1+ months

Senior SIRT Cyber Investigator

Citigroup
Irving, TX 75062
**Description:**


Conduct proactive, complex, variable and high profile/sensitive cyber investigations with the goal of developing cases to a successful conclusion and providing cyber security intelligence to business and functional partners


Actively engage partners and management to ensure they are kept apprised of any significant changes during the progress of a cyber investigation


Build external relationships with members of law enforcement, industry peers and other sources of support


Engage with internal and external suspects, witnesses and third parties through interview and interrogation, evidence collection and forensic examination


Represent Citi in criminal and civil court matters and have the ability to show knowledge and provide accurate and supportive testimony


Mentor and train junior staff members


Brief others on an ongoing investigations/investigative projects


Ensure that all cyber investigative referrals are properly investigated and managed in a professional and consistent manner relative to the regional investigative standards, protocol and aging standards.


Provide regular feedback, guidance and consultation to cyber investigative staff, offering direction and expertise to further an investigation.


Conduct detailed reviews of cyber investigations reports and case management system to assess data/content quality, supporting evidence and the appropriateness of case outcomes.


Brief management on ongoing major investigations in a professional manner


+ Participate in forensic investigations of critical cloud security events

+ Provide subject matter expertise to investigative colleagues and cyber fusion center partners as they seek to disrupt, contain, eradicate, and remediate cyber threats in cloud environments

+ Participate in purple teams, table tops, AWS Jams, regulatory exercises, etc


**Education and Experience Required** :


+ Bachelor's degree (US only)


Ability to conduct cyber investigative interviews and recording techniques that tie the facts and evidence together


Experience investigating complex and variable cyber and information security case(s) that have substantial impact


Understanding of cyber forensic and eDiscovery processes and procedures to include the collection, examination, and analysis of data while preserving integrity and maintaining a strict chain of custody


Conveys mastery of cyber investigative concepts


Demonstrated report writing that would present the case and evidences gathered in a cohesive and comprehensive manner


Exceptional candidates who do not meet these criteria may be considered for the role provided they have the necessary skills and experience.


Demonstrated a clear understanding of cyber investigation techniques and shares those insights appropriately with others


**Education and Experience Preferred:**


+ Graduate degree (US only)


**** 5+ years relevant experience in a private/public sector investigative environment


Previous US Intelligence, military, law enforcement, law firm or government service background


Experience working in an in-house cyber investigations team


Experience with e-discovery tools, forensic accounting and data analytics


+ Professional certifications. One or more of the DOD 8075 required certifications, including GREM, GSEC, GCIH, GCIA, GCED, GCPM, etc.


Proficiency in Microsoft Office products - Word, Excel, Outlook, PowerPoint, & SharePoint for compiling written reports and spreadsheets on an investigation


+ 2nd Language skills


**Knowledge and Skills Required:**


+ Excellent communication needed for marketing case work and obtaining cooperation of other parties


Good report writing skills to accurately articulate the circumstances and events of the investigation


Good analytical skills needed to assess evidence, identify relationships and develop leads in an investigation


An ability to multi-task, demonstrated attention to detail with ability to manage caseload and produce accurate, concise analytical reports


Solid judgment and decision making skills


Ability to brief management and others on an investigative case or findings


+ Prior dev/sec/ops experience in cloud environments

+ Prior experience with AWS security services (e.g. CloudWatch, CloudTrail, GuardDuty, AWS Config, KMS, IAM, Athena, Detective)

+ Prior experience with AWS common services (e.g. EC2, S3, Federation, Organizations, Lambda, DynamoDB, Route53, VPC)

+ Prior experience as a forensic investigator and/or incident responder for security events in AWS

+ Prior experience with one or more SIEMs (e.g. ArcSight, LogRythm, AlienVault)

+ Foundational or Associate AWS Certification (e.g. Cloud Practitioner, Developer, SysOps Administrator), or demonstrated equivalent capability


**Knowledge and Skills Preferred:**


Expresses ideas or facts in a clear, concise and open manner


Communication indicates a consideration for the feelings and needs of others


Actively listens and proactively shares knowledge


Handles conflict effectively, by overcoming differences of opinion and finding common ground


Evaluates data and courses of action to reach logical, pragmatic decisions


Takes an unbiased, rational approach with calculated risks


Applies innovation and creativity to problem-solving


Open to change and flexible in a fast paced environment


Performance is consistent, even under pressure


Always pursues continuous improvements


Effectively adapts own approach to suit changing circumstances or requirements.


Demonstrates understanding of the impact of own role on all partners and always puts the end beneficiary first


Develops and implements sustainable strategies on how to perform their role, with an eye on improvement based on changes needed or refinement of approach


2nd language skills


+ Familiar with Atlassian tools (Jira, Confluence, BitBucket)

+ Working knowledge of identity management (e.g. KMS, HSM, LDAP, JWT, SAML, Federation)


**Other requirements:**


Flexibility to work on call off hours/weekends during critical project phases if necessary


-------------------------------------------------


**Job Family Group:**


Corporate Services

-------------------------------------------------


**Job Family:**


Investigations

------------------------------------------------------


**Time Type:**


------------------------------------------------------


Citi is an equal opportunity and affirmative action employer.


Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.


Citigroup Inc. and its subsidiaries ("Citi) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review **Accessibility at Citi (https://www.citigroup.com/citi/accessibility/application-accessibility.htm)** .


View the "EEO is the Law (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/eeopost.pdf) " poster. View the EEO is the Law Supplement (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/OFCCP\_EEO\_Supplement\_Final\_JRF\_QA\_508c.pdf) .


View the EEO Policy Statement (http://citi.com/citi/diversity/assets/pdf/eeo\_aa\_policy.pdf) .


View the Pay Transparency Posting (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp\_%20English\_formattedESQA508c.pdf)
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.

Categories

Posted: 2021-03-19 Expires: 2021-05-19

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Senior SIRT Cyber Investigator

Citigroup
Irving, TX 75062

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast