The Advanced Cyber Defense (ACD) team is a group inside the Citi Security Operations Center (SOC). The ACD is a full-time threat hunt team that focuses on advanced threat analysis, custom threat detection techniques, process improvement and evaluation of new security tools and technology. ACD team members are subject matter experts in multiple cyber security disciplines including threat hunting, content creation, network and end-point log analysis, malware analysis, Windows/Linux/Unix command line and scripting. ACD team member duties include but not limited to development of new SOC processes and procedures to enhance operations, research in emerging cyber security threats, participation and contribution as a Subject Matter Expert (SME) in major security events and provide guidance to SOC Tier 1 and SOC Tier 2 analysts.
Principle Responsibilities:
- Proactively hunt for potential malicious activities in the bank’s environment
- Research and identify emerging cyber security threats
- Enhance current deployment of commercial tools used by Security Operations Center.
- Participate in major security events as subject matter expert.
- Development of new tools, processes and procedures to enhance SOC monitoring and analysis capabilities
- Evaluate new technologies against SOC requirements in proof of concepts
- Provide guidance to SOC Tier 1 and SOC Tier 2 analysts
Requirements:
The candidate should have Security Operations Center / Threat Hunt / Incident Response experience. He/she should be able to perform the SOC analyst Tier 3 duties in addition to following experience and advanced threat analysis skills:
- 8+ years working in the security & operations fields
- Bachelor's Degree or higher preferred
- Possess strong fundamental knowledge of network (TCP/IP) and operating system (Windows/Linux)
- Hands-on experience with cyber security solutions; SIEM, AV, NIDS, EDR etc
- Ability to investigate network traffic, read and interpret logs and packet captures
- Ability to investigate email threats; Email sample analysis, handling phishing campaigns etc
- Experience in web/shell programming and debugging codes
- Experience in cloud computing and security controls
- Familiar with malware and memory analysis techniques
- Critical thinking and analytical skills
- Good written and oral communications skills
- Team player with the ability to work independently
- Experiences in malware analysis and/or reverse engineering is a plus.
