IT.Senior Security Analyst

About Citco

Citco is a global leader in fund services, corporate governance and related asset services with staff across 80 offices worldwide. With more than $1 trillion in assets under administration, we deliver end-to-end solutions and exceptional service to meet our clients’ needs.

For more information about Citco, please visit

About the Team & Business Line:

Proprietary software solutions and innovation are at the core of what differentiates Citco in the alternative investment space. Through our network of global development centres, Citco invests heavily in technology development, security, and infrastructure to ensure our clients continue to receive award-winning products that underpin our commitment to service excellence.

As a core member of our Security team you will work with dedicated professionals to ensure our clients maintain access to their critical information assets while keeping Citco ahead of industry trends.

Position Description:

This position calls for a Senior SOC Analyst with proven expertise in cybersecurity monitoring, threat detection, and incident response across complex enterprise environments. As a key member of Citco’s Computer Security Incident Response Team (CSIRT), the Senior SOC Analyst is responsible for leading the analysis of security events, proactively identifying and mitigating threats, and mentoring junior analysts within a 24x7x365 SOC environment.

The Senior SOC Analyst is expected to be highly proficient with modern security technologies and have deep knowledge of adversary tactics, techniques, and procedures (TTPs). This role requires experience working across hybrid-cloud environments, supporting incident handling lifecycle from detection through containment, eradication, and recovery.

Organizational Relations:

This position is part of the IT Security group, which oversees global cybersecurity at Citco and supports incident handling and detection initiatives across business units and platforms

About You:

• 3–5+ years of experience in a 24x7 SOC, CSIRT, or cyber incident response role in a global enterprise.
• Deep knowledge of SIEM, EDR and SOAR platforms and security automation tools.
• Familiarity with threat intelligence standards (e.g., STIX/TAXII) and frameworks like MITRE ATT&CK.
• Strong hands-on experience with forensic tools and utilities (e.g., Sysinternals, Wireshark).
• Proficient in scripting and automation (e.g., PowerShell, Python).
• Excellent verbal and written communication skills, especially for documentation, briefings, and reporting.
• Critical thinking and problem-solving skills with a high attention to detail.
• Comfortable working independently or collaboratively under pressure.
• Preferred certifications: GCIH, GCIA, CEH, CySA+, or equivalent.
• Willingness to work flexible hours including weekends, holidays, and on-call as needed.

Our Benefits

Your well being is of paramount importance to us, and central to our success. We provide a range of benefits, training and education support, and flexible working arrangements to help you achieve success in your career while balancing personal needs. Ask us about specific benefits in your location.

We recognize diversity as a source of organizational pride and strength. We have made it a priority to reflect our nation’s evolving diversity in the people we hire, and the culture we create in our organization.

Citco welcomes and encourages applications from people with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the selection.

Responsibilities

• Serve as an escalation point for complex or high-risk security incidents.
• Lead end-to-end investigations involving malware, APTs, lateral movement, and insider threats.
• Conduct proactive threat hunting across on-prem and cloud environments using SIEM, EDR, and threat intelligence tools.
• Analyze logs, security telemetry, and packet captures across Windows, Linux, and network infrastructure.
• Enhance detection content and use cases by tuning SIEM and EDR rules aligned to frameworks such as MITRE ATT&CK.
• Develop, test, and maintain SOAR playbooks to improve investigation efficiency and automate response actions.
• Contribute to post-incident reviews and root cause analyses, proposing hardening and lessons learned initiatives.
• Conduct periodic evaluations of alert fidelity, detection coverage, and SOC operational metrics.
• Collaborate with IT, Engineering, and DevSecOps teams to validate threat findings, coordinate remediation, and improve preventative defenses.
• Lead knowledge transfer sessions and create training material for Junior SOC analysts.
• Assist the SOC Manager in evaluating security tools and recommending operational improvements.
• Maintain accurate and detailed documentation in the SOC’s case management system.
• Stay current on emerging threats, adversary TTPs, and detection techniques.