SOC Incident Response Manager - Senior Vice President jobs in United States
cer-icon
Apply on Employer Site
company-logo

Citi · 4 days ago

SOC Incident Response Manager - Senior Vice President

positionIrving, TX
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
money$156K/yr - $234K/yr
date10+ years exp

Citi, the leading global bank, is seeking a SOC Incident Response Manager - Senior Vice President. This role involves leading a global team of incident responders, overseeing incident response functions, and driving strategic initiatives to enhance cybersecurity capabilities.

BankingFinanceFinancial Services
check
H1B Sponsor Likelynote

Responsibilities

Lead, mentor, and manage a global team of 6-10 Security Operations Center Incident Responders, fostering a culture of excellence and continuous improvement
Oversee and direct incident response functions, ensuring adherence to established playbooks and best practices across diverse computing environments
Drive strategic initiatives to enhance incident detection, containment, and eradication capabilities
Lead and support in-depth triage and investigations of urgent cyber incidents
Manage team performance, conduct regular reviews, and facilitate career development for direct reports
Ensure the team effectively performs host-based analytical functions (e.g., digital forensics, metadata, malware analysis, etc.) through investigating Windows, Unix-based, appliances, and Mac OS X systems to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs)
Oversee the creation and tracking of metrics based on the MITRE ATT&CK Framework and other standard security-focused models, using these to drive continuous improvement
Lead collaboration with application and infrastructure stakeholders to identify key components and information sources such as various environments (on-premises versus other distributed systems), servers, workstations, middleware, applications, databases, logs, etc
Direct incident response efforts using forensic and other custom tools to identify sources of compromise and/or malicious activities
Collaborate with global multidisciplinary groups for triaging and defining the scope of large-scale incidents
Direct the documentation and presentation of investigative findings for high-profile events and other incidents of interest to senior leadership
Lead and participate in readiness exercises such as purple team, table tops, etc
Develop and implement training programs for junior and mid-level colleagues on relevant best practices and advanced incident response techniques
Act as a key escalation point for critical incidents and provide expert guidance to the team

Qualification

CybersecurityIncident ResponseDigital ForensicsLeadershipCloud InfrastructureContainerizationAdvanced CertificationsScriptingNetworking ProtocolsStakeholder ManagementCommunicationProblem-SolvingAdaptabilityDecision-Making

Required

Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc
10+ years of professional experience in cybersecurity and/or information security, or demonstrated equivalent capability
5+ years hands-on working in cyber incident response and investigations, with at least 3 years in a leadership or management capacity, overseeing medium to large global teams, with exposure to various computing environments including cloud and traditional infrastructure
Proven experience in leading, mentoring, and developing technical teams
Demonstrated expertise or oversight in Dev/Sec/Ops practices within various computing environments
Deep understanding and experience with common services and platforms from a security and incident response perspective
Proven experience leading or directing forensic investigations or large-scale incident response efforts across diverse environments
Strong understanding and strategic leadership in containerization methods and tools (e.g., Docker, Kubernetes), including incident response and digital forensics considerations
Advanced certifications (e.g., GIAC, CISSP) in security or equivalent expertise
Demonstrated ability to lead teams in analyzing and pivoting through large data sets during incident investigations
Extensive experience in leading digital forensics (e.g., computer, network, mobile device forensics, and forensic data analysis) activities, including: Memory collection and analysis from various platforms, Evidence preservation, following industry best practices, Familiarity with malware analysis and Reverse Engineering of samples (e.g., static, dynamic, de-obfuscation, unpacking), In-depth file system knowledge and analysis, In-depth experience with timeline analysis, In-depth experience with Registry, event, and other log file and artifact analysis, Hands-on experience with a DFIR toolset and related scripting, Current expertise with an EDR system
Multiple advanced GIAC (e.g., GCFE, GCFA, GREM, GCIH, GASF, GNFA, etc.) or other digital forensic and/or incident response certifications
Experience in Windows Operating Systems / UNIX / Mac OS X, specifically in system administration, command line use, and file system knowledge
Proficient in basic scripting and automation of tasks (e.g., C/C++, PowerShell, JavaScript, Python, bash, etc.)
Leadership & Mentorship: Ability to inspire, motivate, and develop a high-performing global team
Strategic Thinking: Capacity to define and execute incident response strategy aligned with business objectives
Communication: Excellent verbal and written communication skills for presenting complex technical information to both technical and non-technical audiences, including senior management
Stakeholder Management: Proven ability to build and maintain strong relationships with internal and external stakeholders
Decision-Making: Sound judgment and decision-making skills under pressure during critical security incidents
Problem-Solving: Advanced analytical and problem-solving skills to guide the team through complex technical challenges
Adaptability: Ability to adapt to rapidly changing threat landscapes and evolving technologies
Working knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols
Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.)
Working knowledge of virtualization products (e.g., VMware Workstation)
Must have flexibility to work outside of normal business hours when necessary to lead incident response efforts

Benefits

Medical, dental & vision coverage
401(k)
Life, accident, and disability insurance
Wellness programs
Paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays

Company

Citi

twittertwittertwitter
Glassdoor3.8
company-logo
Citi's mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress.
dateFounded in 1812
location
San Antonio, Texas, USA
people-size10001+ employees
web-link
https://www.citi.com

H1B Sponsorship

Citi has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (1386)
2024 (849)
2023 (1375)
2022 (1117)
2021 (876)
2020 (901)

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
James Monahan
Managing Director / Global Head of Asset Servicing
linkedin
leader-logo
Naveed Sultan
Managing Director, Chairman, Institutional Clients Group
linkedin

Recent News

Zawya.com
Saudi STC plans USD sukuk issuance under $5bln international programme
2026-01-06
Financial Sector Technology
Citi Bank to sell remaining business in Russia
2026-01-03
The Real Deal
These were Cook County’s largest CRE loans of 2025
2026-01-03
Company data provided by crunchbase