Cyber Threat Hunt Senior Analyst, VP

Cyber Threat Hunt Senior Analyst, VP

Citi is seeking a highly motivated and experienced Cyber Threat Hunt Senior Analyst to join our team in Irving, TX or Tampa, FL. This role is based in the Cyber Intelligence Center (CIC), which is part of the larger Chief Information Security Officer (CISO) organization. As a member of this team, you will use proactive threat intelligence from the CIC to conduct advanced, hypothesis-based threat hunts and sustain coverage over Citi's most advanced adversaries.

As a Cyber Threat Hunt Senior Analyst, you will be responsible for executing the team's structured hunt methodology. You will utilize your expertise in threat hunting methodologies, security tools, and data analysis techniques to uncover potential hidden threats and improve our overall security posture.

The position is offered as a hybrid work role, which requires the analyst to be present in the office 3 days per week as a requirement.

Responsibilities:

• Lead and conduct proactive, hypothesis-based threat hunting activities using various techniques and tools to identify malicious activity, potential security breaches, security gaps, and opportunities for improved detection strategies.
• Design, develop, and implement advanced threat hunting strategies based on industry best practices, threat intelligence, and organizational risk assessments.
• Analyze network traffic, system logs, and other data sources to detect anomalies, patterns, and indicators of compromise (IOCs).
• Collaborate with other security teams, such as the Security Operations Center (SOC), Incident Response, Red Team, and engineering teams to enhance security defenses and validate hunt findings.
• Architect, develop, and maintain comprehensive threat hunting playbooks, procedures, and documentation.
• Create and maintain detailed documentation for all hunt activities, including monthly hunt worksheets and formal hunt reports as part of the team's deliverables.
• Present findings to both technical and non-technical audiences, to include senior leaders and executive management.
• Serve as a subject matter expert (SME), providing advanced technical expertise and mentorship to other security team members.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Minimum of 5+ years of experience in cyber security, with a focus on threat hunting, incident response, or security analysis.
• Expert understanding of networking protocols, operating systems, and security technologies.
• Proficiency in analyzing data from security tools such as SIEM, EDR tools, and log analysis platforms (e.g., Splunk).
• Experience analyzing logs from various sources including firewalls, WAFs, proxies, and cloud environments.
• Experience with threat intelligence platforms and threat hunting frameworks.
• Knowledge of common attack techniques, malware families, and threat actor tactics, techniques, and procedures (TTPs).
• Ability to develop and implement threat hunting strategies based on industry best practices and threat intelligence.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.

Preferred Qualifications:

• Security certifications such as GIAC Certified Reverse Engineering Malware (GREM), Certified Information Systems Security Professional (CISSP), or GIAC Certified Threat Hunter (GCTH).
• Proven experience with scripting languages such as Python or PowerShell for automating security tasks and data analysis.
• In-depth knowledge of cloud security concepts and technologies.
• Experience with reverse engineering malware.
• Applied knowledge of data science and machine learning techniques for security analysis.