Citigroup Inc.
About Citi
Citi, the leading global bank, has approximately 200 million customer accounts and operates in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
Job Overview Position: Sr. Cyber Incident Responder (SVP) – Security Operations Center (SOC) – Citi.
Summary: A highly skilled incident response practitioner who protects Citi’s infrastructure, assets, clients, and stakeholders. The role requires strong leadership, hands‑on technical expertise, and global exposure. The incumbent serves both as a technical subject‑matter expert and as an ambassador for the incident response team.
Responsibilities
Lead and/or support in‑depth triage and investigations of BAU and urgent cyber incidents across traditional, cloud, and hybrid environments.
Perform hands‑on incident response functions, including host‑based analytics (digital forensics, malware analysis, etc.) on Windows, Unix, appliance, and Mac OS X systems to uncover IOCs and TTPs.
Participate in incident response efforts using forensic and custom tools to identify sources of compromise and malicious activity.
Serve as the SOC incident response regional contact for major cyber events and security incidents, collaborating with global multidisciplinary teams to triage, define scope, and document investigative findings.
Provide security expertise to the SOC IR team, leveraging industry standards, and train and coach junior colleagues on best practices.
Partner with SOC Incident Response management on program governance activities, including developing and maintaining standards, procedures, metrics, reporting, and training.
Collaborate with other incident response functions such as Citi Security Investigative Services (CSIS) and Security Incident Management (SIM).
Oversee and participate in the hands‑on execution of SOC IR processes, identify and measure critical metrics, and continually improve service efficiency and effectiveness.
Provide updates to management regarding security event handling, trends, analysis, incident response resolution, and lessons learned.
Participate in readiness exercises such as purple team, tabletop, and others.
Requirements
Bachelor’s and master’s degree in a technically rigorous domain such as Computer Science, Information Security/Technology, Engineering, Digital Forensics, etc.
10+ years of professional experience in cybersecurity and/or information security or demonstrated equivalent capability.
8+ years hands‑on experience in cyber incident response and investigations in medium to large organizations with cloud and forensics components.
Incident response and hands‑on technical experience in a global financial institution.
Experience with performing and managing tasks of 24x7 Incident Response services.
Experience with creation, leading the development, implementation, and management of incident response plans and activities.
Proven leadership, communication, issue resolution, and performance management skills.
Lead by example.
Enable team success by being approachable and available.
Innovate and inspire others.
Embrace challenges and approach any failures as opportunities for learning and improvement.
Experience in Incident Response
Hands‑on experience with interpreting and pivoting through large data sets.
Current hands‑on experience in digital forensics (computer, network, mobile device forensics, and forensic data analysis).
Current expertise with an EDR system.
Multiple GIAC certifications (e.g., GCFE, GCFA, GREM, GCIH, GASF, GNFA) or other digital forensic and incident response certifications.
Experience in Operating Systems
Windows Operating Systems / UNIX / Mac OS X, specifically in system administration, command line use, and file system knowledge.
Experience in Basic Scripting and Automation
Proficient in basic scripting and automation of tasks (C/C++, PowerShell, JavaScript, Python, Bash, etc.).
Network Concepts and Understanding
Working knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols.
Benefits
Salary Range: $156,160.00 – $234,240.00.
Benefits include medical, dental & vision coverage; 401(k); life, accident, and disability insurance; wellness programs; paid time off; and paid holidays.
Discretionary and formulaic incentive and retention awards may also be included.
Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.
If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View Citi’s EEO Policy Statement and the Know Your Rights poster.
#J-18808-Ljbffr
Job Overview Position: Sr. Cyber Incident Responder (SVP) – Security Operations Center (SOC) – Citi.
Summary: A highly skilled incident response practitioner who protects Citi’s infrastructure, assets, clients, and stakeholders. The role requires strong leadership, hands‑on technical expertise, and global exposure. The incumbent serves both as a technical subject‑matter expert and as an ambassador for the incident response team.
Responsibilities
Lead and/or support in‑depth triage and investigations of BAU and urgent cyber incidents across traditional, cloud, and hybrid environments.
Perform hands‑on incident response functions, including host‑based analytics (digital forensics, malware analysis, etc.) on Windows, Unix, appliance, and Mac OS X systems to uncover IOCs and TTPs.
Participate in incident response efforts using forensic and custom tools to identify sources of compromise and malicious activity.
Serve as the SOC incident response regional contact for major cyber events and security incidents, collaborating with global multidisciplinary teams to triage, define scope, and document investigative findings.
Provide security expertise to the SOC IR team, leveraging industry standards, and train and coach junior colleagues on best practices.
Partner with SOC Incident Response management on program governance activities, including developing and maintaining standards, procedures, metrics, reporting, and training.
Collaborate with other incident response functions such as Citi Security Investigative Services (CSIS) and Security Incident Management (SIM).
Oversee and participate in the hands‑on execution of SOC IR processes, identify and measure critical metrics, and continually improve service efficiency and effectiveness.
Provide updates to management regarding security event handling, trends, analysis, incident response resolution, and lessons learned.
Participate in readiness exercises such as purple team, tabletop, and others.
Requirements
Bachelor’s and master’s degree in a technically rigorous domain such as Computer Science, Information Security/Technology, Engineering, Digital Forensics, etc.
10+ years of professional experience in cybersecurity and/or information security or demonstrated equivalent capability.
8+ years hands‑on experience in cyber incident response and investigations in medium to large organizations with cloud and forensics components.
Incident response and hands‑on technical experience in a global financial institution.
Experience with performing and managing tasks of 24x7 Incident Response services.
Experience with creation, leading the development, implementation, and management of incident response plans and activities.
Proven leadership, communication, issue resolution, and performance management skills.
Lead by example.
Enable team success by being approachable and available.
Innovate and inspire others.
Embrace challenges and approach any failures as opportunities for learning and improvement.
Experience in Incident Response
Hands‑on experience with interpreting and pivoting through large data sets.
Current hands‑on experience in digital forensics (computer, network, mobile device forensics, and forensic data analysis).
Current expertise with an EDR system.
Multiple GIAC certifications (e.g., GCFE, GCFA, GREM, GCIH, GASF, GNFA) or other digital forensic and incident response certifications.
Experience in Operating Systems
Windows Operating Systems / UNIX / Mac OS X, specifically in system administration, command line use, and file system knowledge.
Experience in Basic Scripting and Automation
Proficient in basic scripting and automation of tasks (C/C++, PowerShell, JavaScript, Python, Bash, etc.).
Network Concepts and Understanding
Working knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols.
Benefits
Salary Range: $156,160.00 – $234,240.00.
Benefits include medical, dental & vision coverage; 401(k); life, accident, and disability insurance; wellness programs; paid time off; and paid holidays.
Discretionary and formulaic incentive and retention awards may also be included.
Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.
If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View Citi’s EEO Policy Statement and the Know Your Rights poster.
#J-18808-Ljbffr