Job description

About Citi: Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients' best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services. Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We'll enable growth and progress together. Citi'sSecurity Operations Center (SOC) Cloud Incident ResponseTeam seeks a highly skilled and experienced M365Incident Response practitionerto support critical efforts aimed at protecting Citi public cloud infrastructure, assets, clients and stakeholders. This is a demanding role with global exposure and responsibility. You will serve both as a technical subject matter expert and as an ambassador for the Cloud Incident Response team. You will be assigned to Citi's SOC and will collaborate closely with a talented cadre of cloud security specialists and incident responders to react urgently tosecurity events. Your observations and recommendations will impact security decisions across the organization, and play an important part in maturing Citi's security posture. This position will be technically challenging and rewarding, but will also provide ample opportunity to establish partnerships, mentor colleagues and shape team culture.One guarantee is that no two days will be the same Responsibilities Act as a subject matter expert on incident response for Entra ID and M365 set of services Collaborate across teams to develop capabilities that support incident response and forensic analysis of M365 incidents Designing, implementing, and participating in the incident response processes specific to Entra ID and M365 deployments Develop, document and maintain operationally effective playbooks to deal with cloud based incidents Collaborate with global multidisciplinary groups for triaging and defining the scope oflarge scaleincidents Document andpresent investigative findings for high profile events and other incidents of interest Participate in readiness exercises such as purple team, table tops, etc. Trainjunior colleagues on relevant best practices Mitigate risk by analyzing the root cause of issues, impacts to business, and required corrective actions and develop security solutions Provide Information Security advice and counsel as needed Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency Qualifications: Consistently demonstrates clear and concise written and verbal communication Proven influencing and relationship management skills Strong understanding of security incident response processes, excellent technical documentation skills and proven analytical skills Knowledge of the tools and processes to provide operational security support to the Microsoft 365 (M365) ecosystem Advanced proficiency with Microsoft 365 services and their security configurations Hands-on experience with M365 including configuration, analysis and pivoting through large data sets and security best practices Experience with Identity and Access Management and M365 services - OneDrive, Teams, SharePoint, Exchange Online, etc. Proficient with Azure/M365 tenant capabilities and roles that support incident response/forensic analysis Experience with various log aggregation/data analytics tools, such as Splunk, Elasticsearch, etc. Industry-accredited certifications will be required. Candidates with M365 security certifications (ex: M365 Information Protection Administrator Associate, M365 Security Operations Analyst/Associate, M365 Certified Security Administrator Associate, etc.) and other cloud security certifications (for example: AWS, GCP, Azure, etc.) will be preferred. Candidates without certification must be willing to pursue them during the course of employment Education: Bachelor's degree/University degree or equivalent experience with 5+ years of relevant M365/Azure experience. Master's degree preferred. This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required. ------------------------------------------------------ Job Family Group: Technology ------------------------------------------------------ Job Family: Information Security ------------------------------------------------------ Time Type: Full time ------------------------------------------------------ Primary Location: Irving Texas United States ------------------------------------------------------ Primary Location Full Time Salary Range: $125,760.00 - $188,640.00 In addition to salary, Citi's offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire ------------------------------------------------------ Most Relevant Skills Please see the requirements listed above. ------------------------------------------------------ Other Relevant Skills For complementary skills, please see above and/or contact the recruiter. ------------------------------------------------------ Anticipated Posting Close Date: Dec 31, 2025 ------------------------------------------------------ Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi. View Citi's EEO Policy Statement and the Know Your Rights poster.

Requirements