25924003 SOC Insider Threat Analyst - Assistant Vice President

• The analyst will perform monitoring, research, assessment and analysis on alerts from various security tools, including firewalls, antivirus systems, user behavior analytics tools, proxy devices and SIEM tools, etc. which requires demonstrable security incident response and/or insider threat experience.
• Recommend and review new use cases for insider threat monitoring
• Follow pre-defined actions to investigate security incidents or perform incident response actions, including escalating to other support groups.
• Execute daily ad hoc tasks or lead projects as needed.
• Participate in or lead daily and ad-hoc conference calls; Create, update or provide process documentation, or provide requested evidence for compliance & controls requests.

• Technical Knowledge: Has a recognizable area of technical competence. Familiar with appropriate standards. Applies subject domain knowledge to meet organizational need/guide actions. Keeps up with current and possible future technological developments in the field.
• Processes/ Procedures: Ensures processes and procedures are in place for self and others to use. Seeks ways to improve existing processes, making adjustments or recommending reengineering improvements.
• Customer and Industry Knowledge: Consistently applies a business driver and marketplace focus when prioritizing actions.
• Risk Management: Examines and defines factors that could adversely affect task completion, delivery or achievement of customer satisfaction. Evaluates controls to help mitigate negative outcomes through prevention, detection and correction. Identifies the risks of negative outcomes, including inadvertent error or fraud. Ensures ongoing compliance with regulatory requirements.
• Stakeholder Management: Identifies key partners and their influence, implements techniques for communicating/engaging and managing expectations. Has frequent interactions. Finds the appropriate balance of completing claims by various groups of stakeholders, acting fairly and in consideration of cultural and ethical factors.
• Problem Solving and Decision Making: Makes sound decisions. Considers relevant factors and uses appropriate decision‑making criteria and principles. When making decisions, uses a mix of analysis, wisdom, experience and discernment. Assesses business needs, anticipates problems. Works independently and is self‑directed.

• You have 4+ years working in the security & operations fields
• You have a Bachelor’s degree or higher (Computer Science or Cybersecurity preferred) or equivalent work experience
• Excellent knowledge of network security, TCP/IP, various operating systems (Windows/UNIX), and web technologies (focusing on Internet security).
• Ability to read and understand packet level data; Experience with user behavior analytics, DLP, IDS/IPS, firewalls, and host security products (HIPS, AV, EDR, etc)
• Certifications from EC-Council, GIAC, or (ISC)² are preferred [CISSP, C|EH, GCIA, CCNA].
• You have good communication skills with the ability to articulate clearly in high stress situation.
• You enjoy learning and love sharing your knowledge with others
• You work independently and are self‑directed
• You are a detail oriented and perseverant individual
• You have a positive attitude with the drive to get the work done
• You are a self‑starter with good problem solving skills, and you continuously look for ways to improve things.
• You understand the importance of prioritization of your work.

Be conscientious and consistent in identifying security vulnerabilities and working with the respective engineering teams and stakeholders to provide sound guidance and remediations. Be a team player, and a keen learner.

Working at Citi is far more than just a job. A career with us means joining a family of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.

https://jobs.citi.com/dei