Senior SOC Cyber Threat Analyst (VP / Hybrid)
We are seeking a highly skilled and experienced Senior SOC Analyst to join our Cyber Threat team in the Security Operations Center (SOC). The Global SOC operates in a 24x7, follow the sun model and is the firm's first line of defense against evolving cyber threats, ensuring the safety and integrity of our digital assets. This role requires an individual with deep understanding of SOC processes, incident response, reviewing content/use case and security automation. As a senior analyst, the role would require coaching junior analysts in SOC and provide critical support to the management in handling cyber security incidents. Responsibilities:
Analyze security events to identify potential threats and intrusions. Events include but not limited to Intrusion Detection/Prevention tools, anomaly detection systems, Firewalls, Antivirus and EDR systems, proxy devices, cloud security solution and data leakage prevention system.
Act as a Level 2 escalation point for incident triage, investigation, and response.
Perform a holistic use cases review and tuning to enhance monitoring value and efficiency.
Develop and maintain advanced security monitoring content such as detection rules, correlation use cases, and security alerts.
Implement and optimize security automation to improve process efficiency and response times.
Lead incident response activities including root cause analysis, containment and remediation efforts.
Collaborate with security infrastructure teams to ensure effective integration of security technologies with operational processes.
Create and maintain comprehensive documentation for SOC procedures.
Participate in/support cyber drill, regulatory, audit requests.
Provide mentorship for junior analysts within the SOC team.
Stay updated with the latest cybersecurity trends, emerging threats and technologies.
The above serves as a basis for understanding the type of work performed. Ad-hoc duties may be assigned as required.
Qualifications and desired qualities:
Bachelor’s degree or higher, major in Cybersecurity is a plus.
Certifications: GCIA, GCIH, CISSP, CISM, GSEC or similar certification preferable.
Strong investigative and analytical mindset with attention to details.
A good team player, self driven and able to act as individual contributor.
Consistently demonstrates clear and concise written and verbal communication.
Manage work relationship with peers and partners.
Work Experience:
8+ years of relevant experience in Cybersecurity operations.
Security Operations Center experience required.
Understand the life cycle of network threats, web attacks, attack vectors, methods of exploitation and aware of the evolving of cyber threat landscape.
Ability to conduct analysis utilizing various logs to identify unusual behavior that may indicate malicious activity.
Good understanding of computer networks, email flow, and operating system logs.
Experience with automation and scripting. Preferably in Powershell/Python.
Experience in XSOAR platforms.
------------------------------------------------------
Job Family Group:
Technology------------------------------------------------------
Job Family:
Information Security------------------------------------------------------
Time Type:
Full time------------------------------------------------------
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View the "EEO is the Law" poster. View the EEO is the Law Supplement.
View the EEO Policy Statement.
View the Pay Transparency Posting