Citi Logo

Citi

Intelligence Lead Analyst - OSINT Threat Hunting

Posted 15 Days Ago
Be an Early Applicant
In-Office
Ballantyne East, Charlotte, NC, USA
117K-176K Annually
Senior level
In-Office
Ballantyne East, Charlotte, NC, USA
117K-176K Annually
Senior level
Lead the design and maturation of proactive threat hunting and cyber OSINT capabilities. Conduct hypothesis-driven hunts, analyze attacks and logs, operationalize threat intelligence into detections and hunt packages, produce intelligence products for stakeholders, and liaise with law enforcement and industry partners to protect Citi and its clients.
The summary above was generated by AI

Go beyond traditional analysis and become a proactive threat hunter at the heart of Citi's global security operations. The CSIS Advanced Analytics and Cyber OSINT program seeks a senior Intelligence Lead Analyst to design, lead, and mature our threat hunting capabilities. In this pivotal role, you will transform open-source information into actionable intelligence, safeguarding the assets, integrity, and reputation of Citi and its clients against emerging threats.

CSIS Intelligence Advanced Analytics and Cyber OSINT — Program Description

Citi Security and Investigative Services (CSIS) is a full-service security and investigative team that protects the assets, integrity, and reputation of Citi and its clients as the industry-leading provider of security, investigations, and intelligence. The CSIS Advanced Analytics and Cyber OSINT program delivers timely, actionable intelligence to Citi stakeholders through collection and analysis using both open-source and internal data sources, supporting complex financial crime investigations, cyber-enabled fraud matters, and high-risk security events. The program drives efficiencies through the creation, integration, and deployment of custom analytical tools and intelligence capabilities into the hands of analysts and investigators across the enterprise.

Job Description:

The Intelligence Lead Analyst (Open Source Intelligence - Threat Hunting) is a senior-level intelligence analyst position responsible for designing, leading, and maturing Citi's proactive threat hunting and cyber Open Source Intelligence (OSINT) capabilities. The role goes beyond reactive analysis: the incumbent will drive hypothesis-driven hunt operations across Citi's global enterprise environment, operationalize cyber threat intelligence into detection engineering, and serve as a subject matter expert on adversary tradecraft, tactics, techniques, and procedures (TTPs), and emerging threat actor campaigns targeting the financial sector. The role requires deep expertise in the cyber threat intelligence lifecycle, adversary emulation, and the ability to translate complex intelligence into actionable outcomes for Investigations, Security, and other stakeholders.

Responsibilities:

  • Analyze regional threat data and determine a correlation if any, to existing intelligence requirements

  • Monitor and research cyber threats with a direct or indirect impact to the Citi brand

  • Research and identify malicious activity by performing post-mortem analysis on logs, traffic flows, and other activities

  • Conduct intrusion analyses to ascertain the impact of an attack, and develop mitigation techniques for future attacks

  • Evaluate networks and programs to assess potential weaknesses and points of entry

  • Analyze and present to senior leadership discovered patterns to forecast future cyber-attacks and their potential impact

  • Liaise with intelligence communities, law enforcement, industry partners, peer financial institutions, and information sharing communities

  • Triage, process, analyze, and disseminate intelligence alerts, reports, and briefings

  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.

Qualifications:

  • 6-10 years of relevant experience

  • Should have a working knowledge in one or more of the following areas: Advanced Persistent Threat, Third Party Risks/Threats, Cybercrime, Extremist Groups and Cyber Terrorists, Hacktivism, Distributed Denial of Service attacks, Fraud, Malware, Mobile Threats

  • Proven track record of operationalizing cyber threat intelligence — translating raw intelligence into detections, hunt packages, and risk-relevant reporting.

  • Consistently demonstrates clear and concise written and verbal communication

  • Proven influencing and relationship management skills

  • Proven analytical skills

Education:

  • Bachelor’s degree/University degree or equivalent experience

  • Master’s degree preferred (Advanced degree preferred, ideally in Computer Science, Cybersecurity, Information Security, or a related STEM discipline)

  • Additional valued certifications include: CREST CCTIM, Recorded Future Certified Analyst, CISSP, CEH, or OSCP.

Required Skills:

  • Proficiency in the MITRE ATT&CK framework — mapping adversary TTPs, building hunt hypotheses, and driving detection coverage analysis.

