Hobbsnews
Security Operation Center - Incident Response Engineer (SVP)
Hobbsnews, Irving, Texas, United States, 75084
Overview
Citi’s Security Operations Center (SOC) Incident Response Team seeks a highly skilled and experienced incident response hands-on practitioner to support and execute critical efforts aimed at protecting Citi infrastructure, assets, clients, and stakeholders. This is a demanding role with global exposure and responsibility. You will serve both as a technical subject matter expert and as an ambassador for the incident response team. You will be assigned to Citi's SOC and will collaborate closely with a talented cadre of security specialists and incident responders to triage and contain security events. Your observations and recommendations will impact security decisions across the organization and play an important part in maturing Citi's security posture. This position requires strong leadership, active in-depth hands-on technical expertise, and prior experience in global cyber incident response operations within a SOC. As a Senior Vice President, you will assist a group of incident response professionals who triage and investigate cybersecurity incidents in cloud, traditional (on-premises), and hybrid environments. This position will be technically challenging and rewarding, but will also provide ample opportunity to establish partnerships, mentor colleagues and shape team culture. We are looking for a Sr. Cyber Incident Responder (SVP). The ideal candidate will be a technically experienced hands-on individual contributor and innovative security professional who has the ability and experience to lead a team of security professionals and execute broad security goals within a global team. Candidates should be experienced in coaching junior team members. Responsibilities
Lead and/or support in-depth triage and investigations of BAU, and urgent cyber incidents in traditional, and hybrid environments. Perform hands-on incident response functions including but not limited to host-based analytical functions (e.g. digital forensics, metadata, malware analysis, etc.) through investigating Windows, Unix based, appliances, and Mac OS X systems to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs). Participate in incident response efforts using forensic and other custom tools to identify any sources of compromise and/or malicious activities taking place. Serve as the SOC incident response regional contact in major cyber events and security incidents, collaborating with global multidisciplinary groups to triage and define scope, and documenting and presenting investigative findings. Provide security expertise to the SOC IR team, leveraging industry standards as appropriate. Train and coach junior colleagues on relevant best practices. Partner with SOC Incident Response management on all program governance activities, including the development and/or maintenance of standards, procedures, metrics, reporting and training. Collaborate with other incident response functions such as Citi Security Investigative Services (CSIS) and Security Incident Management (SIM). Oversee and participate in the hands-on execution of SOC IR processes. Identify and measure critical metrics and continually improve the efficiency and effectiveness of all core services in scope. Provide appropriate updates to management regarding security event handling, trends, analysis, incident response resolutions and lessons learned. Participate in readiness exercises such as purple team, tabletop, etc. Qualifications
Bachelor’s and master’s degree in a technically rigorous domain such as Computer Science, Information Security/Technology, Engineering, Digital Forensics, etc. 10+ years of professional experience in cybersecurity and/or information security or demonstrated equivalent capability. 8+ years hands-on working in cyber incident response and investigations in medium to large organizations with cloud and forensics components. Incident response and hands-on technical experience in a global financial institution. Experience with performing and managing tasks of 24x7 Incident Response services. Experience with creation, leading the development, implementation, and management of incident response plans and response activities. Proven leadership, communication, issue resolution and performance management skills. Lead by example. Enable team success by being approachable and available. Innovate and inspire others. Embrace challenges and approach any failures as opportunities for learning and improvement. Experience in Incident Response Hands-on experience with interpreting and pivoting through large data sets. Current hands-on experience in digital forensics (e.g. computer, network, mobile device forensics, and forensic data analysis, etc.). Activities include but not limited to: Memory collection and analysis from various platforms Evidence preservation, and chain of custody following industry best practices. Familiarity with malware analysis and Reverse Engineering of samples (e.g. static, dynamic, de-obfuscation, unpacking) In-depth File system knowledge and understanding. In-depth experience with timeline analysis. In-depth experience with Registry, event, and other log file and artifact analysis. Hands-on experience with a DFIR toolset and related scripting Current expertise with an EDR system More than one GIAC (e.g. GCFE, GCFA, GREM, GCIH, GASF, GNFA, etc.) or other digital forensic and/or incident response certifications. Experience in the following operating systems: Windows Operating Systems / UNIX / Mac OS X, specifically in system administration, command line use, and file system knowledge. Experience in Basic Scripting and Automation Proficient in basic scripting and automation of tasks (e.g. C/C++, Powershell, JavaScript, Python, bash, etc.). Network Concepts and Understanding Working knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols. Other EEO statements and benefits information are provided for context and compliance purposes as part of Citi’s career postings and internal guidelines. This summary is not intended to modify or replace any legal disclosures; for full details, refer to Citi benefits information and EEO policy statements within the posting.
