Citigroup Inc
Cloud Security Engineer (Incident Response), VP (C13)
Citigroup Inc, Irving, Texas, United States, 75084
About Citi:
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.
Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.
The Role:
Citi's
Cloud Incident Response (IR) Team
is looking for a highly skilled and experienced cloud incident response practitioner to support critical efforts aimed at protecting Citi public cloud infrastructure, assets, clients and stakeholders. This is a critical role with global visibility and responsibility. This candidate will be a technical SME and an ambassador for the Cloud Incident Response team. They will be assigned to Citi's Vulnerability Assessments and Cloud SecOps team and collaborate closely with a talented group of cloud security specialists and incident responders to react urgently to cybersecurity events. The observations and recommendations generated in this role will impact security decisions across the organization and play an important part in maturing Citi's security posture.
Responsibilities
Lead and support in-depth triage and investigations of urgent cyber incidents and remediation in Cloud
Facilitate Cloud focused investigations by analyzing logs relevant to the underlying cloud service provider (CSP)
Utilize automation to gather forensic artifacts such as memory, disk, etc. for in-depth analysis and investigations
Take ownership of Cloud incidents and drive them to conclusion while documenting investigation analysis objectively capturing the Who, What, When, Where, Why and How as related to the incident
Develop, document and maintain operationally effective playbooks to deal with Cloud-based incidents
Perform Cloud-native automation to run resource containment actions as relevant to sources of compromise and/or malicious activities in scope
Conduct host-based analytical functions (e.g. digital forensics, metadata and data analysis) to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs)
Clearly and concisely articulate any recommendations that arise from investigative activities and converse confidently with both technical and non-technical stakeholders as needed
Own and drive the development of new automation capabilities and supporting playbooks as per assigned domains within Cloud
Actively participate in Threat modelling of new services/capabilities, readiness exercises such as purple team, tabletops, CTF’s etc.
Stay curious, current and up to date with the evolving landscape of threat activities, cybersecurity best practices, and newer Cloud services/capabilities
Qualifications
4+ years' hands-on experience in Cloud Security owning security incident remediation with at least 2 years' experience working in Cyber Incident Response and Investigations in enterprise environments with Cloud and Forensics components
Hands-on DevSecOps experience with Cloud environments and underlying storage, compute, monitoring and security-oriented services
Hands-on experience with analyzing and pivoting through large data sets of logs
Prior experience with common security-focused Cloud services on one or more CSPs, i.e. AWS, GCP, Azure/M365
Experience with Container Orchestration services such as AWS EKS and/or GCP GKE along with methods and tools (e.g., Docker, Kubernetes)
Linux/UNIX OS specifically in command line (CLI) use and basic file system knowledge
Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.)
Proficient in basic scripting and automation of tasks (e.g., PowerShell, Python, CloudFormation, SSM Automation etc.)
Strong working knowledge of Networking Protocols and Cloud Infrastructure Designs including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols
Must have flexibility to work outside of normal business hours when necessary
Education
Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc.
1 of more of the following Certifications is highly preferred:
AWS Certified Solutions Architect - Professional
AWS Certified Security - Specialty
GCP Professional Architect
GCP Professional Cloud Security Engineer
Certified Kubernetes Security Specialist
SC-400 Information Protection and Compliance Administrator Associate
SC-200 Security Operations Analyst Associate
AZ-500 Azure Security Engineer Associate
MS-500 Microsoft 365 Certified: Security Administrator Associate
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
Job Family Group:
Technology
Job Family:
Information Security
Time Type:
Full time
Primary Location:
Irving Texas United States
Primary Location Full Time Salary Range:
$125,760.00 - $188,640.00
In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.
Anticipated Posting Close Date:
Dec 31, 2024
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review
Accessibility at Citi (https://www.citigroup.com/citi/accessibility/application-accessibility.htm)
.
View the "EEO is the Law (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/eeopost.pdf) " poster. View the EEO is the Law Supplement (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf) .
View the EEO Policy Statement (http://citi.com/citi/diversity/assets/pdf/eeo_aa_policy.pdf) .
