Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
CSIS Cyber Programs Manager DevOps
Company Citi
Location Irving TX or Tampa FL
Preferred GIAC Certifications GIAC
Travel 10%
Salary Not provided
URL https://citi.wd5.myworkdayjobs.com/2/job/Irving-Texas-United-States/CSIS-Cyber-Program-DevOps-Engineer_20235381-1
Contact Name Apply via Webpage
Contact Email mshrewsbury/at/sans.org
Expires 2021-06-10

Job Description

Opportunity

Citi's Global Cyber Investigations Team seeks a highly skilled DevSecOps engineer to support critical efforts aimed at protecting Citi infrastructure, assets, clients and stakeholders. This is a demanding role with global exposure and responsibility. You will serve both as a technical subject matter expert and as an ambassador for the global investigations team. You will be assigned to Citi's Cyber Security Fusion Center and will support a talented cadre of security specialists and incident responders in their efforts to react aggressively to urgent security events. Your actions will impact security decisions across the organization, and play an important part in maturing the fusion center's team-of-teams operation.

Responsibilities

As a DevSecOps Engineer in the Cyber Security Fusion Center your primary responsibility is to develop and maintain infrastructure and applications that directly support cyber investigators as they respond to critical security events. Related activities include but are not limited to:

Architect, design, develop, deploy, maintain and support infrastructure and applications to support cyber investigations in both on-premise and cloud environments

Collaborate with fusion center partners to strengthen feedback loops around common data schemas, frameworks and taxonomies

Establish and maintain versioned code repositories

Automate high value, high cost work streams to improve efficiency and reduce cycle times

Support investigator actions aimed at disrupting, containing, eradicating, and remediating cyber threats

Qualifications

You should be all of the following:

A skilled and creative engineer. Success will depend on your ability to:

Stay current with the evolving landscape of relevant applications, tools and devops best practices

Write clean, efficient, well documented code

Maintain a versioned code repository

Pursue and champion API's, automation, scalability and high-availability

A goal oriented individual contributor. Success will depend on your ability to:

Stay motivated and work independently with minimal oversight

Adapt to changing requirements in a fast paced environment

Multitask and meet deadlines despite competing priorities

Navigate operational impediments in order to complete time sensitive tasks

Identify and document any opportunities for process improvement

A reliable team player. Success will depend on your ability to:

Practice mutual respect at all times

Establish trust and build strong partnerships

Resolve conflict in a constructive manner and use as an opportunity to develop team unity

Prioritize collective success ahead of individual ambition

A great communicator. Success will depend on your ability to :

Establish clear narratives to describe any observations and recommendations

Clearly and concisely articulate goals and expectations to your direct reports and other teammates

Motivate colleagues and partners to cooperate and support as needed

Exert influence both verbally and in writing

Minimum Requirements

Education and Experience

Bachelor’s degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, etc.

Minimum 5 years of professional experience as an application developer, system architect and/or devSecOps engineer, or demonstrated equivalent capability.

Knowledge and Skills

Strong understanding of SDLC best practices and agile methods

Strong understanding of how computer applications, systems, and networks are managed and secured.

Proficient in an object-oriented programming language (e.g. Python, C#, Java)

Proficient in a scripting language (e.g. Bash, PowerShell)

Proficient in any query language (e.g. SQL)

Working knowledge of assembly or low level languages (e.g. C)

Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.)

Working knowledge of REST API development and maintenance, including use of documentation engines such as Swagger

Working knowledge of virtualization products (e.g. VMware Workstation)

Working knowledge of versioned code repositories (e.g. Git, BitBucket)

Working knowledge of agile knowledge management tools (e.g. Jira, Confluence)

Basic knowledge of common security threats and vulnerabilities, attack vectors, and adversary tactics, techniques and procedures (TTP's)

Other

Must have flexibility to work outside of normal business hours when necessary

Preferred Requirements

Education and Experience

Graduate degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, etc.

Minimum 8 years of professional experience as an application developer, system architect and/or devops engineer

Prior experience with information technology and/or information security in the financial services industry

Prior experience with application deployment and support in cloud environments (e.g. AWS, GCP, Azure), including use of specific tools such as CloudFormation and TerraForm.

Prior experience with containerization methods and tools (e.g. Docker, Kubernetes)

Prior experience with DevSecOps, including CI/CD methods and tools (e.g. Jenkins, Travis, AWS CodeBuild)

Prior experience with a DFIR toolset (e.g. EnCase, FTK, Sleuth Kit) and related scripting (e.g. EnScripts, EnConditions)

Prior experience with some of the following tools: Splunk, Volatility, YARA, FastAPI, CrowdStrike Falcon, SIFT Workstation, Security Onion, Wireshark, Plaso, Nuix, IBM I2, Metasploit, ServiceNow.

Prior experience with database design and administration

Knowledge and Skills

Any professional certifications issued by GIAC, AWS, etc.

Working knowledge of security and/or incident response in cloud environments

Working knowledge of common security models (Defense-in-Depth), standards (NIST 800-53, CIS 20 Controls) and frameworks (MITRE Attack, Cyber Kill Chain, STIX)

Working knowledge of reverse engineering, vulnerability discovery/analysis, and/or exploit development

Working knowledge of OSI model

Working knowledge of network components such as switches, routers, firewalls in both Windows/Linux environments

Basic knowledge of cyber forensic procedures to collect, handle, examine, and analyze evidentiary artifacts while preserving integrity and maintaining a strict chain of custody

Basic knowledge of digital forensic analysis

-------------------------------------------------

Job Family Group:

Corporate Services
-------------------------------------------------

Job Family:

Investigations
------------------------------------------------------

Time Type:

Full time
------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting