1+ months

Senior SIRT Cyber Investigator

Irving, TX 75062

Conduct proactive, complex, variable and high profile/sensitive cyber investigations with the goal of developing cases to a successful conclusion and providing cyber security intelligence to business and functional partners

Actively engage partners and management to ensure they are kept apprised of any significant changes during the progress of a cyber investigation

Build external relationships with members of law enforcement, industry peers and other sources of support

Engage with internal and external suspects, witnesses and third parties through interview and interrogation, evidence collection and forensic examination

Represent Citi in criminal and civil court matters and have the ability to show knowledge and provide accurate and supportive testimony

Mentor and train junior staff members

Brief others on an ongoing investigations/investigative projects

Ensure that all cyber investigative referrals are properly investigated and managed in a professional and consistent manner relative to the regional investigative standards, protocol and aging standards.

Provide regular feedback, guidance and consultation to cyber investigative staff, offering direction and expertise to further an investigation.

Conduct detailed reviews of cyber investigations reports and case management system to assess data/content quality, supporting evidence and the appropriateness of case outcomes.

Brief management on ongoing major investigations in a professional manner

+ Participate in forensic investigations of critical cloud security events

+ Provide subject matter expertise to investigative colleagues and cyber fusion center partners as they seek to disrupt, contain, eradicate, and remediate cyber threats in cloud environments

+ Participate in purple teams, table tops, AWS Jams, regulatory exercises, etc

**Education and Experience Required** :

+ Bachelor's degree (US only)

Ability to conduct cyber investigative interviews and recording techniques that tie the facts and evidence together

Experience investigating complex and variable cyber and information security case(s) that have substantial impact

Understanding of cyber forensic and eDiscovery processes and procedures to include the collection, examination, and analysis of data while preserving integrity and maintaining a strict chain of custody

Conveys mastery of cyber investigative concepts

Demonstrated report writing that would present the case and evidences gathered in a cohesive and comprehensive manner

Exceptional candidates who do not meet these criteria may be considered for the role provided they have the necessary skills and experience.

Demonstrated a clear understanding of cyber investigation techniques and shares those insights appropriately with others

**Education and Experience Preferred:**

+ Graduate degree (US only)

**** 5+ years relevant experience in a private/public sector investigative environment

Previous US Intelligence, military, law enforcement, law firm or government service background

Experience working in an in-house cyber investigations team

Experience with e-discovery tools, forensic accounting and data analytics

+ Professional certifications. One or more of the DOD 8075 required certifications, including GREM, GSEC, GCIH, GCIA, GCED, GCPM, etc.

Proficiency in Microsoft Office products - Word, Excel, Outlook, PowerPoint, & SharePoint for compiling written reports and spreadsheets on an investigation

+ 2nd Language skills

**Knowledge and Skills Required:**

+ Excellent communication needed for marketing case work and obtaining cooperation of other parties

Good report writing skills to accurately articulate the circumstances and events of the investigation

Good analytical skills needed to assess evidence, identify relationships and develop leads in an investigation

An ability to multi-task, demonstrated attention to detail with ability to manage caseload and produce accurate, concise analytical reports

Solid judgment and decision making skills

Ability to brief management and others on an investigative case or findings

+ Prior dev/sec/ops experience in cloud environments

+ Prior experience with AWS security services (e.g. CloudWatch, CloudTrail, GuardDuty, AWS Config, KMS, IAM, Athena, Detective)

+ Prior experience with AWS common services (e.g. EC2, S3, Federation, Organizations, Lambda, DynamoDB, Route53, VPC)

+ Prior experience as a forensic investigator and/or incident responder for security events in AWS

+ Prior experience with one or more SIEMs (e.g. ArcSight, LogRythm, AlienVault)

+ Foundational or Associate AWS Certification (e.g. Cloud Practitioner, Developer, SysOps Administrator), or demonstrated equivalent capability

**Knowledge and Skills Preferred:**

Expresses ideas or facts in a clear, concise and open manner

Communication indicates a consideration for the feelings and needs of others

Actively listens and proactively shares knowledge

Handles conflict effectively, by overcoming differences of opinion and finding common ground

Evaluates data and courses of action to reach logical, pragmatic decisions

Takes an unbiased, rational approach with calculated risks

Applies innovation and creativity to problem-solving

Open to change and flexible in a fast paced environment

Performance is consistent, even under pressure

Always pursues continuous improvements

Effectively adapts own approach to suit changing circumstances or requirements.

Demonstrates understanding of the impact of own role on all partners and always puts the end beneficiary first

Develops and implements sustainable strategies on how to perform their role, with an eye on improvement based on changes needed or refinement of approach

2nd language skills

+ Familiar with Atlassian tools (Jira, Confluence, BitBucket)

+ Working knowledge of identity management (e.g. KMS, HSM, LDAP, JWT, SAML, Federation)

**Other requirements:**

Flexibility to work on call off hours/weekends during critical project phases if necessary


**Job Family Group:**

Corporate Services


**Job Family:**



**Time Type:**


Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review **Accessibility at Citi (https://www.citigroup.com/citi/accessibility/application-accessibility.htm)** .

View the "EEO is the Law (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/eeopost.pdf) " poster. View the EEO is the Law Supplement (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/OFCCP\_EEO\_Supplement\_Final\_JRF\_QA\_508c.pdf) .

View the EEO Policy Statement (http://citi.com/citi/diversity/assets/pdf/eeo\_aa\_policy.pdf) .

View the Pay Transparency Posting (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp\_%20English\_formattedESQA508c.pdf)
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.


Posted: 2021-03-19 Expires: 2021-05-19

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Senior SIRT Cyber Investigator

Irving, TX 75062

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast