Intelligence Lead Analyst - OSINT Threat Hunting

Posted 5 Days Ago
Be an Early Applicant
2 Locations
In-Office
117K-176K Annually
Senior level
Fintech • Financial Services
The Role
Lead the design and maturation of proactive threat hunting and cyber OSINT capabilities. Conduct hypothesis-driven hunts, analyze attacks and logs, operationalize threat intelligence into detections and hunt packages, produce intelligence products for stakeholders, and liaise with law enforcement and industry partners to protect Citi and its clients.
Summary Generated by Built In

Go beyond traditional analysis and become a proactive threat hunter at the heart of Citi's global security operations. The CSIS Advanced Analytics and Cyber OSINT program seeks a senior Intelligence Lead Analyst to design, lead, and mature our threat hunting capabilities. In this pivotal role, you will transform open-source information into actionable intelligence, safeguarding the assets, integrity, and reputation of Citi and its clients against emerging threats.

CSIS Intelligence Advanced Analytics and Cyber OSINT — Program Description

Citi Security and Investigative Services (CSIS) is a full-service security and investigative team that protects the assets, integrity, and reputation of Citi and its clients as the industry-leading provider of security, investigations, and intelligence. The CSIS Advanced Analytics and Cyber OSINT program delivers timely, actionable intelligence to Citi stakeholders through collection and analysis using both open-source and internal data sources, supporting complex financial crime investigations, cyber-enabled fraud matters, and high-risk security events. The program drives efficiencies through the creation, integration, and deployment of custom analytical tools and intelligence capabilities into the hands of analysts and investigators across the enterprise.

Job Description:

The Intelligence Lead Analyst (Open Source Intelligence - Threat Hunting) is a senior-level intelligence analyst position responsible for designing, leading, and maturing Citi's proactive threat hunting and cyber Open Source Intelligence (OSINT) capabilities. The role goes beyond reactive analysis: the incumbent will drive hypothesis-driven hunt operations across Citi's global enterprise environment, operationalize cyber threat intelligence into detection engineering, and serve as a subject matter expert on adversary tradecraft, tactics, techniques, and procedures (TTPs), and emerging threat actor campaigns targeting the financial sector. The role requires deep expertise in the cyber threat intelligence lifecycle, adversary emulation, and the ability to translate complex intelligence into actionable outcomes for Investigations, Security, and other stakeholders.

Responsibilities:

  • Analyze regional threat data and determine a correlation if any, to existing intelligence requirements

  • Monitor and research cyber threats with a direct or indirect impact to the Citi brand

  • Research and identify malicious activity by performing post-mortem analysis on logs, traffic flows, and other activities

  • Conduct intrusion analyses to ascertain the impact of an attack, and develop mitigation techniques for future attacks

  • Evaluate networks and programs to assess potential weaknesses and points of entry

  • Analyze and present to senior leadership discovered patterns to forecast future cyber-attacks and their potential impact

  • Liaise with intelligence communities, law enforcement, industry partners, peer financial institutions, and information sharing communities

  • Triage, process, analyze, and disseminate intelligence alerts, reports, and briefings

  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.

Qualifications:

  • 6-10 years of relevant experience

  • Should have a working knowledge in one or more of the following areas: Advanced Persistent Threat, Third Party Risks/Threats, Cybercrime, Extremist Groups and Cyber Terrorists, Hacktivism, Distributed Denial of Service attacks, Fraud, Malware, Mobile Threats

  • Proven track record of operationalizing cyber threat intelligence — translating raw intelligence into detections, hunt packages, and risk-relevant reporting.

  • Consistently demonstrates clear and concise written and verbal communication

  • Proven influencing and relationship management skills

  • Proven analytical skills

Education:

  • Bachelor’s degree/University degree or equivalent experience

  • Master’s degree preferred (Advanced degree preferred, ideally in Computer Science, Cybersecurity, Information Security, or a related STEM discipline)

  • Additional valued certifications include: CREST CCTIM, Recorded Future Certified Analyst, CISSP, CEH, or OSCP.

Required Skills:

  • Proficiency in the MITRE ATT&CK framework — mapping adversary TTPs, building hunt hypotheses, and driving detection coverage analysis.

  • Hands-on experience with Threat Intelligence Platforms including Recorded Future, Mandiant Advantage, ThreatConnect, MISP, or OpenCTI.

  • Experience with scripting and automation languages including Python, PowerShell, and Bash for intelligence collection, enrichment pipelines, and hunt tooling development.

