CAIA's Career Center is an easy-to-use, comprehensive resource connecting job seekers with employers in the growing AI field. Use your knowledge and credibility to advance your career or build a talented team for your organization. Opportunities targeted to CAIA Charterholders are prioritized.
In order to search for jobs specifically for CAIA Charterholders or those pursuing the CAIA Charter please enter “CAIA” in the search panel.
This will enable you to search for CAIA specific roles globally.
Opportunity Citi's Global Cyber Investigations Team seeks a highly skilled cyber investigator to support critical efforts aimed at protecting Citi infrastructure, assets, clients and stakeholders. This is a demanding role with global exposure and responsibility. You will serve both as a technical subject matter expert and as an ambassador for the global investigations team. You will be assigned to Citi's Cyber Security Fusion Center, and will collaborate closely with a talented cadre of security specialists and incident responders to react aggressively to urgent security events. Your observations and recommendations will impact security decisions across the organization, and play an important part in maturing the fusion center's team-of-teams operation.
Responsibilities As a Cyber Investigator in the Cyber Security Fusion Center your primary responsibility is to serve as an incident responder for network security events and other potentially high impact cybersecurity incidents. Related activities include but are not limited to:
Partner with fusion center analysts to assess criticality of security alerts and establish requisite investigative actions
Manage and conduct forensic investigations to uncover evidence of compromise and identify inadequate security controls
Drive actions aimed at disrupting, containing, eradicating, and remediating cyber threats
Influence decision makers across the organization to eliminate and mitigate risks
Document investigative methods and findings for a broad audience, including technical, executive and regulatory groups
Qualifications You should be all of the following: 1. A skilled and creative investigator . Success will depend on your ability to:
Stay current with the evolving landscape of threat activities and cybersecurity best practices
Quickly synthesize information from disparate sources
Scrutinize evidence thoroughly to identify relationships and develop leads
Establish defensible working theories to explain observations and findings
Perform investigations in a forensically sound manner
2. A goal oriented individual contributor . Success will depend on your ability to:
Stay motivated and work independently with minimal oversight
Adapt to changing requirements in a fast paced environment
Multitask and meet deadlines despite competing priorities
Navigate operational impediments in order to complete time sensitive tasks
Identify and document any opportunities for process improvement
3. A reliable team player . Success will depend on your ability to:
Practice mutual respect at all times
Establish trust and build strong partnerships
Resolve conflict in a constructive manner and use as an opportunity to develop team unity
Prioritize collective success ahead of individual ambition
4. A great communicator . Success will depend on your ability to :
Establish clear narratives to describe investigative findings and working theories
Clearly and concisely articulate any recommendations that arise from investigative activities
Motivate colleagues and partners to cooperate and support as needed
Exert influence both verbally and in writing
Education and Experience
Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, etc.
Minimum 5 years of professional experience as a digital forensic investigator and/or incident responder, or demonstrated equivalent capability.
Knowledge and Skills
Strong understanding of how computer applications, systems, and networks are managed and secured.
Strong understanding of common security threats and vulnerabilities, attack vectors, and adversary tactics, techniques and procedures (TTP's).
Strong understanding of cyber forensic and eDiscovery procedures to collect, handle, examine, and analyze evidentiary artifacts while preserving integrity and maintaining a strict chain of custody.
Strong understanding of OSI model
Proficient in forensic analysis of memory, disk, logs and other artifacts originating from a wide variety of applications, devices and operating systems.
Proficient in a DFIR toolset (e.g. EnCase, FTK, Sleuth Kit)
Proficient in some of the following tools: Metasploit, Nuix, Plaso, Powergrep, Relativity, Security Onion, SIFT Workstation, Splunk, Tanium, Volatility, Wireshark, Yara.
Working knowledge in some of the following: Python, C++, C#, PowerShell, as well as scripting with Bash
Must have flexibility to work outside of normal business hours when necessary
Education and Experience
Graduate degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, etc.
Minimum 8 years of professional experience as a digital forensic investigator and/or incident responder
Previous experience in a fusion center and/or exposure to large scale incident response
Prior success leading forensic investigations and/or managing individual contributors
Prior experience with information technology and/or information security in the financial services industry
Prior experience with adversary emulation, red teaming, blue teaming
Prior experience with one or more SIEMs (e.g. ArcSight, LogRythm, AlienVault)
Prior experience with penetration testing of cloud environments (e.g. AWS, GCP, Azure) and DevOps technologies (e.g. Docker, Kubernetes, Jenkins, Git)
Knowledge and Skills
Any professional certifications issued by GIAC, AWS, etc.
Working knowledge of common security models (Defense-in-Depth), standards (NIST 800-53, CIS 20 Controls) and frameworks (MITRE Attack, Cyber Kill Chain, STIX)
Working knowledge of reverse engineering, vulnerability discovery/analysis, and/or exploit development
Proficient in any query language (e.g. SQL)
Proficient in in some of the following: Python, Ruby, C++, C#, PowerShell
Working knowledge of assembly or low level languages (e.g. C)
Working knowledge of network components such as switches, routers, firewalls in both Windows/Linux environments
Working knowledge of virtualization products (e.g. VMware Workstation)
Working knowledge of security and/or incident response in cloud environments
Working knowledge of software development best practices, including agile methods
Familiar with Atlassian tools
------------------------------------------------- Grade :All Job Level - All Job FunctionsAll Job Level - All Job Functions - SG ------------------------------------------------------ Time Type :Full time ------------------------------------------------------ Citi is an equal opportunity and affirmative action employer. Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity. Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity CLICK HERE . To view the "EEO is the Law" poster CLICK HERE . To view the EEO is the Law Supplement CLICK HERE . To view the EEO Policy Statement CLICK HERE . To view the Pay Transparency Posting CLICK HERE .