CrawlJobs Logo

Lead Cloud Incident Responder

https://www.citi.com/ Logo

Citi

Location Icon

Location:
United States, Irving

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Employment contract

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

Citi’s Cloud Incident Response (Cloud IR) team seeks a Lead Incident Responder to lead and oversee the organization’s incident response operations within the public cloud environments. This role includes leading incident response operations, identifying gaps in cloud security response capabilities, managing a high-performing security operations team, and liaising with senior leadership.

Job Responsibility:

  • Own and lead Citi’s response to security incidents in our cloud platforms (comprising mainly of AWS, GCP and RedHat OpenShift) acting as the Incident Commander while dealing with security incidents and exercises
  • Build and sustain a small high-performing security operations team skilled in managing cloud incidents
  • Collaborate with relevant engineering teams to gain an in-depth and accurate understanding of Citi’s cloud landscape along with CI/CD tools, processes and procedures
  • Proactively identify gaps in cloud security response capabilities (processes, procedures, automation and playbooks) and take ownership to deliver and mature these continually
  • Ensure readiness for various incident response scenarios based on historical data but also proactively identifying new threat vectors to consider
  • Identify and pursue areas where AI & Automation can help mature current Incident Response workflows to make them effective and efficient
  • Oversee the day-to-day duties of any technical contractors and provide regular feedback and direction
  • Liaise with senior leadership to represent the team on various leadership briefings showcasing team excellence
  • Provide occasional flexibility to support critical security incidents when they occur out of regular office hours.

Requirements:

  • Strong technical expertise in relevant Cloud security tools and technologies (e.g. EDR, SIEM, Container security, SSPM, CNAPP, etc.)
  • Relevant leadership skills with the ability to inspire, mentor and manage high-performing incident response practitioners
  • Exceptional communication and presentation skills to simplify and convey complex technical matters to senior security stakeholders and leadership
  • Strong understanding of security incident response processes, excellent technical documentation skills and proven analytical skills highly desirable
  • Deep knowledge of public cloud services that are used in the building blocks of modern cloud-native containerized applications
  • Advanced proficiency with cloud security focused services such as Guard Duty, SCC, IAM, etc.
  • Hands-on experience with CI/CD methodologies and tools that support modern deployment practices into public cloud and associated security best practices
  • Proficient with public cloud services focused on automation such as SSM, Lambda, Cloud Functions, etc
  • Experience with various log aggregation/data analytics tools, such as Splunk, Sentinel, etc.
  • Familiarity with security constructs of SaaS and PaaS offerings such as Snowflake, MongoDB desired
  • Prior experience of using tools such as Aquasec, Twistlock, Wiz, Lacework, AppOmni, CrowdStrike, Tanium, etc is an advantage
  • Industry-accredited certifications will be required. Candidates with relevant security certifications (ex: AWS Security Specialty, GCP Professional Security Engineer, CKA/CKS, etc.) will be preferred. Candidates without certification must be willing to pursue them during employment.

Nice to have:

  • Familiarity with security constructs of SaaS and PaaS offerings such as Snowflake, MongoDB
  • Prior experience of using tools such as Aquasec, Twistlock, Wiz, Lacework, AppOmni, CrowdStrike, Tanium.
What we offer:
  • Medical, dental & vision coverage
  • 401(k)
  • life, accident & disability insurance
  • wellness programs
  • paid time off packages including planned time off (vacation), unplanned time off (sick leave), and paid holidays
  • discretionary and formulaic incentive and retention awards.

Additional Information:

Job Posted:
May 31, 2025

Expiration:
August 25, 2025

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
View All Jobs In This Company
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon
Welcome to CrawlJobs.com
Your Global Job Discovery Platform
At CrawlJobs.com, we simplify finding your next career opportunity by bringing job listings directly to you from all corners of the web. Using cutting-edge AI and web-crawling technologies, we gather and curate job offers from various sources across the globe, ensuring you have access to the most up-to-date job listings in one place.
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs China Jobs Belgium Jobs Malaysia Jobs
Company
About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
© 2025 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy