CIRT Intermediate Investigator Citi
Irving, TX

Job Description

* Primary Location: United States,Texas,Irving
* Education: Bachelor's Degree
* Job Function: Corporate Services
* Schedule: Full-time
* Shift: Day Job
* Employee Status: Regular
* Travel Time: Yes, 10 % of the Time
* Job ID: 19018962

Description

About Citi

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.

Citi's Mission and Value Proposition explains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients' and the public's trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.

Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop are widely available to all.

Description:

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.

Citi's Mission and Value Proposition explains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients' and the public's trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.

Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop are widely available to all.

The CSIS Cyber Investigation Response Team (CIRT) Investigator is responsible for the investigation life cycle of all Information Security incidents impacting Citigroup. The position requires the individual to be available 24 x 7 x 365 and to travel when required. All incidents are reviewed, triaged, and investigated when necessary to determine root cause, business impact, customer and regulatory notification requirements, as well as any potential franchise or reputational risk to the franchise. CIRT Investigators are expected to operate outside of vendor tools and be able to directly interface with raw data (Netflow, PCAP, Windows Event Logs, BlueCoat Proxy Logs, DHCP logs, Cisco Firewall Logs, etc). The role requires highly specialized technical skills and subject matter expertise in the area of network forensics and information security. Strong communication and diplomacy skills are required and the ability to evaluate extremely complex and variable issues with substantial potential impact, where development of an approach/action involves weighing various alternatives and balancing potentially conflicting situations using multiple sources of information. Requires good analytical skills in order to filter, prioritize and validate potentially complex and dynamic material from multiple sources

Key Roles & Responsibilities

* Develop analytical techniques for large data sets (proxy logs, flow, IDS, etc) for anomalous security related events
* Develop and perform data extraction and analysis using self-developed scripts, programs, and analytic tools
* Collect and document forensic artifacts to support the investigative effort
* Work with internal SME's and vendors to define signatures and processes for detecting the malware
* Actively engage with the Cyber Investigation Managers and Security Incident Management Team leads (SIM) to ensure they are kept apprised of any significant changes during the progress of an investigation
* Actively engage in liaison activities with, Law Enforcement, Industry Associations, peer institutions, and information sharing communities

Qualifications

* Minimum of Bachelor's degree, preferred Master's degree in computer science or related field or equivalent work experience.
* Previous US Intelligence, military and/or Law Enforcement background(s), a plus.
* 0-2 years of Information and / or Network Security Experience.
* Knowledge of important strategies used to gather events, analyze them, and determine if we have an incident.
* Knowledge of what Incident Handling is, why it is important, and an understanding of best practices to take in preparation for an Incident.
* Knowledge of how buffer overflows work and how to defend against them.
* Knowledge of various client attacks and how to defend against them.
* Knowledge of how attackers use tunneling and covert channels to cover their tracks on a network, and the strategies involved in defending against them.
* Knowledge of how attackers hide files and directories on Windows and Linux hosts and how they attempt to cover their tracks.
* Knowledge of the different kinds of Denial of Service attacks and how to defend against them.
* Knowledge of high-level strategies to prevent an attacker from causing further damage to the victim after discovering the incident.
* Knowledge of the general approaches to get rid of the attacker's artifacts on compromised machines, the general strategy to safely restore operations, and the importance of the incident report and lessons learned meetings.
* Knowledge of various network attacks and how to defend against them.
* Knowledge of the three methods of password cracking.
* Knowledge of public and open source reconnaissance techniques.
* Knowledge of scanning fundamentals; to discover and map networks and hosts, and reveal services and vulnerabilities.
* Knowledge of tools and techniques used to perform session hijacking and cache poisoning, and how to respond and prepare against these attacks.
* Knowledge of how backdoors, trojan horses, and rootkits operate, what their capabilities are and how to defend against them.
* Knowledge of the value of the Open Web Application Security Project (OWASP), as well as different Web App attacks such as account harvesting, SQL injection, Cross-Site Scripting and other Web Session attacks.
* Knowledge of what worms, bots and bot-nets are, and how to protect against them.
* Knowledge of at least one scripting language
* Expertise with Flow and PCAP Analysis
* 3+ years' experience in using malware research tools including dis-assemblers (IDAPro), debuggers (Immunity Debugger, OllyDbg), hex editors, un-packers, virtual machines, network sniffers / packet capture tools and other reverse engineering tools.
* 3+ years' experience with scripting or programming languages, including but not limited to Visual Basic, MySQL, C, C++, Perl, Python and / or SQL Oracle Database development.
* Familiarity with cyber-crime and cyber-attacks, responsible groups, motivations and TTP's.