25860654 VP - Cloud Security Incident Responder

Whether you’re at the start of your career or looking to discover your next adventure, your story begins here. At Citi, you’ll have the opportunity to expand your skills and make a difference at one of the world’s most global banks. We’re fully committed to supporting your growth and development from the start with extensive on-the-job training and exposure to senior leaders, as well as more traditional learning. You’ll also have the chance to give back and make a positive impact where we live and work through volunteerism.

Shape your Career with Citi

Citibank serves as a trusted advisor to our retail, mortgage, small business and wealth management clients at every stage of their financial journey. Through Citi's Access Account, Basic Banking, Citi Priority, Citigold and Citigold Private Client, we offer an array of products, services and digital capabilities to clients across the full spectrum of consumer banking needs worldwide.

We’re currently looking for a high caliber professional to join our team as VP - Cloud Security Incident Responder based in Singapore. Being part of our team means that we’ll provide you with the resources to meet your unique needs, empower you to make healthy decision and manage your financial well-being to help plan for your future. For instance:

Citi’s Cloud Incident Response (Cloud IR) team seeks a Cloud Incident Responder to own the assigned security incidents that occur within Citi’s public cloud environments. You will work closely with stakeholders to ensure effective security incident response with an aim to safeguard the integrity of services and data within Citi’s public cloud platforms. Your role is critical in ensuring a proactive and coordinated approach in responding to cloud security incidents and managing security risks in a timely and effective manner. You will align your objectives with the wider Cyber Security Operations priorities at Citi while owning the evolution of our processes, procedures and tools to ensure the firm is ready to tackle critical security incident response challenges within the cloud ecosystem.

Responsibilities

Related activities include but are not limited to:

• Lead and/or support in-depth triage and investigations of assigned cyber incidents in cloud.
• Perform incident response functions including but not limited to

1. Detailed cloud focused investigations by analyzing logs relevant to the underlying cloud service provider (CSP)
2. Execution of automation to gather forensic artifacts such as memory, disk, etc. for in-depth analysis and investigations.
3. Execution of cloud-native automation to run resource containment actions as relevant to sources of compromise and/or malicious activities in scope.
4. Conduct host-based analytical functions (e.g. digital forensics, metadata and data analysis) to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs)
5. Documentation of investigation analysis objectively capturing the Who, What, When, Where, Why and How related to the incident

• Develop, document and maintain operationally effective playbooks to deal with cloud-based incidents.
• Take ownership for and drive the development of new automation capabilities and supporting playbooks as per assigned domains within cloud.
• Work with application and infrastructure stakeholders to identify key components and information sources such as cloud environments, instances, middleware, applications, databases, logs, etc.
• Collaborate with global multidisciplinary groups for triaging, defining the scope and investigating large-scale security incidents.
• Build and nurture key stakeholder relationships with partners in the CISO business function that are essential to the IR team success.
• Actively participate in Threat modeling of new services/capabilities, readiness exercises such as purple team, tabletops, CTF’s etc.

Qualifications:

• Strong technical expertise in relevant Cloud security tools and technologies (e.g. EDR, SIEM, Container security, SSPM, CNAPP, etc.)
• Solid team player with the ability to work in multi-disciplinary team of teams with DevSecOps practitioners
• Exceptional communication and presentation skills to simplify and convey complex technical matters to senior security stakeholders and leadership
• Strong understanding of security incident response processes, excellent technical documentation skills and proven analytical skills
• Demonstrable experience on most of the following:

1. Deep knowledge of public cloud services that are used in the building blocks of modern cloud-native containerized applications
2. Advanced proficiency with cloud security focused services such as Guard Duty, SCC, IAM, etc.
3. Hands-on experience with CI/CD methodologies and tools that support modern deployment practices into public cloud and associated security best practices
4. Proficient with public cloud services focused on automation such as SSM, Lambda, Cloud Functions, etc.
5. Experience with various log aggregation/data analytics tools, such as Splunk, Sentinel, etc.

• Familiarity with security constructs of SaaS and PaaS offerings such as Snowflake, MongoDB desired
• Windows Operating Systems / UNIX specifically in command line use and basic file system knowledge
• Prior experience of using security-oriented tools such as Aquasec, Twistlock, Wiz, Lacework, AppOmni, etc. is an advantage
• Industry-accredited certifications will be required. Candidates with relevant security certifications (ex: AWS Security Specialty, GCP Professional Security Engineer, CKA/CKS, SC-200, SC-400, AZ-500, etc.) will be preferred. Candidates without certification must be willing to pursue them during employment.

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

This role requires occasional flexibility to support critical security incidents when they occur out of regular office hours

Exceptional candidates from non-traditional backgrounds or who otherwise do not meet all the criteria may be considered for the role provided they demonstrate sufficient skill and experience.

How You’ll Succeed

Be conscientious and consistent in identifying security vulnerabilities and working with the respective engineering teams and stakeholders to provide sound guidance and remediations. Be a team player, and a keen learner.

Working at Citi is far more than just a job. A career with us means joining a family of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.

Take the next step in your career, apply for this role at Citi today

https://jobs.citi.com/dei