Cloud Security Incident Response - Senior Analyst, VP (C13)

$125,760 - $188,640/Yr

Citigroup - Irving, TX

posted 11 days ago

Full-time - Mid Level
Irving, TX
10,001+ employees
Credit Intermediation and Related Activities

About the position

Citi's Cloud Incident Response (IR) Team is seeking a highly skilled cloud incident response practitioner to protect its public cloud infrastructure and assets. This role involves leading investigations into cybersecurity incidents, collaborating with cloud security specialists, and making impactful security decisions across the organization. The candidate will be responsible for developing automation capabilities and playbooks, ensuring a robust security posture for Citi's cloud services.

Responsibilities

  • Lead and support in-depth triage and investigations of urgent cyber incidents and remediation in Cloud.
  • Facilitate Cloud focused investigations by analyzing logs relevant to the underlying cloud service provider (CSP).
  • Utilize automation to gather forensic artifacts such as memory, disk, etc. for in-depth analysis and investigations.
  • Take ownership of Cloud incidents and drive them to conclusion while documenting investigation analysis objectively capturing the Who, What, When, Where, Why and How as related to the incident.
  • Develop, document and maintain operationally effective playbooks to deal with Cloud-based incidents.
  • Perform Cloud-native automation to run resource containment actions as relevant to sources of compromise and/or malicious activities in scope.
  • Conduct host-based analytical functions (e.g. digital forensics, metadata and data analysis) to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs).
  • Clearly and concisely articulate any recommendations that arise from investigative activities and converse confidently with both technical and non-technical stakeholders as needed.
  • Own and drive the development of new automation capabilities and supporting playbooks as per assigned domains within Cloud.
  • Actively participate in Threat modelling of new services/capabilities, readiness exercises such as purple team, tabletops, CTF's etc.
  • Stay curious, current and up to date with the evolving landscape of threat activities, cybersecurity best practices, and newer Cloud services/capabilities.

Requirements

  • 4+ years' hands-on experience in Cloud Security owning security incident remediation with at least 2 years' experience working in Cyber Incident Response and Investigations in enterprise environments with Cloud and Forensics components.
  • Hands-on DevSecOps experience with Cloud environments and underlying storage, compute, monitoring and security-oriented services.
  • Hands-on experience with analyzing and pivoting through large data sets of logs.
  • Prior experience with common security-focused Cloud services on one or more CSPs, i.e. AWS, GCP, Azure/M365.
  • Experience with Container Orchestration services such as AWS EKS and/or GCP GKE along with methods and tools (e.g., Docker, Kubernetes).
  • Linux/UNIX OS specifically in command line (CLI) use and basic file system knowledge.
  • Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.).
  • Proficient in basic scripting and automation of tasks (e.g., PowerShell, Python, CloudFormation, SSM Automation etc.).
  • Strong working knowledge of Networking Protocols and Cloud Infrastructure Designs including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols.
  • Must have flexibility to work outside of normal business hours when necessary.

Nice-to-haves

  • 1 or more of the following Certifications is highly preferred: AWS Certified Solutions Architect - Professional, AWS Certified Security - Specialty, GCP Professional Architect, GCP Professional Cloud Security Engineer, Certified Kubernetes Security Specialist, SC-400 Information Protection and Compliance Administrator Associate, SC-200 Security Operations Analyst Associate, AZ-500 Azure Security Engineer Associate, MS-500 Microsoft 365 Certified: Security Administrator Associate.

Benefits

  • Medical, dental & vision coverage
  • 401(k)
  • Life, accident, and disability insurance
  • Wellness programs
  • Paid time off packages including planned time off (vacation), unplanned time off (sick leave), and paid holidays.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service