The Citi Cyber Intelligence Center (CIC) is part of the Chief Information Security Office (CISO) and is responsible for analyzing cyber threat information designed to increase Citi's cyber threat awareness and protection levels by providing awareness, indications, warnings, and operational readiness. The CIC protects the Citi brand, global business operations, technology infrastructure, and client trust against cyber threats worldwide. In support to this mission, the CIC Analysis Team is responsible for providing various cyber threat alerts, reports, briefings, and other products and services for Citi stakeholders.

The Intelligence Senior Analyst is an intermediate level position responsible for leading efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

The position will be the first of a number of analysts positions offered in Dublin, with other team members across EMEA and other regions. Analysts will report up to the Threat Intelligence International Cluster Head based in London.

The position is offered as a hybrid work role, which requires the analyst to be present in the Dublin office 3 days per week as a requirement.

Responsibilities:

• Actively monitor and research cyber threats with a direct or indirect impact to Citi and examine associated tools, techniques, and procedures (TTP) to reconstruct attacker workflows.
• Produce quality, timely, and actionable alerts that drive decision making across the firm.
• Extensive knowledge of Indicators of Compromise (IOCs) and ability to conduct pivots via paid and open-source tooling.
• Map threats to the MITRE ATT&CK framework and communicate effective mitigation procedures where appropriate.
• Expand research and information scope using common enrichment platforms, including creating YARA rules for indicator pivoting and hunting.
• Produce actionable cyber threat intelligence products using a variety of internal and external sources that describe trends and shifts in the cyber threat landscape.
• Support CIC requests and investigations and interact with global Citi CIC and Citi Cyber Security Fusion Center staff members in a Follow-the-Sun model.
• Regularly provide intelligence briefs to technical, non-technical, and senior-level audiences.

Requirements:

• Has 1-3 years of experience working in a technical analysis function including but not limited to threat hunting, malware analysis, forensics, or incident response.
• Maintains technical proficiency in the use of tools, techniques, and countermeasures. Evaluates tools, services, and processes to enhance the team’s threat analysis capability.
• Ability to discern patterns of threat actor behavior at the technical level. Deep understanding of threat actor capabilities, motivations, and tool sets to assess risk.
• Experience with threat intelligence vendors and platforms
• Maintains an understanding of the threat intelligence lifecycle. 
• Must possess strong writing, and critical thinking/analysis skills.
• Must be a self-starter, self-motivated and able to work independently with little oversight in a fast-paced, operationally focused environment.
• Bachelor’s degree/University degree or equivalent experience, preferably in one of the following areas: cybersecurity / information security / information technology / computer science

Preferred Qualifications:

• Has a minimum of 2+ years of experience working in a cyber threat intelligence related function (defense/law enforcement/private sector).
• Certifications, including CISSP, GIAC’s GREM, GCFA and/or GCTI.
• Graduate degree in one of the following areas: cybersecurity / information security / information technology / computer science.
• Previous work in financial industry.
• Basic knowledge of financial payment systems (example: SWIFT).

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting