25823813 VP – Senior Cyber Threat Intelligence Analyst

Job Description

The Citi Cyber Intelligence Center (CIC) is part of the Chief Information Security Office (CISO) and is responsible for analyzing cyber threat information designed to increase Citi's cyber threat awareness and protection levels by providing awareness, indications, warnings, and operational readiness. The CIC protects the Citi brand, global business operations, technology infrastructure, and client trust against cyber threats worldwide. In support to this mission, the CIC Analysis Team is responsible for providing various cyber threat alerts, reports, briefings, and other products and services for Citi stakeholders.

The position is offered as a hybrid work role, which requires the analyst to be present in the Singapore office 3 days per week as a requirement.

Responsibilities:

• Actively monitor and research cyber threats with a direct or indirect impact to Citi and examine associated tools, techniques, and procedures (TTP) to reconstruct attacker workflows.
• Produce high quality, timely, and actionable alerts that drive decision making across the firm.
• Analyze Indicators of Compromise (IOCs) and conduct pivots via paid and open-source tooling.
• Map threats to the MITRE ATT&CK framework and communicate effective mitigation procedures where appropriate.
• Expand research and information scope using common enrichment platforms, including creating YARA rules for indicator pivoting and hunting.
• Produce actionable cyber threat intelligence products using a variety of internal and external sources that describe trends and shifts in the cyber threat landscape.
• Support CIC requests and investigations and interact with global Citi CIC, Citi Cyber Security Fusion Center, Security Operations Center (SOC), and Vulnerability Assessment (VA) staff members in a Follow-the-Sun model.
• Regularly provide intelligence briefs to technical, non-technical, and senior-level audiences.

Requirements:

• Has 4-6 years of experience working in a cyber threat intelligence related function (defense/law enforcement/private sector).
• Maintains an understanding of the threat intelligence lifecycle, cyber threat actors, and MITRE ATT&CK.
• Experience analyzing information derived from threat intelligence vendors and platforms
• Must possess strong writing, and critical thinking/analysis skills.
• Must be a self-starter, self-motivated and able to work independently with little oversight in a fast-paced, operationally focused environment.
• Bachelor’s degree/University degree or equivalent experience, preferably in one of the following areas: cybersecurity / information security / information technology / computer science
• Fluent in English (reading and writing)

Preferred Qualifications:

• Has 2-3 years of experience working in a technical analysis function including but not limited to threat hunting, malware analysis, forensics, or incident response.
• Maintains technical proficiency in the use of tools, techniques, and countermeasures. Evaluates tools, services, and processes to enhance the team’s threat analysis capability.
• Ability to discern patterns of threat actor behavior at the technical level. Deep understanding of threat actor capabilities, motivations, and tool sets to assess risk.
• Certifications, including CISSP, GIAC’s GREM, GCFA and/or GCTI.
• Graduate degree in one of the following areas: cybersecurity / information security / information technology / computer science.
• Previous work in the financial industry.
• Basic knowledge of financial payment systems (example: SWIFT).

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.