×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cloud Computing Cybersecurity

Cloud Incident Responder; Vice President

Job in New York, New York County, New York, 10261, USA
Listing for: Citi
Full Time position
Listed on 2026-05-29
Job specializations:
  • IT/Tech
    Cloud Computing, Cybersecurity
Salary/Wage Range or Industry Benchmark: 60000 - 80000 USD Yearly USD 60000.00 80000.00 YEAR
Job Description & How to Apply Below
Position: Cloud Incident Responder (Vice President)
Location: New York

Cloud Incident Responder (Vice President)

Apply (opens in new window)

Job Req :

Location(s):

Singapore, Singapore, Singapore

Job Type:

On-Site/Resident

Posted:

May. 20, 2026

Discover your future at Citi

Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.

Job Overview

At Citi
, we get to connect millions of people across hundreds of cities and countries every day. And we've been doing it for more than 200 years. We do this through our unparalleled global network. We provide a broad range of financial services and products to our clients – whether they be consumers, corporations, governments or institutions – to help them meet their biggest opportunities and face the world's toughest challenges.

Citi's Cloud Incident Response (Cloud IR) team seeks a Cloud Incident Responder (VP) to own and strategically lead security incident response within Citi's dynamic public cloud environments and critical SaaS/PaaS platforms. Every day, $5 trillion crosses through our network across 180+ countries — and your leadership will be central to protecting it.

You will work closely with global stakeholders to ensure robust and effective security incident response, safeguarding the integrity of cloud based services and data across Citi's diverse technology footprint — including cloud-native databases like Snowflake and MongoDB
, and enterprise productivity suites like M365
. Your leadership is critical in establishing a proactive and coordinated approach to responding to sophisticated cloud security incidents and strategically managing security risks in a timely and effective manner.

You will align your objectives with the wider Cyber Security Operations priorities at Citi, driving the evolution of our processes, procedures, and cutting-edge tools to ensure the firm is ready to tackle the most critical security incident response challenges within the evolving cloud ecosystem and beyond.

Responsibilities:

Perform incident response functions including but not limited to:

  • Detailed cloud-focused investigations by analyzing logs from CSPs, Snowflake, Mongo

    DB, and M365 security platforms.
  • Orchestrating the execution of automation to gather forensic artifacts (memory, disk, cloud resource configurations) for in-depth analysis.
  • Implementing and overseeing cloud-native automation for decisive resource containment actions across compromised environments, including data platforms.
  • Conducting advanced host-based and cloud-native analytical functions (digital forensics, metadata analysis) to proactively uncover Indicators of Compromise (IOCs) and Tactics, Techniques and Procedures (TTPs).
  • Ensuring meticulous documentation capturing the Who, What, When, Where, Why and How of each incident, with a focus on actionable insights.
  • Architect, refine, and champion cutting-edge incident response playbooks that proactively address emerging threats across cloud, SaaS, PaaS, and M365 ecosystems, driving operational excellence and swift resolution.
  • Take ownership for and innovate the development of new automation capabilities and supporting playbooks across assigned cloud and enterprise SaaS/PaaS domains, fostering a culture of continuous improvement.
  • Collaborate strategically with application and infrastructure stakeholders to identify key components and information sources — cloud environments, instances, middleware, applications, databases (Snowflake, Mongo

    DB), M365 logs — influencing security architecture decisions.
  • Engage with global multidisciplinary groups for triaging, defining scope, and investigating large-scale security incidents impacting diverse cloud and enterprise systems, acting as a central coordinator and trusted advisor to the CISO business function.
  • Actively participate in threat modeling of new services and capabilities, readiness exercises such as purple team, tabletops, and CTFs — especially those involving cloud data, Snowflake, Mongo

    DB, and M365 security scenarios — sharing expertise and influencing strategy.

Qualifications:

  • 6-10 years of…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search