SOC Incident Responder

2 months ago

Singapore Citi Full time
As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients' best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do. We keep the bank safe and provide the technical tools our workers need to be successful. We design our digital architecture and ensure our platforms provide a first-class customer experience. Our operations teams manage risk, resources, and program management. We focus on enterprise resiliency and business continuity. We develop, coordinate, and execute strategic operational plans. Essentially, Enterprise Operations & Technology re-engineers client and partner processes to deliver excellence through secure, reliable, and controlled services.

Trust is part of our DNA at Citi. As such, we take safeguarding our customer data very seriously. The Chief Information Security Office (CISO) is made up of deeply dedicated and talented colleagues who work together to ensure the safety of Citi's and our clients' assets and information. We manage information security as an end-to-end program - one with a clear mandate and accountability. Our mission is to continually execute and enhance a global security program that is fully anchored to modern control and security frameworks, fully aligned with the technology of the firm, threat-focused and data-driven, and deeply integrated across all Citi businesses globally.

Being talent-driven, we are focused on attracting, developing, and retaining diverse and inclusive talent with a high technical skill level. As a member of our team we will provide you with career development opportunities at all stages of your career. Our employees model a passion for protecting Citi and our clients and believe in treating others with dignity and respect.

Our commitment to diversity includes a workforce that represents the clients we serve globally from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We'll enable growth and progress together

SOC Incident Responder (AVP)

Citi's Security Operations Center (SOC) Incident Response Team seeks a highly skilled and experienced incident response practitioner to support critical efforts aimed at protecting Citi infrastructure, assets, clients and stakeholders. This is a demanding role with global exposure and responsibility. You will serve both as a technical subject matter expert and as an ambassador for the incident response team. You will be assigned to Citi's SOC and will collaborate closely with a talented cadre of security specialists and incident responders to react urgently to security events . Your observations and recommendations will impact security decisions across the organization, and play an important part in maturing Citi's security posture.

As an individual contributor, you will be a hands-on first responder who triages and investigates cybersecurity incidents in cloud, traditional (i.e. on-premises) , and hybrid environments. This position will be technically challenging and rewarding, but will also provide ample opportunity to establish partnerships, mentor colleagues and shape team culture. One guarantee is that no two days will be the same.

Responsibilities

Related activities include but are not limited to:
  • Lead and/or support in-depth triage and investigations of urgent cyber incidents in cloud, traditional, and hybrid environments.
  • Perform incident response functions including but not limited to host-based analytical functions (e.g. digital forensics, metadata, malware analysis, etc.) through investigating Windows, Unix based, appliances, and Mac OS X systems to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs).
  • Create and track metrics based on the MITRE ATT&CK Framework and other standard security-focused models.
  • Work with application and infrastructure stakeholders to identify key components and information sources such as environments (on-premises versus cloud) , servers, workstations, middleware, applications, databases , logs, etc.
  • Participate in incident response efforts using forensic and other custom tools to identify any sources of compromise and/or malicious activities taking place.
  • Collaborate with global multidisciplinary groups for triaging and defining the scope of large scale incidents.
  • Document and present investigative findings for high profile events and other incidents of interest .
  • Participate in readiness exercises such as purple team, table tops, etc .
  • Train junior colleagues on relevant best practices .
Qualifications:

A skilled and creative incident responder . Success will depend on your ability to:
  • Stay current with the evolving landscape of threat activities and cybersecurity best practices.
  • Quickly synthesize information from disparate sources.
  • Scrutinize evidence thoroughly to identify relationships and develop leads.
  • Establish defensible working theories to explain observations and findings.
  • Perform investigations in a forensically sound manner.
A goal oriented individual contributor . Success will depend on your ability to:
  • Stay motivated and work independently with minimal oversight.
  • Adapt to changing requirements in a fast paced environment.
  • Multitask and meet deadlines despite competing priorities.
  • Navigate operational impediments in order to complete time sensitive tasks.
  • Identify and document any opportunities for process improvement.
A reliable team player . Success will depend on your ability to:
  • Practice mutual respect at all times.
  • Establish trust and build strong partnerships.
  • Resolve conflict in a constructive manner and use as an opportunity to develop team unity.
  • Prioritize collective success ahead of individual ambition.
A great communicator. Success will depend on your ability to:
  • Establish clear narratives to describe investigative findings and working theories.
  • Clearly and concisely articulate any recommendations that arise from investigative activities.
  • Motivate colleagues and partners to cooperate and support as needed.
  • Exert influence both verbally and in writing.
A passionate leader. Success will depend on your ability to:
  • Lead by example.
  • Enable team success by being approachable and available.
  • Innovate and inspire others.
  • Embrace challenges and approach any failures as opportunities for learning and improvement .
Requirements and Critical Competencies-

Education, knowledge, and Experience:
  • Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc.
  • 3+ years of professional experience in cybersecurity and/or information security, or demonstrated equivalent capability.
  • 1+ years hands-on working in cyber incident response and investigations in medium to large organizations with cloud and forensics components.
Experience in Cloud Forensics/IR:
  • Hands-on Dev/Sec/Ops experience with cloud environments and underlying storage, compute and monitoring services
  • Prior experience with cloud common services
  • Hands-on experience with forensic investigations or large scale incident response in cloud environments.
  • Hands-on experience with containerization methods and tools (e.g. Docker, Kubernetes) including incident response and digital forensics .
  • Certifications (e.g. GIAC, AWS, etc) in cloud or demonstrated equivalent capability.
Experience in Incident Response:
  • Hands-on experience with analyzing and pivoting through large data sets
  • Current hands-on experience in digital forensics (e.g. computer, network, mobile device forensics, and forensic data analysis, etc.).
    • Activities include but not limited to:
      • Memory collection and analysis from various platforms
      • Evidence preservation, following industry best practices .
      • Familiarity with malware analysis and Reverse Engineering of samples (e.g. static, dynamic, de-obfuscation, unpacking)
      • In-depth File system knowledge and analysis.
      • In-depth experience with timeline analysis.
      • In-depth experience with Registry, event, and other log file and artifact analysis.
  • Hands-on experience with a DFIR toolset and related scripting
  • Current expertise with an EDR system
  • One or more GIAC (e.g. GCFE, GCFA, GREM, GCIH, GASF, GNFA, etc.) or other digital forensic and/or incident response certifications.
Experience in the following operating systems:
  • Windows Operating Systems / UNIX / Mac OS X, specifically in system administration, command line use, and file system knowledge.
Experience in Basic Scripting and Automation
  • Proficient in basic scripting and automation of tasks (e.g. C/C++, Powershell, JavaScript, Python, bash, etc.).
Network Concepts and Understanding
  • Working knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols.
Other
  • Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.)
  • Working knowledge of virtualization products (e.g. VMware Workstation)
  • Must have flexibility to work outside of normal business hours when necessary.
  • Exceptional candidates from non-traditional backgrounds or who otherwise do not meet all of these criteria may be considered for the role provided they demonstrate sufficient skill and experience.
------------------------------------------------------

Job Family Group:
Technology
------------------------------------------------------

Job Family:
Information Security
------------------------------------------------------

Time Type:
Full time
------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi .

View the " EEO is the Law " poster. View the EEO is the Law Supplement .

View the EEO Policy Statement .

View the Pay Transparency Posting

  • SOC Analyst

    4 months ago

    Singapore INFINITY CYBERSEC PTE. LTD. Full time

    Roles & ResponsibilitiesJob responsibilities:· Manage and improve SOC systems and infrastructure.· Configure and troubleshoot security infrastructure devices.· Prepare and document standard operating procedures and protocols.· Identify and define system security requirements.· Advise external and internal parties on problems regarding security...

  • SOC Analyst

    3 weeks ago

    Singapore INFINITY CYBERSEC PTE. LTD. Full time

    Roles & ResponsibilitiesJob responsibilities:· Manage and improve SOC systems and infrastructure.· Configure and troubleshoot security infrastructure devices.· Prepare and document standard operating procedures and protocols.· Identify and define system security requirements.· Advise external and internal parties on problems regarding security...

  • SOC Analyst

    2 weeks ago

    Singapore Secur Solutions Group Full time

    NCS is a leading technology services firm that operates across the Asia Pacific region in over 20 cities, providing consulting, digital services, technology solutions, and more. We believe in harnessing the power of technology to achieve extraordinary things, creating lasting value and impact for our communities, partners, and people. Our diverse workforce...

  • Cyber incident responder

    3 weeks ago

    Singapore UBS Full time

    Your role Are you keen on working in a world-class Cyber Security Operations Center for one of the best Swiss private banks?Do you have related experience and are willing to take it further by learning how to defend an enterprise against cyber-attacks?We are looking for an incident response expert who will: Respond to cyber security incidents covering all...

  • SOC Analyst

    3 weeks ago

    Singapore Singtel Group Full time

    NCS is a leading technology services firm that operates across the Asia Pacific region in over 20 cities, providing consulting, digital services, technology solutions, and more. We believe in harnessing the power of technology to achieve extraordinary things, creating lasting value and impact for our communities, partners, and people. Our diverse workforce...

  • Cyber Incident Responder

    5 months ago

    Singapore UBS Full time

    Your role Are you keen on working in world class Cyber Security Operations Center for one of the best Swiss private banks? Do you have related experience and are willing to take it further by learning how to defend an enterprise against cyber-attacks? We are looking for an incident response expert who will: • respond to cyber security incidents covering...

  • SOC Analyst

    3 weeks ago

    Singapore Singtel Full time

    Singtel The Singtel Group, Asia's leading communications group provides a diverse range of services including fixed, mobile, data, internet, TV, infocomms technology (ICT) and digital solutions. NCS is a leading technology services firm that operates across the Asia Pacific region in over 20 cities, providing consulting, digital services, technology...

  • Security SOC Operator

    1 month ago

    Singapore SECURITY & RISK SOLUTIONS PTE. LTD. Full time

    Roles & ResponsibilitiesJob Description Safeguarding the clients' local and remote sites, staff, assets and sensitive information. To lead the security operations, monitoring, detecting and responding to incidents promptly and effectively. proactive security and dedication to service to protect the clients' interests.Roles and Responsibilities Operate...

  • Manager, security operations centre

    3 weeks ago

    Singapore Adventus Full time

    Manager, Security Operations Centre (SOC) Adventus is an Information and Communications Technology (ICT) Solutions and Services Provider based in Singapore with a wide footprint across the globe.We help organizations bring about positive transformation to their businesses by leveraging intelligent applications of innovative solutions and pertinent services...

  • Manager, security operations centre

    1 month ago

    Singapore Adventus Full time

    Responsibilities Lead and manage the SOC team, including recruitment, training, and performance evaluation of security analysts and engineers. Develop and implement SOC policies, procedures, and processes to ensure effective and efficient security operations. Monitor the security landscape and ensure that the SOC team is equipped with the latest threat...

  • Manager, security operations centre

    1 month ago

    Singapore Adventus Pte Ltd Full time

    Adventus is an Information and Communications Technology (ICT) Solutions and Services Provider with a wide footprint across the globe. We help organizations bring about positive transformation to their businesses by leveraging intelligent applications of innovative solutions and pertinent services to remain winners in today's ultra-competitive...

  • Manager, Security Operations Centre

    3 weeks ago

    Singapore ADVENTUS SINGAPORE PTE. LTD. Full time

    Roles & ResponsibilitiesJob Summary:The SOC Manager will oversee the day-to-day operations of the Security Operations Center. This role is responsible for managing and coordinating the monitoring, detection, and response to cybersecurity incidents. The SOC Manager will lead a team of cybersecurity analysts and engineers, ensuring that all security incidents...

  • Manager, Security Operations Centre

    1 month ago

    Singapore ADVENTUS SINGAPORE PTE. LTD. Full time

    Roles & ResponsibilitiesJob Summary:The SOC Manager will oversee the day-to-day operations of the Security Operations Center. This role is responsible for managing and coordinating the monitoring, detection, and response to cybersecurity incidents. The SOC Manager will lead a team of cybersecurity analysts and engineers, ensuring that all security incidents...

  • SOC Analyst

    2 months ago

    Singapore CAREERALLY PTE. LTD. Full time

    Roles & ResponsibilitiesThe SOC Analyst will be responsible for monitoring, detecting, and responding to security threats and incidents in a 24/7 Security Operations Center.Responsibilities: Continuously monitor and analyze system activities and security alerts from SIEM and EDR tools to identify malicious activity. Analyze security events to identify and...

  • Soc manager

    4 days ago

    Singapore Secur Solutions Group Full time

    NCS is a leading technology services firm that operates across the Asia Pacific region in over 20 cities, providing consulting, digital services, technology solutions, and more. We believe in harnessing the power of technology to achieve extraordinary things, creating lasting value and impact for our communities, partners, and people. Our diverse workforce...

  • Use case specialist

    4 days ago

    Singapore Fortinet, Inc. Full time

    Location: Singapore Join Fortinet, a cybersecurity pioneer with over two decades of excellence, as we continue to shape the future of cybersecurity and redefine the intersection of networking and security. At Fortinet, our mission is to safeguard people, devices, and data everywhere. We are currently seeking a dynamic Use Case Specialist (SOC) to contribute...

  • Security Analyst

    3 weeks ago

    Singapore LINKTRIX CONSULTANTS PTE. LTD. Full time

    Roles & ResponsibilitiesThe Security SOC Analystis responsible for monitoring, analyzing, and responding to security incidents in real-time within a Security Operations Center (SOC). This role involves ensuring the security and integrity of the organization's systems by identifying threats, mitigating risks, and collaborating with various teams to address...

  • Security Analyst

    3 weeks ago

    Singapore LINKTRIX CONSULTANTS PTE. LTD. Full time

    Roles & ResponsibilitiesThe Security SOC Analystis responsible for monitoring, analyzing, and responding to security incidents in real-time within a Security Operations Center (SOC). This role involves ensuring the security and integrity of the organization's systems by identifying threats, mitigating risks, and collaborating with various teams to address...

  • Cygnify | Security Operations Center

    2 weeks ago

    Singapore Cygnify Full time

    Security Operations Center (SOC) Analyst - Financial Services Job Title: Security Operations Center (SOC) Analyst - Financial Services About: A leading financial services organisation is seeking a skilled Security Operations Center (SOC) Analyst to join our team in Singapore. Role Overview: As a SOC Analyst, you will be an integral part of our cybersecurity...

  • Soc team lead

    1 month ago

    Singapore ITSEC SERVICES ASIA PTE. LTD. Full time

    Company Description The ITSEC Group is one of the leading cybersecurity groups in the Asia Pacific region, with offices in Singapore, Jakarta, Dubai, Melbourne & Bangkok. We specialize in providing comprehensive cybersecurity solutions to businesses across various industries. With a strong focus on innovation and cutting-edge technologies, we are committed...