View the Pay Transparency Posting (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf)
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.
Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.
The Role:
Citi's
Cloud Incident Response (IR) Team
is looking for a highly skilled and experienced cloud incident response practitioner to support critical efforts aimed at protecting Citi public cloud infrastructure, assets, clients and stakeholders. This is a critical role with global visibility and responsibility. This candidate will be a technical SME and an ambassador for the Cloud Incident Response team. They will be assigned to Citi's Vulnerability Assessments and Cloud SecOps team and collaborate closely with a talented group of cloud security specialists and incident responders to react urgently to cybersecurity events. The observations and recommendations generated in this role will impact security decisions across the organization and play an important part in maturing Citi's security posture.
Responsibilities
Lead and support in-depth triage and investigations of urgent cyber incidents and remediation in Cloud
Facilitate Cloud focused investigations by analyzing logs relevant to the underlying cloud service provider (CSP)
Utilize automation to gather forensic artifacts such as memory, disk, etc. for in-depth analysis and investigations
Take ownership of Cloud incidents and drive them to conclusion while documenting investigation analysis objectively capturing the Who, What, When, Where, Why and How as related to the incident
Develop, document and maintain operationally effective playbooks to deal with Cloud-based incidents
Perform Cloud-native automation to run resource containment actions as relevant to sources of compromise and/or malicious activities in scope
Conduct host-based analytical functions (e.g. digital forensics, metadata and data analysis) to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs)
Clearly and concisely articulate any recommendations that arise from investigative activities and converse confidently with both technical and non-technical stakeholders as needed
Own and drive the development of new automation capabilities and supporting playbooks as per assigned domains within Cloud
Actively participate in Threat modelling of new services/capabilities, readiness exercises such as purple team, tabletops, CTF’s etc.
Stay curious, current and up to date with the evolving landscape of threat activities, cybersecurity best practices, and newer Cloud services/capabilities
Qualifications
4+ years' hands-on experience in Cloud Security owning security incident remediation with at least 2 years' experience working in Cyber Incident Response and Investigations in enterprise environments with Cloud and Forensics components
Hands-on DevSecOps experience with Cloud environments and underlying storage, compute, monitoring and security-oriented services
Hands-on experience with analyzing and pivoting through large data sets of logs
Prior experience with common security-focused Cloud services on one or more CSPs, i.e. AWS, GCP, Azure/M365
Experience with Container Orchestration services such as AWS EKS and/or GCP GKE along with methods and tools (e.g., Docker, Kubernetes)
Linux/UNIX OS specifically in command line (CLI) use and basic file system knowledge
Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.)
Proficient in basic scripting and automation of tasks (e.g., PowerShell, Python, CloudFormation, SSM Automation etc.)
Strong working knowledge of Networking Protocols and Cloud Infrastructure Designs including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols
Must have flexibility to work outside of normal business hours when necessary
Education
Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc.
1 of more of the following Certifications is highly preferred:
AWS Certified Solutions Architect - Professional
AWS Certified Security - Specialty
GCP Professional Architect
GCP Professional Cloud Security Engineer
Certified Kubernetes Security Specialist
SC-400 Information Protection and Compliance Administrator Associate
SC-200 Security Operations Analyst Associate
AZ-500 Azure Security Engineer Associate
MS-500 Microsoft 365 Certified: Security Administrator Associate
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
Job Family Group:
Technology
Job Family:
Information Security
Time Type:
Full time
Primary Location:
Irving Texas United States
Primary Location Full Time Salary Range:
$125,760.00 - $188,640.00
In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.
Anticipated Posting Close Date:
Dec 31, 2024
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review
Accessibility at Citi (https://www.citigroup.com/citi/accessibility/application-accessibility.htm)
.
View the "EEO is the Law (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/eeopost.pdf) " poster. View the EEO is the Law Supplement (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf) .
View the EEO Policy Statement (http://citi.com/citi/diversity/assets/pdf/eeo_aa_policy.pdf) .
View the Pay Transparency Posting (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf)
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.