9 days old

Security Operations Center (SOC) Insider Threat Analyst (AVP)

Irving, TX 75062
**About Citi:**

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.

Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. Well enable growth and progress together.

The Info Security Tech Sr Analyst is an intermediate level position responsible for leading efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy. This role is an integral part of Cyber Security Services as part of our Global Security Operations Center. The Security Operations Center Insider Threat analyst role will be part of the Global SOC. The SOC is responsible for monitoring, analyzing, and responding to cybersecurity and infrastructure threats on a 24x7 basis.


+ The analyst will perform monitoring, research, assessment and analysis on alerts from various security tools, including IDPS tools, SIEM, anomaly detection systems, firewalls, antivirus systems, user behavior analytics tools, endpoint inspection, and proxy devices (ArcSight, Arbor PeakFlow, Palo Alto Networks, etc.) which requires demonstrable security incident response and/or insider threat experience.

+ Design queries, visualizations, use cases and reports leveraging Splunk.

+ Recommend and review new use cases for insider threat monitoring.

+ Support the development and enhancement of SOC incident response capabilities.

+ Follow pre-defined actions to investigate possible security incidents or perform incident response actions, including escalating to other support groups.

+ Execute daily ad hoc tasks or lead projects as needed.

+ Participate in or lead daily and ad-hoc conference calls; Create, update or provide process documentation, or provide requested evidence for compliance & controls requests.

+ Assist Security Incident Response Teams with incident investigations and aid in technical risk assessments.

+ Coordinate with system development and infrastructure units to identify Information Security (IS) risks and the appropriate controls for development, day-to-day operation, and emerging technologies.

+ Perform regular assessments based on changes in the threat landscape.

+ Monitor vulnerability assessments and ethical hacks, ensuring that issues are addressed for the applications that they support.

+ Provide information security support with related activities during systems development (e.g. authentication, encryption).

+ Identify and develop new and improved technical procedures and process control manuals

+ Identify significant IS threats and vulnerabilities.

+ Assume informal/formal mentorship role within teams and assist with the coaching and training of new team members.

+ Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.


+ Technical Knowledge: Has a recognizable area of technical competence in Insider Threat. Familiar with appropriate standards. Must have hands on experience utilizing Splunk Enterprise including but not limited to creating ad-hoc and repeatable queries, dashboards, reports, and visualizations.

+ Processes/ Procedures: Ensures processes and procedures are in place for self and others to use. Seeks ways to improve existing processes, making adjustments or recommending reengineering improvements.

+ Customer and Industry Knowledge: Consistently applies a business driver and marketplace focus when prioritizing actions.

+ Risk Management: Examines and defines factors that could adversely affect task completion, delivery, or achievement of customer satisfaction. Evaluates controls to help mitigate negative outcomes through prevention, detection, and correction. Identifies the risks of negative outcomes, including inadvertent error or fraud. Ensures ongoing compliance with regulatory requirements.

+ Stakeholder Management: Identifies key partners and their influence, implements techniques for communicating/engaging and managing expectations. Has frequent interactions. Finds the appropriate balance of completing claims by various groups of stakeholders, acting fairly and in consideration of cultural and ethical factors.

+ Problem Solving and Decision Making: Makes sound decisions. Considers relevant factors and uses appropriate decision-making criteria and principles. When making decisions, uses a mix of analysis, wisdom, experience, and discernment. Assesses business needs, anticipates problems. Works independently and is self-directed.

+ You have 5+ years working in a security operations field.

+ You have a bachelors degree or higher (Computer Science or Cyber security preferred) or equivalent work experience.

+ Significant experience using Splunk Enterprise to create queries, visualizations, and other reporting functions to identify anomalous activity.

+ Excellent knowledge and previous experience with insider threat investigations, network security, TCP/IP, various operating systems (Windows/UNIX), and web technologies (focusing on Internet security).

+ Ability to read and understand packet level data; Experience with intrusion detection and prevention systems, network security products (IDS/IPS, firewalls, etc) and host security products (HIPS, AV, EDR, etc).

+ Knowledge of cutting-edge threats and technologies affecting Web Application vulnerabilities and recent internet threats.

+ Exposure to vulnerability assessment tools and techniques; experience to penetration testing or forensic analysis fields is a plus.

+ Certifications from EC-Council, GIAC, or (ISC) are preferred [CISSP, C|EH, GCIA, CCNA].

+ You must have strong communication skills with the ability to articulate clearly in high stress situations.

+ You enjoy learning and sharing your knowledge with others.

+ You must be able to work independently and are self-directed.

+ You are a detail oriented and a perseverant individual.

+ You have a positive attitude with the drive to get the work done.

+ You are a self-starter with strong analytical problem-solving skills, and you continuously look for ways to improve processes.

+ You understand the importance of prioritization of your work.

+ You have skills and proficiency with MS PowerPoint, Excel, Access or other applications.

+ 5+ years of relevant experience.

+ Consistently demonstrates clear and concise written and verbal communication.

+ Proven influencing and relationship management skills.

+ Proven analytical skills.


+ Bachelors degree/University degree or equivalent experience

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.


**Job Family Group:**



**Job Family:**

Information Security


**Time Type:**

Full time


Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review **Accessibility at Citi (https://www.citigroup.com/citi/accessibility/application-accessibility.htm)** .

View the "EEO is the Law (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/eeopost.pdf) " poster. View the EEO is the Law Supplement (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/OFCCP\_EEO\_Supplement\_Final\_JRF\_QA\_508c.pdf) .

View the EEO Policy Statement (http://citi.com/citi/diversity/assets/pdf/eeo\_aa\_policy.pdf) .

View the Pay Transparency Posting (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp\_%20English\_formattedESQA508c.pdf)


Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.


Posted: 2022-05-13 Expires: 2022-06-12

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Security Operations Center (SOC) Insider Threat Analyst (AVP)

Irving, TX 75062

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast