Citi Group Lead Cyber Threat Intelligence Analyst VP C13 

United States, New York, New York 

875434289

Responsibilities

• Actively monitor and research cyber threats with a direct or indirect impact to Citi and examine associated tools, techniques, and procedures (TTP) to reconstruct attacker workflows
• Produce high quality, timely, and actionable alerts that drive decision making across the firm
• Analyze Indicators of Compromise (IOCs) and conduct pivots via paid and open-source tooling
• Map threats to the MITRE ATT&CK framework and communicate effective mitigation procedures where appropriate
• Expand research and information scope using common enrichment platforms including creating YARA rules for indicator pivoting and hunting
• Produce actionable cyber threat intelligence products using a variety of internal and external sources that describe trends and shifts in the cyber threat landscape
• Evaluates tools, services, and processes to enhance the team’s threat analysis capability
• Support Cyber Intelligence Center (CIC) requests, investigations, and collaboration with global Citi CIC, Citi Fusion Center, SOC, and VA staff members in a Follow-the-Sun model
• Regularly provide intelligence briefs to technical, non-technical, and executive-level stakeholders

Qualifications

• 5+ years' experience working in Cyber Threat Intelligence is required
• Hands-on experience with and advanced knowledge of the Threat Intelligence Lifecycle, the MITRE ATT&CK framework, and Cyber Threat Actor capabilities, motivations, and tool sets to assess risk
• Ability to discern patterns of threat actor behavior at the technical level
• 3+ years' experience performing technical analysis including but not limited to threat hunting, malware analysis, forensics, or incident response is highly preferred
• Strong technical proficiency in the use of tools, techniques, and countermeasures
• Experience analyzing information derived from threat intelligence vendors and platforms
• Must have strong written and verbal communication
• Ability to work independently with little oversight in a large, fast-paced and operationally focused environment
• Prior experience in the financial industry is a plus
• Basic knowledge of financial payment systems (e.g., SWIFT) is a plus

Education

• Bachelor’s/University degree or equivalent experience preferably in one of the following areas: Cybersecurity, Information Security, Information Technology, Computer Science, etc.
• Any of these Certifications are highly preferred: CISSP, GIAC’s GREM, GCFA, and/or GCTI

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Anticipated Posting Close Date:

View the " " poster. View the .

View the .

View the