Monitor and triage security alerts 24 x 7 from SIEM, EDR, IDS/ IPS, email, and web security platforms. Validate alerts using log analysis, metadata review, event correlation, and network telemetry to determine credibility, cause, and potential impact. Conduct initial investigations to establish incident scope, urgency, and impact. Collect, preserve, and document logs, artifacts, and indicators of compromise (IO - Cs) in a manner that maintains forensic integrity for downstream incident response and investigative activities. Produce complete, escalation-ready incident packages including timelines, affected assets, observed behaviors, and recommended next steps. Escalate incidents to L 2 and Incident Response teams in accordance with defined notification and response procedures. Coordinate initial containment recommendations with L 2 and Incident Response teams, including identification of affected systems, suspected attack vectors, and immediate mitigation options. Track cases from detection through escalation and closure milestones. Author, maintain, and continuously improve SOC playbooks and runbooks by translating recurring investigative outcomes, after-action reviews, and lessons learned into updated triage steps, escalation criteria, and decision logic. Identify automation opportunities for repetitive triage, enrichment, and documentation tasks. Use approved AI/ LLM tools to assist with alert summarization, IOC extraction, and case narrative drafting while critically validating all outputs for accuracy, bias, and trustworthiness prior to operational use. Perform ongoing threat pattern and trend analysis by correlating indicators and behaviors across incidents. Feed analytical findings back into detection tuning, playbooks, and response workflows to surface adversary techniques proactively. Identify potential malware-related and intrusion activity through alert, log, telemetry, and artifact review. Support containment coordination by documenting affected hosts, execution evidence, and recommended immediate response actions for L 2/ Incident Response review. Apply cybersecurity policies, privacy obligations, and data-classification requirements across all alert handling, evidence management, and case reporting. Support SOC governance activities including documentation standards and risk-aware escalation practices. Contribute to peer investigations, shift handoff summaries, and knowledge-sharing artifacts to sustain investigative continuity, response readiness, and team operational effectiveness. Education. Bachelor’s degree/ University degree or equivalent experience. This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.---------------------------------------- --------------Job Family Group: Technology----------------------------- -------------------------Job Family:Information Security------------------------------ ------------------------Time Type:Full time--------------------------------- ---------------------Primary Location:Irving Texas United States------------------------------ ------------------------Primary Location Full Time Salary Range:$96,400.00 - $144,600.00 In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.----------------------------------- -------------------Most Relevant Skills Please see the requirements listed above.---------------------------------- --------------------Other Relevant Skills For complementary skills, please see above and/or contact the recruiter.--------------------------------- ---------------------Anticipated Posting Close Date:-------------------------------- ----------------------