Cyber Threat Senior Analyst

Overview

Citi, the leading global bank, hires a Cyber Threat Hunt Senior Analyst, VP in Irving, TX. The position is part of the Cyber Intelligence Center (CIC) under the Chief Information Security Officer (CISO) organization. The analyst will conduct proactive, hypothesis‑based threat hunts, use SIEM, EDR, and other security tools, analyze network traffic, logs, and produce findings for technical and executive audiences.

• Lead and conduct proactive, hypothesis‑based threat hunting activities using various techniques and tools to identify malicious activity, potential security breaches, security gaps, and opportunities for improved detection strategies.
• Design, develop, and implement advanced threat hunting strategies based on industry best practices, threat intelligence, and organizational risk assessments.
• Analyze network traffic, system logs, and other data sources to detect anomalies, patterns, and indicators of compromise (IOCs).
• Collaborate with SOC, Incident Response, Red Team, engineering teams to enhance security defenses and validate hunt findings.
• Architect, develop, and maintain comprehensive threat hunting playbooks, procedures, and documentation.
• Create and maintain detailed documentation for all hunt activities, including monthly worksheets and formal reports.
• Present findings to both technical and non‑technical audiences, including senior leaders and executive management.
• Serve as a subject‑matter expert (SME), mentoring other security team members.

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Minimum 5+ years of experience in cyber security, focusing on threat hunting, incident response, or security analysis.
• Expert understanding of networking protocols, operating systems, and security technologies.
• Proficiency in analyzing data from security tools such as SIEM, EDR, and log analysis platforms (e.g., Splunk).
• Experience analyzing logs from firewalls, WAFs, proxies, and cloud environments.
• Experience with threat intelligence platforms and threat hunting frameworks.
• Knowledge of common attack techniques, malware families, and threat actor tactics, techniques, and procedures (TTPs).
• Strong analytical and problem‑solving skills.
• Excellent written and verbal communication skills.

• Security certifications such as GIAC Certified Reverse Engineering Malware (GREM), CISSP, or GIAC Certified Threat Hunter (GCTH).
• Proven experience with scripting languages such as Python or Power Shell for automating security tasks and data analysis.
• In‑depth knowledge of cloud security concepts and technologies.
• Experience with reverse engineering malware.
• Applied knowledge of data science and machine learning techniques for security analysis.

Full‑time, hybrid work model. Analyst will be present in the Irving, TX office 3 days per week.

Primary location:
Irving, TX, United States.

Base salary range: $ – $ per year, plus discretionary and formulaic incentive and retention awards where applicable. Benefits include medical, dental, vision, 401(k), life, accident, disability insurance, and wellness programs. Paid time off includes vacation, sick leave, and holidays. For more details, visit

Citi is an equal‑opportunity employer. Qualified candidates will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by law. If you have a disability and require accommodations, contact us. View Citi’s EEO Policy Statement and the Know Your Rights poster.