Citi

M365 Incident Responder, VP

Citi

full-time

Posted on:

Origin:  • 🇺🇸 United States • Florida

Visit company website
AI Apply
Manual Apply

Salary

💰 $125,760 - $188,640 per year

Job Level

Lead

Tech Stack

AWSAzureCloudElasticSearchGoogle Cloud PlatformReactSplunk

About the role

  • Act as a subject matter expert on incident response for Entra ID and M365 set of services
  • Collaborate across teams to develop capabilities that support incident response and forensic analysis of M365 incidents
  • Designing, implementing, and participating in the incident response processes specific to Entra ID and M365 deployments
  • Develop, document and maintain operationally effective playbooks to deal with cloud based incidents
  • Collaborate with global multidisciplinary groups for triaging and defining the scope of large scale incidents
  • Document and present investigative findings for high profile events and other incidents of interest
  • Participate in readiness exercises such as purple team, table tops , etc.
  • Train junior colleagues on relevant best practices
  • Mitigate risk by analyzing the root cause of issues, impacts to business, and required corrective actions and develop security solutions
  • Provide Information Security advice and counsel as needed
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior , conduct and business practices, and escalating, managing and reporting control issues with transparency

Requirements

  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Strong understanding of security incident response processes
  • excellent technical documentation skills and proven analytical skills
  • Knowledge of the tools and processes to provide operational security support to the Microsoft 365 (M365) ecosystem
  • Advanced proficiency with Microsoft 365 services and their security configurations
  • Hands-on experience with M365 including configuration, analysis and pivoting through large data sets and security best practices
  • Experience with Identity and Access Management and M365 services - OneDrive, Teams, SharePoint, Exchange Online, etc.
  • Proficient with Azure/M365 tenant capabilities and roles that support incident response/forensic analysis
  • Experience with various log aggregation/data analytics tools, such as Splunk, Elasticsearch, etc.
  • Industry-accredited certifications will be required; M365 security certifications and other cloud security certifications preferred
  • Candidates without certification must be willing to pursue them during the course of employment
  • Bachelor’s degree/University degree or equivalent experience
  • 5+ years of relevant M365/Azure experience
  • Master's degree preferred