#J-18808-Ljbffr
Citi’s Security Operations Center (SOC) Incident Response Team seeks a highly skilled and experienced incident response hands-on practitioner to support and execute critical efforts aimed at protecting Citi infrastructure, assets, clients, and stakeholders. This is a demanding role with global exposure and responsibility. You will serve both as a technical subject matter expert and as an ambassador for the incident response team. You will be assigned to Citi's SOC and will collaborate closely with a talented cadre of security specialists and incident responders to triage and contain security events. Your observations and recommendations will impact security decisions across the organization and play an important part in maturing Citi's security posture. This position requires strong leadership, active in-depth hands-on technical expertise, and prior experience in global cyber incident response operations within a SOC. As a Senior Vice President, you will assist a group of incident response professionals who triage and investigate cybersecurity incidents in cloud, traditional (on-premises), and hybrid environments. This position will be technically challenging and rewarding, but will also provide ample opportunity to establish partnerships, mentor colleagues and shape team culture. We are looking for a Sr. Cyber Incident Responder (SVP). The ideal candidate will be a technically experienced hands-on individual contributor and innovative security professional who has the ability and experience to lead a team of security professionals and execute broad security goals within a global team. Candidates should be experienced in coaching junior team members. Responsibilities
Lead and/or support in-depth triage and investigations of BAU, and urgent cyber incidents in traditional, and hybrid environments. Perform hands-on incident response functions including but not limited to host-based analytical functions (e.g. digital forensics, metadata, malware analysis, etc.) through investigating Windows, Unix based, appliances, and Mac OS X systems to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs). Participate in incident response efforts using forensic and other custom tools to identify any sources of compromise and/or malicious activities taking place. Serve as the SOC incident response regional contact in major cyber events and security incidents, collaborating with global multidisciplinary groups to triage and define scope, and documenting and presenting investigative findings. Provide security expertise to the SOC IR team, leveraging industry standards as appropriate. Train and coach junior colleagues on relevant best practices. Partner with SOC Incident Response management on all program governance activities, including the development and/or maintenance of standards, procedures, metrics, reporting and training. Collaborate with other incident response functions such as Citi Security Investigative Services (CSIS) and Security Incident Management (SIM). Oversee and participate in the hands-on execution of SOC IR processes. Identify and measure critical metrics and continually improve the efficiency and effectiveness of all core services in scope. Provide appropriate updates to management regarding security event handling, trends, analysis, incident response resolutions and lessons learned. Participate in readiness exercises such as purple team, tabletop, etc. Qualifications
Bachelor’s and master’s degree in a technically rigorous domain such as Computer Science, Information Security/Technology, Engineering, Digital Forensics, etc. 10+ years of professional experience in cybersecurity and/or information security or demonstrated equivalent capability. 8+ years hands-on working in cyber incident response and investigations in medium to large organizations with cloud and forensics components. Incident response and hands-on technical experience in a global financial institution. Experience with performing and managing tasks of 24x7 Incident Response services. Experience with creation, leading the development, implementation, and management of incident response plans and response activities. Proven leadership, communication, issue resolution and performance management skills. Lead by example. Enable team success by being approachable and available. Innovate and inspire others. Embrace challenges and approach any failures as opportunities for learning and improvement. Experience in Incident Response Hands-on experience with interpreting and pivoting through large data sets. Current hands-on experience in digital forensics (e.g. computer, network, mobile device forensics, and forensic data analysis, etc.). Activities include but not limited to: Memory collection and analysis from various platforms Evidence preservation, and chain of custody following industry best practices. Familiarity with malware analysis and Reverse Engineering of samples (e.g. static, dynamic, de-obfuscation, unpacking) In-depth File system knowledge and understanding. In-depth experience with timeline analysis. In-depth experience with Registry, event, and other log file and artifact analysis. Hands-on experience with a DFIR toolset and related scripting Current expertise with an EDR system More than one GIAC (e.g. GCFE, GCFA, GREM, GCIH, GASF, GNFA, etc.) or other digital forensic and/or incident response certifications. Experience in the following operating systems: Windows Operating Systems / UNIX / Mac OS X, specifically in system administration, command line use, and file system knowledge. Experience in Basic Scripting and Automation Proficient in basic scripting and automation of tasks (e.g. C/C++, Powershell, JavaScript, Python, bash, etc.). Network Concepts and Understanding Working knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols. Other EEO statements and benefits information are provided for context and compliance purposes as part of Citi’s career postings and internal guidelines. This summary is not intended to modify or replace any legal disclosures; for full details, refer to Citi benefits information and EEO policy statements within the posting.
#J-18808-Ljbffr