As cybercriminals grow more sophisticated and news of major breaches reach headlines nearly daily, cybersecurity professionals are in high demand.
Continued advances in technology ensure that the clients and communities we support are now more connected than ever before. But with these new advances come more sophisticated cyber criminals and attacks against the public and private sector.
Citis Cyber Security rises to the challenge of our threat landscape by implementing effective situational awareness and improved communication, coordination and collaboration across our global footprint supported by forensic and knowledge management tools that capitalize on our understanding of the current threat landscape.
Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop to are widely available to all.
A Team of Teams - Citi Cyber Security team is comprised of 11 teams that work collaboratively on a daily basis: the Cyber Intelligence Center (CIC), Security Operations Center (SOC), Cyber Security & Investigative Services (CSIS), Global Intelligence Analysis (GIA), Vulnerability Assessment (VA), Security Incident Management (SIM), Advanced Adversary Interdiction (ADV2), Fraud, Third Party Information Security Assessment Process (TPISA), Office of Emergency Management (OEM), and Core Team. The combined analytic effort from these teams provides senior leaders with a more accurate picture of the cyber threat landscape
Cybersecurity jobs span a number of different roles with a variety of job functions.
In-demand roles include penetration testers, who go into a system or network, find vulnerabilities, and either report them to the organization or patch them themselves
Computer forensics experts conduct security incident investigations, accessing and analyzing evidence from computers, networks, and data storage devices. Security consultants act as advisors, designing and implementing the strongest possible security solutions based on the needs and threats facing an individual company.
The role(s) has the following principle accountabilities:
Responsible to monitors, analyses and responds to infrastructure threats and vulnerabilities on a 24x7 basis
Focuses on advanced threat analysis, custom threat detection techniques, SOC process improvement, and assisting in new security tools and technology evaluation
Tests various platforms, performs threat modeling, source code review, and application/infrastructure penetration testing in general
Provides deep-dive application vulnerability assessment services to Citi businesses globally through a comprehensive testing process, as well as identifying weaknesses and vulnerabilities within the system and proposing/implementing countermeasures
Supports plan, build and operate functions of various cyber security tools. Performs daily administration, management, configuration, testing, and integration tasks including capacity planning, change management, version/patch management, and lifecycle upgrade management
Service Development to understand the capabilities and functionalities of different services
Ensure proper documentation, escalation, tracking, and follow up of all provisioning related issues
Define/ Enhance service performance goals and metrics, and drive capacity management for required asset
The skills required to work in Citis Cyber Security team vary depending position.
Some of the key certifications good to have:
GPENGIAC Certified Penetration Tester
GXPNGIAC Exploit Researcher and Advanced Penetration Tester
OSCPOffensive Security Certified Professional
CEHCertified Ethical Hacker
GWAPTGIAC Web application Penetration Tester
GMOBGIAC Mobile Device Security Analyst
CICPCore Impact Certified Professional
GSSP- JavaGIAC Secure software Programmer Java
GCIHGIAC Certified Incident Handler
GREM - GIAC Reverse Engineering Malware
CHFI - Computer Hacking Forensic Investigator-
ArcSight Certified Security Analyst
ArcSight Certified Content Developer
Splunk for Analytics and Data Science
Check Point Certified Security Administrator (CCSA)