CrawlJobs Logo

Cloud Security Incident Responder

https://www.citi.com/ Logo

Citi

Location Icon

Location:
United States, Irving

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Employment contract

Salary Icon

Salary:

125760.00 - 188640.00 USD / Year

Job Description:

Citi’s Cloud Incident Response team seeks a Cloud Incident Responder to own assigned security incidents within Citi’s public cloud environments. The role involves leading investigations, developing automation capabilities, and collaborating globally to safeguard the integrity of services and data within Citi’s cloud platforms.

Job Responsibility:

  • Lead and/or support in-depth triage and investigations of assigned cyber incidents in cloud
  • Perform incident response functions including but not limited to detailed cloud focused investigations by analyzing logs relevant to the underlying cloud service provider (CSP)
  • Execution of automation to gather forensic artifacts such as memory, disk, etc. for in-depth analysis and investigations
  • Execution of cloud-native automation to run resource containment actions as relevant to sources of compromise and/or malicious activities in scope
  • Conduct host-based analytical functions (e.g. digital forensics, metadata and data analysis) to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs)
  • Documentation of investigation analysis objectively capturing the Who, What, When, Where, Why and How related to the incident
  • Develop, document and maintain operationally effective playbooks to deal with cloud-based incidents
  • Take ownership for and drive the development of new automation capabilities and supporting playbooks as per assigned domains within cloud
  • Work with application and infrastructure stakeholders to identify key components and information sources such as cloud environments, instances, middleware, applications, databases, logs, etc.
  • Collaborate with global multidisciplinary groups for triaging, defining the scope and investigating large-scale security incidents
  • Build and nurture key stakeholder relationships with partners in the CISO business function that are essential to the IR team success
  • Actively participate in Threat modeling of new services/capabilities, readiness exercises such as purple team, tabletops, CTF’s etc.

Requirements:

  • Strong technical expertise in relevant Cloud security tools and technologies (e.g. EDR, SIEM, Container security, SSPM, CNAPP, etc.)
  • Solid team player with the ability to work in multi-disciplinary team of teams with DevSecOps practitioners
  • Exceptional communication and presentation skills to simplify and convey complex technical matters to senior security stakeholders and leadership
  • Strong understanding of security incident response processes, excellent technical documentation skills and proven analytical skills
  • Must have demonstrable experience on most of the following: Deep knowledge of public cloud services that are used in the building blocks of modern cloud-native containerized applications
  • Advanced proficiency with cloud security focused services such as Guard Duty, SCC, IAM, etc.
  • Hands-on experience with CI/CD methodologies and tools that support modern deployment practices into public cloud and associated security best practices
  • Proficient with public cloud services focused on automation such as SSM, Lambda, Cloud Functions, etc.
  • Experience with various log aggregation/data analytics tools, such as Splunk, Sentinel, etc.
  • Familiarity with security constructs of SaaS and PaaS offerings such as Snowflake, MongoDB desired
  • Windows Operating Systems / UNIX specifically in command line use and basic file system knowledge
  • Prior experience of using security-oriented tools such as Aquasec, Twistlock, Wiz, Lacework, AppOmni, CrowdStrike, Tanium, etc. is an advantage
  • Industry-accredited certifications will be required. Candidates with relevant security certifications (ex: AWS Security Specialty, GCP Professional Security Engineer, CKA/CKS, SC-200, SC-400, AZ-500, etc.) will be preferred. Candidates without certification must be willing to pursue them during employment.

Nice to have:

  • Familiarity with security constructs of SaaS and PaaS offerings such as Snowflake, MongoDB
  • Prior experience of using security-oriented tools such as Aquasec, Twistlock, Wiz, Lacework, AppOmni, CrowdStrike, Tanium.
What we offer:
  • Medical, dental & vision coverage
  • 401(k)
  • life, accident, and disability insurance
  • wellness programs
  • paid time off packages, including vacation, sick leave, and paid holidays
  • discretionary and formulaic incentive and retention awards.

Additional Information:

Job Posted:
May 31, 2025

Expiration:
August 25, 2025

Employment Type:
Fulltime
Work Type:
Hybrid work
Job Link Share:
Welcome to CrawlJobs.com
Your Global Job Discovery Platform
At CrawlJobs.com, we simplify finding your next career opportunity by bringing job listings directly to you from all corners of the web. Using cutting-edge AI and web-crawling technologies, we gather and curate job offers from various sources across the globe, ensuring you have access to the most up-to-date job listings in one place.