This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
Go beyond traditional analysis and become a proactive threat hunter at the heart of Citi's global security operations. The CSIS Advanced Analytics and Cyber OSINT program seeks a senior Intelligence Lead Analyst to design, lead, and mature our threat hunting capabilities. In this pivotal role, you will transform open-source information into actionable intelligence, safeguarding the assets, integrity, and reputation of Citi and its clients against emerging threats.
Job Responsibility
Analyze regional threat data and determine a correlation if any, to existing intelligence requirements
Monitor and research cyber threats with a direct or indirect impact to the Citi brand
Research and identify malicious activity by performing post-mortem analysis on logs, traffic flows, and other activities
Conduct intrusion analyses to ascertain the impact of an attack, and develop mitigation techniques for future attacks
Evaluate networks and programs to assess potential weaknesses and points of entry
Analyze and present to senior leadership discovered patterns to forecast future cyber-attacks and their potential impact
Liaise with intelligence communities, law enforcement, industry partners, peer financial institutions, and information sharing communities
Triage, process, analyze, and disseminate intelligence alerts, reports, and briefings
Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency
Requirements
6-10 years of relevant experience
Working knowledge in one or more of the following areas: Advanced Persistent Threat, Third Party Risks/Threats, Cybercrime, Extremist Groups and Cyber Terrorists, Hacktivism, Distributed Denial of Service attacks, Fraud, Malware, Mobile Threats
Proven track record of operationalizing cyber threat intelligence
Consistently demonstrates clear and concise written and verbal communication
Proven influencing and relationship management skills
Proven analytical skills
Bachelor’s degree/University degree or equivalent experience
Proficiency in the MITRE ATT&CK framework
Hands-on experience with Threat Intelligence Platforms including Recorded Future, Mandiant Advantage, ThreatConnect, MISP, or OpenCTI
Experience with scripting and automation languages including Python, PowerShell, and Bash
Advanced OSINT tradecraft including dark web monitoring, social media intelligence, infrastructure pivoting, and digital footprint analysis
Experience with link analysis platforms such as Palantir, Maltego, and i2 Analyst's Notebook
Solid understanding of network forensics, log analysis, and reverse engineering
Working knowledge of malware analysis (static and dynamic) and adversary infrastructure analysis
Exceptional written and verbal communication skills
Proven influencing, relationship management, and analytical skills
Nice to have
Master’s degree preferred (Advanced degree preferred, ideally in Computer Science, Cybersecurity, Information Security, or a related STEM discipline)
Additional valued certifications include: CREST CCTIM, Recorded Future Certified Analyst, CISSP, CEH, or OSCP
What we offer
Discretionary and formulaic incentive and retention awards
medical, dental & vision coverage
401(k)
life, accident, and disability insurance
wellness programs
paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays