This role is an integral part of Cyber Security Services as part of our Global Security Operations Center.
The Security Operations Center Insider Threat analyst role will be part of the Global SOC. The SOC is responsible for monitoring, analyzing, and responding to cybersecurity and infrastructure threats on a 24x7 basis.
We are focused on delivering the best for our clients, and we know that to do this we need a talented team with diverse experiences, backgrounds and skills.
The analyst will perform monitoring, research, assessment and analysis on alerts from various security tools, including IDPS tools, SIEM, anomaly detection systems, firewalls, antivirus systems, user behavior analytics tools, endpoint inspection, and proxy devices(ArcSight, Arbor PeakFlow, Palo Alto Networks, etc.) which requires demonstrable security incident response and/or insider threat experience
Recommend and review new use cases for insider threat monitoring
Support the development and enhancement of SOC incident response capabilities.
Follow pre-defined actions to investigate possible security incidents or perform incident response actions, including escalating to other support groups.
Execute daily ad hoc tasks or lead projects as needed
Participate in or lead daily and ad-hoc conference calls; Create, update or provide process documentation, or provide requested evidence for compliance & controls requests
Core Role Competencies
Technical Knowledge: Has a recognizable area of technical competence in Insider Threat. Familiar with appropriate standards. Applies subject domain knowledge to meet organizational need/guide actions. Keeps up with current and possible future technological developments in the field.
Processes/ Procedures: Ensures processes and procedures are in place for self and others to use. Seeks ways to improve existing processes, making adjustments or recommending reengineering improvements.
Customer and Industry Knowledge: Consistently applies a business driver and marketplace focus when prioritizing actions.
Risk Management: Examines and defines factors that could adversely affect task completion, delivery or achievement of customer satisfaction. Evaluates controls to help mitigate negative outcomes through prevention, detection and correction. Identifies the risks of negative outcomes, including inadvertent error or fraud. Ensures ongoing compliance with regulatory requirements.
Stakeholder Management: Identifies key partners and their influence, implements techniques for communicating/engaging and managing expectations. Has frequent interactions. Finds the appropriate balance of completing claims by various groups of stakeholders, acting fairly and in consideration of cultural and ethical factors.
Problem Solving and Decision Making: Makes sound decisions. Considers relevant factors and uses appropriate decision-making criteria and principles. When making decisions, uses a mix of analysis, wisdom, experience and discernment. Assesses business needs, anticipates problems. Works independently and is self-directed.
Skills / Experience Levels
You have 5+ years working in a security operations field
You have a Bachelor's degree or higher (Computer Science or Cyber security preferred) or equivalent work experience
Excellent knowledge and previous experience with insider threat investigations, network security, TCP/IP, various operating systems (Windows/UNIX), and web technologies (focusing on Internet security).
Ability to read and understand packet level data; Experience with intrusion detection and prevention systems, network security products (IDS/IPS, firewalls, etc) and host security products (HIPS, AV, EDR, etc)
Knowledge of cutting edge threats and technologies affecting Web Application vulnerabilities and recent internet threats.
Exposure to vulnerability assessment tools and techniques; experience to penetration testing or forensic analysis fields is a plus.
Certifications from EC-Council, GIAC, or (ISC)² are preferred [CISSP, C|EH, GCIA, CCNA].
You have good communication skills with the ability to articulate clearly in high stress situations
You enjoy learning and love sharing your knowledge with others
You work independently and are self-directed
You are a detail oriented and perseverant individual
You have a positive attitude with the drive to get the work done
You are a self-starter with good problem solving skills, and you continuously look for ways to improve things.
You understand the importance of prioritization of your work.
You have skills and proficiency with MS PowerPoint, Excel, Access or other analytical tools
Job Family Group: Technology
Job Family: Information Security
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi .
View the " EEO is the Law " poster. View the EEO is the Law Supplement .