Citigroup Inc
Security Operations Center Incident Responder, VP
Citigroup Inc, Irving, Texas, United States, 75084
Security Operations Center Incident Responder, VP
Discover your future at Citi. Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you'll have the opportunity to grow your career, give back to your community and make a real impact. The Chief Information Security Office (CISO) is made up of deeply dedicated and talented colleagues who work together to ensure the safety of Citi's and our clients' assets and information. We manage information security as an end-to-end program one with a clear mandate and accountability. Our mission is to continually execute and enhance a global security program that is fully anchored to modern control and security frameworks, fully aligned with the technology of the firm, threat-focused and data-driven, and deeply integrated across all Citi businesses globally. We are seeking a Security Operations Center Incident Responder. Being talent-driven, we are focused on attracting, developing, and retaining diverse and inclusive talent with a high technical skill level. As a member of our team we will provide you with career development opportunities at all stages of your career. Our employees model a passion for protecting Citi and our clients and believe in treating others with dignity and respect. Our commitment to diversity includes a workforce that represents the clients we serve globally from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We'll enable growth and progress together. Required Qualifications: Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc. 5+ years of professional experience in cybersecurity and/or information security, or demonstrated equivalent capability. 2+ years hands-on working in cyber incident response and investigations in medium to large organizations with cloud and forensics components. Experience in Cloud Forensics/IR: Hands-on Dev/Sec/Ops experience with cloud environments and underlying storage, compute and monitoring services Prior experience with cloud common services Hands-on experience with forensic investigations or large scale incident response in cloud environments. Hands-on experience with containerization methods and tools (e.g. Docker, Kubernetes) including incident response and digital forensics. Certifications (e.g. GIAC, AWS, etc) in cloud or demonstrated equivalent capability. Experience in Incident Response: Hands-on experience with analyzing and pivoting through large data sets Current hands-on experience in digital forensics (e.g. computer, network, mobile device forensics, and forensic data analysis, etc.). Activities include but not limited to: Memory collection and analysis from various platforms Evidence preservation, following industry best practices. Familiarity with malware analysis and Reverse Engineering of samples (e.g. static, dynamic, de-obfuscation, unpacking) In-depth File system knowledge and analysis. In-depth experience with timeline analysis. In-depth experience with Registry, event, and other log file and artifact analysis. Hands-on experience with a DFIR toolset and related scripting Current expertise with an EDR system One or more GIAC (e.g. GCFE, GCFA, GREM, GCIH, GASF, GNFA, etc.) or other digital forensic and/or incident response certifications. Experience in the following operating systems: Windows Operating Systems / UNIX / Mac OS X, specifically in system administration, command line use, and file system knowledge. Experience in Basic Scripting and Automation: Proficient in basic scripting and automation of tasks (e.g. C/C++, Powershell, JavaScript, Python, bash, etc.). Citi's Security Operations Center (SOC) Incident Response Team seeks a highly skilled and experienced incident response practitioner to support critical efforts aimed at protecting Citi infrastructure, assets, clients and stakeholders. This is a demanding role with global exposure and responsibility. You will serve both as a technical subject matter expert and as an ambassador for the incident response team. You will be assigned to Citi's SOC and will collaborate closely with a talented cadre of security specialists and incident responders to react urgently to security events. Your observations and recommendations will impact security decisions across the organization, and play an important part in maturing Citi's security posture. As an individual contributor, you will be a hands-on first responder who triages and investigates cybersecurity incidents in cloud, traditional (i.e. on-premises), and hybrid environments. This position will be technically challenging and rewarding, but will also provide ample opportunity to establish partnerships, mentor colleagues and shape team culture. One guarantee is that no two days will be the same. Responsibilities: Lead and/or support in-depth triage and investigations of urgent cyber incidents in cloud, traditional, and hybrid environments. Perform incident response functions including but not limited to host-based analytical functions (e.g. digital forensics, metadata, malware analysis, etc.) through investigating Windows, Unix based, appliances, and Mac OS X systems to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs). Create and track metrics based on the MITRE ATT&CK Framework and other standard security-focused models. Work with application and infrastructure stakeholders to identify key components and information sources such as environments (on-premises versus cloud), servers, workstations, middleware, applications, databases, logs, etc. Participate in incident response efforts using forensic and other custom tools to identify any sources of compromise and/or malicious activities taking place. Collaborate with global multidisciplinary groups for triaging and defining the scope of large scale incidents. Document and present investigative findings for high profile events and other incidents of interest. Participate in readiness exercises such as purple team, table tops, etc. Train junior colleagues on relevant best practices. Network Concepts and Understanding: Working knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols. Other: Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.) Working knowledge of virtualization products (e.g. VMware Workstation) Must have flexibility to work outside of normal business hours when necessary. Exceptional candidates from non-traditional backgrounds or who otherwise do not meet all of these criteria may be considered for the role provided they demonstrate sufficient skill and experience. Job Family Group: Technology Job Family: Information Security Time Type: Full time Primary Location: Irving Texas United States Primary Location Full Time Salary Range: $125,760.00 - $188,640.00 In addition to salary, Citi's offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire. Most Relevant Skills: Please see the requirements listed above. Other Relevant Skills: For complementary skills, please see above and/or contact the recruiter. Anticipated Posting Close Date: Oct 08, 2025 Citi is an equal opportunity employer, and