  • Hands-on experience with Threat Intelligence Platforms including Recorded Future, Mandiant Advantage, ThreatConnect, MISP, or OpenCTI.

  • Experience with scripting and automation languages including Python, PowerShell, and Bash for intelligence collection, enrichment pipelines, and hunt tooling development.

  • Advanced OSINT tradecraft including dark web monitoring, social media intelligence, infrastructure pivoting, and digital footprint analysis.

  • Experience with link analysis platforms such as Palantir, Maltego, and i2 Analyst's Notebook, including building custom extractors, web scrapers, and automation workflows to support investigative and analytical tasks.

  • Solid understanding of network forensics, log analysis, and reverse engineering in support of hunt operations.

  • Working knowledge of malware analysis (static and dynamic) and adversary infrastructure analysis.

  • Exceptional written and verbal communication skills with the ability to produce intelligence products for both technical and executive audiences, consistently demonstrating clarity, conciseness, and attention to detail.

  • Proven influencing, relationship management, and analytical skills with a track record of driving outcomes across cross-functional teams.

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

------------------------------------------------------

Job Family Group: Technology

------------------------------------------------------

Job Family:Information Security

------------------------------------------------------

Time Type:Full time

------------------------------------------------------

Primary Location:NC-CHARLOTTE (BALLANTYNE)

------------------------------------------------------

Primary Location Full Time Salary Range:$117,440.00 - $176,160.00


In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Most Relevant Skills Please see the requirements listed above.

------------------------------------------------------

Other Relevant Skills For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Anticipated Posting Close Date:Jul 03, 2026

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

 

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View Citi’s EEO Policy Statement and the Know Your Rights poster.

Similar Jobs

An Hour Ago
In-Office or Remote
Charlotte, NC, USA
140K-185K Annually
Senior level
140K-185K Annually
Senior level
Blockchain • Fintech • Payments • Financial Services • Cryptocurrency • Web3
Lead end-to-end KYC lifecycle for complex corporate customers: onboarding, periodic and event-driven reviews, enhanced due diligence, monitoring, reporting findings, recommending risk-based actions, driving workflow standardization, and supporting KYC tooling and metrics.
Top Skills: Apple MacosBlockchainDocument RepositoriesGoogle SuiteOnboarding PlatformsScreening SolutionsSlack
2 Hours Ago
Remote or Hybrid
USA
38K-88K Annually
Mid level
38K-88K Annually
Mid level
Machine Learning • Payments • Security • Software • Financial Services
Provide first-line remote and on-site technology support for employees and contractors, troubleshoot hardware/software issues, use help-desk tools, escalate to higher-level teams, and ensure customer-focused resolution following PNC policies.
4 Hours Ago
Remote or Hybrid
United States
117K-158K Annually
Senior level
117K-158K Annually
Senior level
Cloud • Fintech • Software • Business Intelligence • Consulting • Financial Services
Lead transaction advisory engagements by performing financial analysis and modeling, evaluating deal structures and valuations, managing multiple projects, liaising with clients and cross-functional teams, preparing clear reports and presentations, and reviewing junior team members' work to ensure accuracy and high-quality deliverables.
Top Skills: ExcelFinancial Databases

What you need to know about the Charlotte Tech Scene

Ranked among the hottest tech cities in 2024 by CompTIA, Charlotte is quickly cementing its place as a major U.S. tech hub. Home to more than 90,000 tech workers, the city’s ecosystem is primed for continued growth, fueled by billions in annual funding from heavyweights like Microsoft and RevTech Labs, which has created thousands of fintech jobs and made the city a go-to for tech pros looking for their next big opportunity.

Key Facts About Charlotte Tech

  • Number of Tech Workers: 90,859; 6.5% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: Lowe’s, Bank of America, TIAA, Microsoft, Honeywell
  • Key Industries: Fintech, artificial intelligence, cybersecurity, cloud computing, e-commerce
  • Funding Landscape: $3.1 billion in venture capital funding in 2024 (CED)
  • Notable Investors: Microsoft, Google, Falfurrias Management Partners, RevTech Labs Foundation
  • Research Centers and Universities: University of North Carolina at Charlotte, Northeastern University, North Carolina Research Campus

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account