking Protocols and Cloud Infrastructure Designs including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols
• Must have flexibility to work outside of normal business hours when necessary

Education

• Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc.

1 of more of the following Certifications is highly preferred:

• AWS Certified Solutions Architect - Professional
• AWS Certified Security - Specialty
• GCP Professional Architect
• GCP Professional Cloud Security Engineer
• Certified Kubernetes Security Specialist
• SC-400 Information Protection and Compliance Administrator Associate
• SC-200 Security Operations Analyst Associate
• AZ-500 Azure Security Engineer Associate
• MS-500 Microsoft 365 Certified: Security Administrator Associate

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Anticipated Posting Close Date:

View the " " poster. View the .

View the .

View the