Citi
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients best interests. Our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.
Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride.
Citi's Security Operations Center (SOC) Cloud Incident Response Team seeks a highly skilled and experienced M365 Incident Response practitioner to support critical efforts aimed at protecting Citi public cloud infrastructure, assets, clients, and stakeholders. This is a demanding role with global exposure and responsibility.
Responsibilities
Act as a subject matter expert on incident response for Entra ID and M365 set of services Collaborate across teams to develop capabilities that support incident response and forensic analysis of M365 incidents Design, implement, and participate in the incident response processes specific to Entra ID and M365 deployments Develop, document, and maintain operationally effective playbooks to deal with cloud-based incidents Collaborate with global multidisciplinary groups for triaging and defining the scope of large-scale incidents Document and present investigative findings for high-profile events and other incidents of interest Participate in readiness exercises such as purple team, table tops, etc. Train junior colleagues on relevant best practices Mitigate risk by analyzing the root cause of issues, impacts to business, and required corrective actions and develop security solutions Provide Information Security advice and counsel as needed Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients, and assets Qualifications
Consistently demonstrates clear and concise written and verbal communication Proven influencing and relationship management skills Strong understanding of security incident response processes, excellent technical documentation skills, and proven analytical skills Knowledge of the tools and processes to provide operational security support to the Microsoft 365 (M365) ecosystem Advanced proficiency with Microsoft 365 services and their security configurations Hands-on experience with M365 including configuration, analysis, and pivoting through large data sets and security best practices Experience with Identity and Access Management and M365 services - OneDrive, Teams, SharePoint, Exchange Online, etc. Proficient with Azure/M365 tenant capabilities and roles that support incident response/forensic analysis Experience with various log aggregation/data analytics tools, such as Splunk, Elasticsearch, etc. Industry-accredited certifications will be required Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. #J-18808-Ljbffr
Act as a subject matter expert on incident response for Entra ID and M365 set of services Collaborate across teams to develop capabilities that support incident response and forensic analysis of M365 incidents Design, implement, and participate in the incident response processes specific to Entra ID and M365 deployments Develop, document, and maintain operationally effective playbooks to deal with cloud-based incidents Collaborate with global multidisciplinary groups for triaging and defining the scope of large-scale incidents Document and present investigative findings for high-profile events and other incidents of interest Participate in readiness exercises such as purple team, table tops, etc. Train junior colleagues on relevant best practices Mitigate risk by analyzing the root cause of issues, impacts to business, and required corrective actions and develop security solutions Provide Information Security advice and counsel as needed Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients, and assets Qualifications
Consistently demonstrates clear and concise written and verbal communication Proven influencing and relationship management skills Strong understanding of security incident response processes, excellent technical documentation skills, and proven analytical skills Knowledge of the tools and processes to provide operational security support to the Microsoft 365 (M365) ecosystem Advanced proficiency with Microsoft 365 services and their security configurations Hands-on experience with M365 including configuration, analysis, and pivoting through large data sets and security best practices Experience with Identity and Access Management and M365 services - OneDrive, Teams, SharePoint, Exchange Online, etc. Proficient with Azure/M365 tenant capabilities and roles that support incident response/forensic analysis Experience with various log aggregation/data analytics tools, such as Splunk, Elasticsearch, etc. Industry-accredited certifications will be required Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. #J-18808-Ljbffr