Discover your future at Citi. Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you'll have the opportunity to grow your career, give back to your community and make a real impact. The Chief Information Security Office (CISO) is made up of deeply dedicated and talented colleagues who work together to ensure the safety of Citi's and our clients' assets and information. We manage information security as an end-to-end program one with a clear mandate and accountability. Our mission is to continually execute and enhance a global security program that is fully anchored to modern control and security frameworks, fully aligned with the technology of the firm, threat-focused and data-driven, and deeply integrated across all Citi businesses globally. We are seeking a Security Operations Center Incident Responder. Being talent-driven, we are focused on attracting, developing, and retaining diverse and inclusive talent with a high technical skill level. As a member of our team we will provide you with career development opportunities at all stages of your career. Our employees model a passion for protecting Citi and our clients and believe in treating others with dignity and respect. Our commitment to diversity includes a workforce that represents the clients we serve globally from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We'll enable growth and progress together. Required Qualifications: Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc. 5+ years of professional experience in cybersecurity and/or information security, or demonstrated equivalent capability. 2+ years hands-on working in cyber incident response and investigations in medium to large organizations with cloud and forensics components. Experience in Cloud Forensics/IR: Hands-on Dev/Sec/Ops experience with cloud environments and underlying storage, compute and monitoring services Prior experience with cloud common services Hands-on experience with forensic investigations or large scale incident response in cloud environments. Hands-on experience with containerization methods and tools (e.g. Docker, Kubernetes) including incident response and digital forensics. Certifications (e.g. GIAC, AWS, etc) in cloud or demonstrated equivalent capability. Experience in Incident Response: Hands-on experience with analyzing and pivoting through large data sets Current hands-on experience in digital forensics (e.g. computer, network, mobile device forensics, and forensic data analysis, etc.). Activities include but not limited to: Memory collection and analysis from various platforms Evidence preservation, following industry best practices. Familiarity with malware analysis and Reverse Engineering of samples (e.g. static, dynamic, de-obfuscation, unpacking) In-depth File system knowledge and analysis. In-depth experience with timeline analysis. In-depth experience with Registry, event, and other log file and artifact analysis. Hands-on experience with a DFIR toolset and related scripting Current expertise with an EDR system One or more GIAC (e.g. GCFE, GCFA, GREM, GCIH, GASF, GNFA, etc.) or other digital forensic and/or incident response certifications. Experience in the following operating systems: Windows Operating Systems / UNIX / Mac OS X, specifically in system administration, command line use, and file system knowledge. Experience in Basic Scripting and Automation: Proficient in basic scripting and automation of tasks (e.g. C/C++, Powershell, JavaScript, Python, bash, etc.). Citi's Security Operations Center (SOC) Incident Response Team seeks a highly skilled and experienced incident response practitioner to support critical efforts aimed at protecting Citi infrastructure, assets, clients and stakeholders. This is a demanding role with global exposure and responsibility. You will serve both as a technical subject matter expert and as an ambassador for the incident response team. You will be assigned to Citi's SOC and will collaborate closely with a talented cadre of security specialists and incident responders to react urgently to security events. Your observations and recommendations will impact security decisions across the organization, and play an important part in maturing Citi's security posture. As an individual contributor, you will be a hands-on first responder who triages and investigates cybersecurity incidents in cloud, traditional (i.e. on-premises), and hybrid environments. This position will be technically challenging and rewarding, but will also provide ample opportunity to establish partnerships, mentor colleagues and shape team culture. One guarantee is that no two days will be the same. Responsibilities: Lead and/or support in-depth triage and investigations of urgent cyber incidents in cloud, traditional, and hybrid environments. Perform incident response functions including but not limited to host-based analytical functions (e.g. digital forensics, metadata, malware analysis, etc.) through investigating Windows, Unix based, appliances, and Mac OS X systems to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs). Create and track metrics based on the MITRE ATT&CK Framework and other standard security-focused models. Work with application and infrastructure stakeholders to identify key components and information sources such as environments (on-premises versus cloud), servers, workstations, middleware, applications, databases, logs, etc. Participate in incident response efforts using forensic and other custom tools to identify any sources of compromise and/or malicious activities taking place. Collaborate with global multidisciplinary groups for triaging and defining the scope of large scale incidents. Document and present investigative findings for high profile events and other incidents of interest. Participate in readiness exercises such as purple team, table tops, etc. Train junior colleagues on relevant best practices. Network Concepts and Understanding: Working knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols. Other: Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.) Working knowledge of virtualization products (e.g. VMware Workstation) Must have flexibility to work outside of normal business hours when necessary. Exceptional candidates from non-traditional backgrounds or who otherwise do not meet all of these criteria may be considered for the role provided they demonstrate sufficient skill and experience. Job Family Group: Technology Job Family: Information Security Time Type: Full time Primary Location: Irving Texas United States Primary Location Full Time Salary Range: $125,760.00 - $188,640.00 In addition to salary, Citi's offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire. Most Relevant Skills: Please see the requirements listed above. Other Relevant Skills: For complementary skills, please see above and/or contact the recruiter. Anticipated Posting Close Date: Oct 08, 2025 Citi is an equal opportunity employer, and