• Competitive
  • Singapore
  • Permanent, Full time
  • Citibank NA
  • 15 Dec 17

GF - Information Security (Advanced Adversary – Forensics)

GF - Information Security (Advanced Adversary – Forensics)

  • Primary Location: Singapore,Singapore,Singapore
  • Education: Bachelor's Degree
  • Job Function: Security
  • Schedule: Full-time
  • Shift: Day Job
  • Employee Status: Regular
  • Travel Time: No
  • Job ID: 17054082


Job Summary
The Advanced Adversary (ADV2) analyst requires a high level of expertise in conducting multiple cyber hunt operations to detect and prevent both known and unknown cyber-attacks impacting Citi, its clients, and partners. This position will be a part of the Citi Security & Investigative Services ADV2 program in collaboration with Citi Security and Investigative Services (CSIS) cyber investigations and the Global Information Security (GIS) ADV2 program across the globe.
Business Description
CITI Security and Investigative Services (CSIS) is a full-service security and investigative team that protects the assets, integrity, and reputation of Citi and its clients. We accomplish this by offering in-house professional security services and independent investigations to clients across all of Citi's businesses and regions, and partnerships with other Citi business groups, law enforcement agencies, governments and industry counterparts.
The Cyber Security Fusion Centers (CSFCs) within CSIS and GIS combines a variety of cyber security functions in a "team of teams" concept which focus on ensuring Citi is protected from internal and external cyber threats. 
Job Purpose
In support to the Cyber Security Fusion Center (CSFC) mission, the ADV2 team is responsible for detecting, identifying, and understanding advanced and determined cyber threats.  Based in Singapore, this position will report to the CSIS CSFC ADV2 Manager. The incumbent will execute hunt missions and analysis as part of the CSIS ADV2 team in support of the CSFC ADV2 global program. 
Key Responsibilities:
  • Conduct cyber threat analysis, alerting, and reporting based on intelligence and information gathered from both internal and external sources
  • Conduct research using multiple data sources, performs analysis and disseminates findings to senior Citi leaders
  • Maintain an expert  understanding of Advanced Persistent Threat (APT) actors, their motivations, skillsets, toolsets and intent
  • Operate under the mode of thinking that a network is always in a state of compromise in order to detect persistent activity that is not otherwise detected by existing process, procedure and technology
  • Be part of a team that can perform deep inspection of both current and previous environmental indicators for indications of persistent attacker presence
  • Hunt down and respond to targeted threats and intrusions
  • Leverage Big Data (Hadoop, HIVE SQL) to conduct research and analysis
  • Drive the development of new threat intelligence, detection, and suggest hardening strategies
  • Drive changes needed to respond to emerging threats
  • Develop strategies and brief senior leadership on methods to improve internal investigation capabilities for responding to security events through tool building and training
  • Identify incidents of significance through fusion of current and historic threat data; determine impact, urgency and audience to whom prevention, detection, mitigation and remediation guidance
  • Prepare written reports and give presentations to internal and external customers
  • Apply expertise to ascertain the impact of an attack and develop threat trends to develop mitigation techniques and countermeasures that can prevent future attacks
  • Enumerate adversary's tradecraft to address asymmetrical capabilities and enhance Citi's cyber tradecraft
  • Liaison with external partners to build greater situational awareness for the Cyber Security Fusion Center and its partners


  • Proven track record of conducting cyber hunt missions or performing cyber threat analysis in a Security Operations Center.
  • At least 3 years of experience in:
    • Conducting forensic analysis, threat intelligence, adversary hunting, anomaly detection and analysis, and the discovery of previously undiscovered cyber threats or attacks
    • Knowledge in network protocols and operating system structures and hierarchy
    • IT and InfoSec background including cryptography and network/systems/physical security
    • Forensics reports and investigation summaries to include the reporting of the why, what, how, and when of a cyber-attack
    • Incident handler with Level 1 and experience
    • Analyzing indicators of compromise
    • Querying and analyzing Security Operations Center datasets using a variety of tools including but not limited to Splunk
  • Broad knowledge of business processes including business operations, information technology, security, fraud investigations, and intelligence production
  • Exceptional project management skills. Ability to coordinate several projects simultaneously and supervise the execution of daily duties with minimal supervision.
  • Strong organizational and facilitation skills
  • Highly developed communication and presentation skills
  • Experience with enterprise level software tools to analyze large data sets.
  • Strong understanding of Advanced Persistent Threat (APT) actors, their motivations, skillsets, toolsets and intent
  • Operate under the mode of thinking that a network is always in a state of compromise in order to detect persistent activity that is not otherwise detected by existing process, procedure and technology
  • Minimum BA, preferred, post graduate degrees and certifications welcomed
    • Degrees in information security, computer science, computer engineering, or information security preferred
  • Demonstrated self-starter and resourceful individual, with experience of operating in fast paced and dynamic operational settings
  • Excellent communication, report writing, and presentation skills. Ability to effectively communicate, both orally and in writing, through all levels of the organization
  • Self-motivated with the ability and maturity to make decisions in the absence of detailed instructions
  • Ability to identify risk, notify stakeholders, and inform leadership of the risk posed along with courses of action.