Expoint - all jobs in one place

Finding the best job has never been easier

Limitless High-tech career opportunities - Expoint

Citi Group Cloud Security Engineer Incident Response VP C13 
United States, Texas, Houston 
894320576

Yesterday

Responsibilities

  • Lead and support in-depth triage and investigations of urgent cyber incidents and remediation in Cloud
  • Facilitate Cloud focused investigations by analyzing logs relevant to the underlying cloud service provider (CSP)
  • Utilize automation to gather forensic artifacts such as memory, disk, etc. for in-depth analysis and investigations
  • Take ownership of Cloud incidents and drive them to conclusion while documenting investigation analysis objectively capturing the Who, What, When, Where, Why and How as related to the incident
  • Develop, document and maintain operationally effective playbooks to deal with Cloud-based incidents
  • Perform Cloud-native automation to run resource containment actions as relevant to sources of compromise and/or malicious activities in scope
  • Conduct host-based analytical functions (e.g. digital forensics, metadata and data analysis) to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs)
  • Clearly and concisely articulate any recommendations that arise from investigative activities and converse confidently with both technical and non-technical stakeholders as needed
  • Own and drive the development of new automation capabilities and supporting playbooks as per assigned domains within Cloud
  • Actively participate in Threat modelling of new services/capabilities, readiness exercises such as purple team, tabletops, CTF’s etc.
  • Stay curious, current and up to date with the evolving landscape of threat activities, cybersecurity best practices, and newer Cloud services/capabilities

Qualifications

  • 4+ years' hands-on experience in Cloud Security owning security incident remediation with at least 2 years' experience working in Cyber Incident Response and Investigations in enterprise environments with Cloud and Forensics components
  • Hands-on DevSecOps experience with Cloud environments and underlying storage, compute, monitoring and security-oriented services
  • Hands-on experience with analyzing and pivoting through large data sets of logs
  • Prior experience with common security-focused Cloud services on one or more CSPs, i.e. AWS, GCP, Azure/M365
  • Experience with Container Orchestration services such as AWS EKS and/or GCP GKE along with methods and tools (e.g., Docker, Kubernetes)
  • Linux/UNIX OS specifically in command line (CLI) use and basic file system knowledge
  • Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.)
  • Proficient in basic scripting and automation of tasks (e.g., PowerShell, Python, CloudFormation, SSM Automation etc.)
  • Strong working knowledge of Networking Protocols and Cloud Infrastructure Designs including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols
  • Must have flexibility to work outside of normal business hours when necessary

Education

  • Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc.

1 of more of the following Certifications is highly preferred:

  • AWS Certified Solutions Architect - Professional
  • AWS Certified Security - Specialty
  • GCP Professional Architect
  • GCP Professional Cloud Security Engineer
  • Certified Kubernetes Security Specialist
  • SC-400 Information Protection and Compliance Administrator Associate
  • SC-200 Security Operations Analyst Associate
  • AZ-500 Azure Security Engineer Associate
  • MS-500 Microsoft 365 Certified: Security Administrator Associate

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Information Security

Full timeIrving Texas United States$125,760.00 - $188,640.00



Anticipated Posting Close Date:

Dec 03, 2024

View the " " poster. View the .

View the .

View the