- Permanent, Full time
- Citibank NA
- 19 Feb 18
GF - Information Security Analyst (Core Team – Forensics)
GF - Information Security Analyst (Core Team – Forensics)
- Primary Location: Singapore,Singapore,Singapore
- Education: Bachelor's Degree
- Job Function: Security
- Schedule: Full-time
- Shift: Day Job
- Employee Status: Regular
- Travel Time: Yes, 10 % of the Time
- Job ID: 17054079
The Core Team analyst position requires a high level of expertise in the analysis of cyber threat information designed to increase Citi's cyber threat awareness and protection levels. This position will be a part of the Citi Security & Investigative Services (CSIS) Core Team program in collaboration with CSIS cyber investigations and the Global Information Security (GIS) Core Team program across the globe.
CSIS is a full-service security and investigative team that protects the assets, integrity, and reputation of Citi and its clients. We accomplish this by offering in-house professional security services and independent investigations to clients across all of Citi's businesses and regions, and partnerships with other Citi business groups, law enforcement agencies, governments and industry counterparts.
The Cyber Security Fusion Centers (CSFCs) within CSIS and GIS combines a variety of cyber security functions in a "team of teams" concept which focus on ensuring Citi is protected from internal and external cyber threats.
In support to the Cyber Security Fusion Center (CSFC) mission, the CSIS CSFC Core Team is responsible for analyzing cyber threat information designed to increase Citi's cyber threat awareness and protection levels. By providing awareness, indications, warnings, and operational readiness, the CSFC Core Team protects the Citi brand, global business operations, technology infrastructure and client trust against cyber threats worldwide. Based in Singapore, this position will report to the CSIS CSFC Core Team Manager. This position will be a part of the CSIS Core Team program in collaboration with CSIS cyber investigations and the Global Information Security (GIS) Core Team program across the globe.
- Conduct analysis and publish cyber security related information in a timely fashion
- Assess cyber risk; analyze information creatively; identify lynchpin arguments that support analytic conclusions
- Identify data points that, if changed, would change or undermine key arguments in analytical and awareness products
- Contrast and compare new information with previously acquired information; and make use of limited, ambiguous, unreliable, and deceptive information
- Publish cyber security reports and analytical activity that adequately represents and defends a view point on security topics, emphasizing enterprise decisions to prevent, detect, or alert information security professionals while considering other business cases
- Maintain a constant awareness of CSFC team actions, significant internal and external information security incidents, and changes in Citi information security policy, procedure or technology, and events that indicate change to material risk at Citi
- Contribute to the CSFC Core Team in all areas in which the work of CSFC Teams have touch points, whether through analytic research or incident and accurately translating them into situation or analytic reports
- Contribute to the CSFC Core Team on the publication of Global CSFC communications for products such as daily and weekly Cyber Reports, Monthly Technical Reports, ad hoc Situation Reports, Fusion Tracker summaries and internal publications
- Conduct briefings to internal and external audiences on the CSFC mission, current cyber threat landscape, and CSFC team actions, particularly in the event of a significant cyber incident
- More than 3 years of experience in the production of cyber intelligence, cyber security risk assessments, and cyber awareness white papers.
- Strong understanding of:
- Forensic analysis, threat intelligence, adversary hunting, anomaly detection and analysis, and the discovery of previously undiscovered cyber threats or attacks
- Network protocols and operating system structures and hierarchy
- Security Operations Center tools, methods, and procedures
- Leveraging big data to conduct analysis to identify information of value related to cyber risks and artifacts.
- Broad knowledge of business processes including business operations, information technology, security, fraud investigations, and intelligence production
- Exceptional project management skills. Ability to coordinate several projects simultaneously and supervise the execution of daily duties with minimal supervision.
- Strong organizational and facilitation skills.
- Highly developed communication and presentation skills.
- Experience analyzing large data sets.
- Strong understanding of Advanced Persistent Threat (APT) actors, cyber criminals, their motivations, skillsets, toolsets and intent.
- Operate under the mode of thinking that a network is always in a state of compromise in order to detect persistent activity that is not otherwise detected by existing process, procedure and technology
- Minimum BA, preferred, post graduate degrees welcomed
- Degrees in national security, public policy, international affairs, political science, English, philosophy, cyber intelligence and various technology and analytics fields preferred
- Exceptional written and oral communication skills essential
- Proven ability to analyze information and publish reports
- Ability to think critically about topics and offer creative conclusions
- Understanding of cyber security topics, the internet, and security with a passionate desire to learn more
- Experience working in a security operations, network operations, intelligence assessment or cyber fusion center environments preferred.
- Experience formatting and editing Word, Power Point and PDF documents
- Demonstrated ability to collaborate on information technology related topics with multiple teams
- Ability to quickly analyze to determine its significance, validate its accuracy and assess its reliability and present findings to both technical and non-technical audiences
- Driven, self-motivated and able to work independently with little oversight.
- Demonstrated capability to create products on a reoccurring basis incorporating findings from cross-functional and cross-enterprise teams
- Strong understanding of the tools and sources available to conduct cyber security alerting, analysis, and enhanced situational awareness
- Ability to manage changes in priorities frequently and remain productive and effective