|Location||Irving TX or Tampa FL|
|Preferred GIAC Certifications||GIAC|
|Contact Name||Apply via Webpage|
Citi's Global Cyber Investigations Team seeks a highly skilled DevSecOps engineer to support critical efforts aimed at protecting Citi infrastructure, assets, clients and stakeholders. This is a demanding role with global exposure and responsibility. You will serve both as a technical subject matter expert and as an ambassador for the global investigations team. You will be assigned to Citi's Cyber Security Fusion Center and will support a talented cadre of security specialists and incident responders in their efforts to react aggressively to urgent security events. Your actions will impact security decisions across the organization, and play an important part in maturing the fusion center's team-of-teams operation.
As a DevSecOps Engineer in the Cyber Security Fusion Center your primary responsibility is to develop and maintain infrastructure and applications that directly support cyber investigators as they respond to critical security events. Related activities include but are not limited to:
Architect, design, develop, deploy, maintain and support infrastructure and applications to support cyber investigations in both on-premise and cloud environments
Collaborate with fusion center partners to strengthen feedback loops around common data schemas, frameworks and taxonomies
Establish and maintain versioned code repositories
Automate high value, high cost work streams to improve efficiency and reduce cycle times
Support investigator actions aimed at disrupting, containing, eradicating, and remediating cyber threats
You should be all of the following:
A skilled and creative engineer. Success will depend on your ability to:
Stay current with the evolving landscape of relevant applications, tools and devops best practices
Write clean, efficient, well documented code
Maintain a versioned code repository
Pursue and champion API's, automation, scalability and high-availability
A goal oriented individual contributor. Success will depend on your ability to:
Stay motivated and work independently with minimal oversight
Adapt to changing requirements in a fast paced environment
Multitask and meet deadlines despite competing priorities
Navigate operational impediments in order to complete time sensitive tasks
Identify and document any opportunities for process improvement
A reliable team player. Success will depend on your ability to:
Practice mutual respect at all times
Establish trust and build strong partnerships
Resolve conflict in a constructive manner and use as an opportunity to develop team unity
Prioritize collective success ahead of individual ambition
A great communicator. Success will depend on your ability to :
Establish clear narratives to describe any observations and recommendations
Clearly and concisely articulate goals and expectations to your direct reports and other teammates
Motivate colleagues and partners to cooperate and support as needed
Exert influence both verbally and in writing
Education and Experience
Bachelor’s degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, etc.
Minimum 5 years of professional experience as an application developer, system architect and/or devSecOps engineer, or demonstrated equivalent capability.
Knowledge and Skills
Strong understanding of SDLC best practices and agile methods
Strong understanding of how computer applications, systems, and networks are managed and secured.
Proficient in an object-oriented programming language (e.g. Python, C#, Java)
Proficient in a scripting language (e.g. Bash, PowerShell)
Proficient in any query language (e.g. SQL)
Working knowledge of assembly or low level languages (e.g. C)
Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.)
Working knowledge of REST API development and maintenance, including use of documentation engines such as Swagger
Working knowledge of virtualization products (e.g. VMware Workstation)
Working knowledge of versioned code repositories (e.g. Git, BitBucket)
Working knowledge of agile knowledge management tools (e.g. Jira, Confluence)
Basic knowledge of common security threats and vulnerabilities, attack vectors, and adversary tactics, techniques and procedures (TTP's)
Must have flexibility to work outside of normal business hours when necessary
Education and Experience
Graduate degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, etc.
Minimum 8 years of professional experience as an application developer, system architect and/or devops engineer
Prior experience with information technology and/or information security in the financial services industry
Prior experience with application deployment and support in cloud environments (e.g. AWS, GCP, Azure), including use of specific tools such as CloudFormation and TerraForm.
Prior experience with containerization methods and tools (e.g. Docker, Kubernetes)
Prior experience with DevSecOps, including CI/CD methods and tools (e.g. Jenkins, Travis, AWS CodeBuild)
Prior experience with a DFIR toolset (e.g. EnCase, FTK, Sleuth Kit) and related scripting (e.g. EnScripts, EnConditions)
Prior experience with some of the following tools: Splunk, Volatility, YARA, FastAPI, CrowdStrike Falcon, SIFT Workstation, Security Onion, Wireshark, Plaso, Nuix, IBM I2, Metasploit, ServiceNow.
Prior experience with database design and administration
Knowledge and Skills
Any professional certifications issued by GIAC, AWS, etc.
Working knowledge of security and/or incident response in cloud environments
Working knowledge of common security models (Defense-in-Depth), standards (NIST 800-53, CIS 20 Controls) and frameworks (MITRE Attack, Cyber Kill Chain, STIX)
Working knowledge of reverse engineering, vulnerability discovery/analysis, and/or exploit development
Working knowledge of OSI model
Working knowledge of network components such as switches, routers, firewalls in both Windows/Linux environments
Basic knowledge of cyber forensic procedures to collect, handle, examine, and analyze evidentiary artifacts while preserving integrity and maintaining a strict chain of custody
Basic knowledge of digital forensic analysis
Job Family Group:
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View the "EEO is the Law" poster. View the EEO is the Law Supplement.
View the EEO Policy Statement.
View the Pay Transparency Posting