Cloud Security Incident Responder (VP)
6460 LAS COLINAS BLVD IRVING, United States
Full Time Executive-level / Director USD 125K - 188K
Citi
Citi is a leading global bank for institutions with cross-border needs, a global provider in wealth management and a U.S. personal bank.About Citi:
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.
Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.
Citi’s Cloud Incident Response (Cloud IR) team seeks a Cloud Incident Responder to own the assigned security incidents that occur within Citi’s public cloud environments. You will work closely with stakeholders to ensure effective security incident response with an aim to safeguard the integrity of services and data within Citi’s public cloud platforms. Your role is critical in ensuring a proactive and coordinated approach in responding to cloud security incidents and managing security risks in a timely and effective manner. You will align your objectives with the wider Cyber Security Operations priorities at Citi while owning the evolution of our processes, procedures and tools to ensure the firm is ready to tackle critical security incident response challenges within the cloud ecosystem.
Responsibilities
Related activities include but are not limited to:
Lead and/or support in-depth triage and investigations of assigned cyber incidents in cloud.
Perform incident response functions including but not limited to
Detailed cloud focused investigations by analyzing logs relevant to the underlying cloud service provider (CSP)
Execution of automation to gather forensic artifacts such as memory, disk, etc. for in-depth analysis and investigations.
Execution of cloud-native automation to run resource containment actions as relevant to sources of compromise and/or malicious activities in scope.
Conduct host-based analytical functions (e.g. digital forensics, metadata and data analysis) to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs)
Documentation of investigation analysis objectively capturing the Who, What, When, Where, Why and How related to the incident
Develop, document and maintain operationally effective playbooks to deal with cloud-based incidents.
Take ownership for and drive the development of new automation capabilities and supporting playbooks as per assigned domains within cloud.
Work with application and infrastructure stakeholders to identify key components and information sources such as cloud environments, instances, middleware, applications, databases, logs, etc.
Collaborate with global multidisciplinary groups for triaging, defining the scope and investigating large-scale security incidents.
Build and nurture key stakeholder relationships with partners in the CISO business function that are essential to the IR team success.
Actively participate in Threat modeling of new services/capabilities, readiness exercises such as purple team, tabletops, CTF’s etc.
This role requires occasional flexibility to support critical security incidents when they occur out of regular office hours
Qualifications:
Strong technical expertise in relevant Cloud security tools and technologies (e.g. EDR, SIEM, Container security, SSPM, CNAPP, etc.)
Solid team player with the ability to work in multi-disciplinary team of teams with DevSecOps practitioners
Exceptional communication and presentation skills to simplify and convey complex technical matters to senior security stakeholders and leadership
Strong understanding of security incident response processes, excellent technical documentation skills and proven analytical skills
Must have demonstrable experience on most of the following:
Deep knowledge of public cloud services that are used in the building blocks of modern cloud-native containerized applications
Advanced proficiency with cloud security focused services such as Guard Duty, SCC, IAM, etc.
Hands-on experience with CI/CD methodologies and tools that support modern deployment practices into public cloud and associated security best practices
Proficient with public cloud services focused on automation such as SSM, Lambda, Cloud Functions, etc.
Experience with various log aggregation/data analytics tools, such as Splunk, Sentinel, etc.
Familiarity with security constructs of SaaS and PaaS offerings such as Snowflake, MongoDB desired
Windows Operating Systems / UNIX specifically in command line use and basic file system knowledge
Prior experience of using security-oriented tools such as Aquasec, Twistlock, Wiz, Lacework, AppOmni, CrowdStrike, Tanium, etc. is an advantage
Industry-accredited certifications will be required. Candidates with relevant security certifications (ex: AWS Security Specialty, GCP Professional Security Engineer, CKA/CKS, SC-200, SC-400, AZ-500, etc.) will be preferred. Candidates without certification must be willing to pursue them during employment.
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
------------------------------------------------------
Job Family Group:
Technology------------------------------------------------------
Job Family:
Information Security------------------------------------------------------
Time Type:
Full time------------------------------------------------------
Primary Location:
Irving Texas United States------------------------------------------------------
Primary Location Full Time Salary Range:
$125,760.00 - $188,640.00
In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.
------------------------------------------------------
Anticipated Posting Close Date:
Aug 30, 2025------------------------------------------------------
Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.
If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View Citi’s EEO Policy Statement and the Know Your Rights poster.
Tags: Analytics AquaSec Automation AWS Banking CI/CD CISO Cloud CNAPP CrowdStrike CTF Data Analytics DevSecOps EDR Forensics GCP IAM Incident response Lambda MongoDB PaaS SaaS Sentinel SIEM Snowflake Splunk TTPs Twistlock UNIX Windows
Perks/benefits: Career development Competitive pay Flex vacation Health care Insurance Medical leave Startup environment Team events Wellness
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.