Lead Fraud SIEM Content Developer, Citi

Citi

Location:
United States, Tampa

Category:
IT - Administration

Contract Type:
Employment contract

Salary:

141440.00 - 212160.00 USD / Year

Save Job

Apply Position

Job Description:

The Lead Fraud SIEM Content Developer is a senior lead level position critical to driving proactive defense against fraud-related information/data breaches and cyber-attacks. This role is responsible for leading a team of Splunk ES content developers who focus on building and maintaining a robust and effective fraud detection capability within Citi's Security Operations Center.

Job Responsibility:

lead and mentor a team of Splunk ES developers, fostering a collaborative and high-performing environment
define and maintain the overall architecture and roadmap for Splunk ES content related to fraud detection, ensuring alignment with the SOC's strategic objectives
stay abreast of emerging fraud trends, attack vectors, and industry best practices to continuously enhance the team's detection capabilities
oversee the design, development, testing, and implementation of high-fidelity Splunk ES alerts and dashboards specifically tailored for fraud detection use cases
ensure content is well-documented, easily maintainable, and adheres to established coding standards and best practices
collaborate closely with SOC analysts to understand their operational workflows and tailor content to meet their investigative needs
partner with various internal teams (e.g., Applications Development, Threat Intelligence, and Incident Response) to integrate fraud detection capabilities into existing security processes
communicate effectively with both technical and non-technical stakeholders across different levels of the organization, providing regular updates on the team's progress and addressing any concerns
continuously evaluate and recommend new and emerging technologies that can enhance the team's ability to detect and respond to sophisticated fraud attempts

Requirements:

8+ years' experience performing Security Event monitoring and analysis specifically around Fraud incidents and events monitoring
strong understanding of fraud detection methodologies, techniques, and tools, with a focus on leveraging Splunk ES to its full potential
experience working in a financial services large-scale or enterprise environment
proven experience as a Security Architect or Application Architect with deep knowledge of security principles and best practices
extensive experience with Splunk ES, including content development, dashboarding, and alert creation
strong scripting skills (e.g., Python, PowerShell) for automating tasks and integrating with other security tools
demonstrated ability to lead and motivate technical teams, providing guidance, mentorship, and support
excellent communication skills, both written and verbal, with the ability to effectively convey complex technical information to diverse, technical and non-technical audiences
advanced analytical and problem-solving skills, with a proven ability to identify and troubleshoot complex technical issues
strong attention to detail and commitment to delivering high-quality work

Nice to have:

relevant industry certifications (e.g., Splunk Certified Architect, CISSP, CISM)
willingness to obtain certification within first 12-18 months of employment

What we offer:

medical, dental & vision coverage
401(k)
life, accident, and disability insurance
wellness programs
paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays
discretionary and formulaic incentive and retention awards

Additional Information:

Job Posted:
September 05, 2025

Expiration:
September 11, 2025

Employment Type:

Fulltime

Work Type:

Hybrid work

View All Jobs In This Company

Job Link Share:

Lead Fraud SIEM Content Developer