SOC Incident Responder

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our **Enterprise Operations & Technology** teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do. We keep the bank safe and provide the technical tools our workers need to be successful. We design our digital architecture and ensure our platforms provide a first-class customer experience. Our operations teams manage risk, resources, and program management. We focus on enterprise resiliency and business continuity. We develop, coordinate, and execute strategic operational plans. Essentially, Enterprise Operations & Technology re-engineers client and partner processes to deliver excellence through secure, reliable, and controlled services.

Trust is part of our DNA at Citi. As such, we take safeguarding our customer data very seriously. The Chief Information Security Office (CISO) is made up of deeply dedicated and talented colleagues who work together to ensure the safety of Citi’s and our clients’ assets and information. We manage information security as an end-to-end program - one with a clear mandate and accountability. Our mission is to continually execute and enhance a global security program that is fully anchored to modern control and security frameworks, fully aligned with the technology of the firm, threat-focused and data-driven, and deeply integrated across all Citi businesses globally.

Being talent-driven, we are focused on attracting, developing, and retaining diverse and inclusive talent with a high technical skill level. As a member of our team we will provide you with career development opportunities at all stages of your career. Our employees model a passion for protecting Citi and our clients and believe in treating others with dignity and respect.

**Responsibilities**

Related activities include but are not limited to:

- Lead and/or support in-depth triage and investigations of urgent cyber incidents in cloud, traditional, and hybrid environments.
- Perform incident response functions including but not limited to host-based analytical functions (e.g. digital forensics, metadata, malware analysis, etc.) through investigating Windows, Unix based, appliances, and Mac OS X systems to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs).
- Create and track metrics based on the MITRE ATT&CK Framework and other standard security-focused models.
- Participate in incident response efforts using forensic and other custom tools to identify any sources of compromise and/or malicious activities taking place.
- Collaborate with global multidisciplinary groups for triaging and defining the scope of large scale incidents.
- Document and present investigative findings for high profile events and other incidents of interest.
- Participate in readiness exercises such as purple team, table tops, etc.
- Train junior colleagues on relevant best practices.

**Qualifications**:

- Stay current with the evolving landscape of threat activities and cybersecurity best practices.
- Quickly synthesize information from disparate sources.
- Scrutinize evidence thoroughly to identify relationships and develop leads.
- Establish defensible working theories to explain observations and findings.
- Perform investigations in a forensically sound manner.

A goal oriented individual contributor. Success will depend on your ability to:

- Stay motivated and work independently with mínimal oversight.
- Adapt to changing requirements in a fast paced environment.
- Multitask and meet deadlines despite competing priorities.
- Navigate operational impediments in order to complete time sensitive tasks.
- Identify and document any opportunities for process improvement.

A reliable team player. Success will depend on your ability to:

- Practice mutual respect at all times.
- Establish trust and build strong partnerships.
- Resolve conflict in a constructive manner and use as an opportunity to develop team unity.
- Prioritize collective success ahead of individual ambition.

A great communicator. Success will depend on your ability to:

- Establish clear narratives to describe investigative findings and working theories.
- Clearly and concisely articulate any recommendations that arise from investigative activities.
- Motivate colleagues and partners to cooperate and support as needed.
- Exert influence both verbally and in writing.

A passionate leader. Success will depend on your ability to:

- Lead by example.
- Enable team success by being approachable and available.
- Innovate and inspire others.
- Embrace challenges and approach any failures as opportunities for learning and improvement.

**Requirements and Critical Competencies-**

**Education, knowledge, and Experien