  • Advanced OSINT tradecraft including dark web monitoring, social media intelligence, infrastructure pivoting, and digital footprint analysis.

  • Experience with link analysis platforms such as Palantir, Maltego, and i2 Analyst's Notebook, including building custom extractors, web scrapers, and automation workflows to support investigative and analytical tasks.

  • Solid understanding of network forensics, log analysis, and reverse engineering in support of hunt operations.

  • Working knowledge of malware analysis (static and dynamic) and adversary infrastructure analysis.

  • Exceptional written and verbal communication skills with the ability to produce intelligence products for both technical and executive audiences, consistently demonstrating clarity, conciseness, and attention to detail.

  • Proven influencing, relationship management, and analytical skills with a track record of driving outcomes across cross-functional teams.

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

------------------------------------------------------

Job Family Group: Technology

------------------------------------------------------

Job Family:Information Security

------------------------------------------------------

Time Type:Full time

------------------------------------------------------

Primary Location:NC-CHARLOTTE (BALLANTYNE)

------------------------------------------------------

Primary Location Full Time Salary Range:$117,440.00 - $176,160.00


In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Most Relevant Skills Please see the requirements listed above.

------------------------------------------------------

Other Relevant Skills For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Anticipated Posting Close Date:Jul 03, 2026

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

 

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View Citi’s EEO Policy Statement and the Know Your Rights poster.

Skills Required

  • 6-10 years of relevant experience
  • Bachelor's degree or equivalent experience
  • Master's degree (preferred, ideally in Computer Science, Cybersecurity, Information Security, or related STEM)
  • Working knowledge in one or more areas: Advanced Persistent Threat, Third Party Risks/Threats, Cybercrime, Extremist Groups/Cyber Terrorists, Hacktivism, DDoS, Fraud, Malware, Mobile Threats
  • Proven track record of operationalizing cyber threat intelligence into detections, hunt packages, and risk-relevant reporting
  • Proficiency in the MITRE ATT&CK framework (mapping TTPs, building hunt hypotheses, detection coverage analysis)
  • Hands-on experience with Threat Intelligence Platforms (Recorded Future, Mandiant Advantage, ThreatConnect, MISP, or OpenCTI)
  • Experience with scripting and automation (Python, PowerShell, Bash) for collection, enrichment pipelines, and hunt tooling development
  • Advanced OSINT tradecraft including dark web monitoring, social media intelligence, infrastructure pivoting, and digital footprint analysis
  • Experience with link analysis platforms (Palantir, Maltego, i2 Analyst's Notebook) and building custom extractors/web scrapers/automation workflows
  • Solid understanding of network forensics, log analysis, and reverse engineering to support hunt operations
  • Working knowledge of malware analysis (static and dynamic) and adversary infrastructure analysis
  • Consistently strong written and verbal communication; produce intelligence products for technical and executive audiences
  • Proven influencing, relationship management, and analytical skills with cross-functional outcomes
  • Additional valued certifications: CREST CCTIM, Recorded Future Certified Analyst, CISSP, CEH, or OSCP

Citi Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Citi and has not been reviewed or approved by Citi.

  • Healthcare Strength Benefits coverage is positioned as comprehensive, including health, dental, and vision insurance plus on-site clinics, prescription drug support, and disability coverage. Family-building support such as fertility assistance is described as a notable differentiator within the overall package.
  • Retirement Support Retirement benefits are framed as strong, highlighted by a 401(k) with matching and additional plan options like a Roth 401(k). Financial support is reinforced through discounts and broader financial guidance resources tied to the benefits ecosystem.
  • Wellbeing & Lifestyle Benefits Wellbeing support extends beyond insurance through programs like an Employee Assistance Program, counseling/legal resources, and gym or wellness reimbursement. These offerings increase the perceived total rewards value even when cash compensation sentiment varies by role.

Citi Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Kwun Tong, Kowloon
223,850 Employees

What We Do

Citi's mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients. We have 200 years of experience helping our clients meet the world's toughest challenges and embrace its greatest opportunities. We are Citi, the global bank – an institution connecting millions of people across hundreds of countries and cities.

Similar Jobs

CrowdStrike Logo CrowdStrike

Sr. AI Agent Developer (Remote)

Cloud • Computer Vision • Information Technology • Sales • Security • Cybersecurity
Remote or Hybrid
USA
10000 Employees
140K-215K Annually

Bevi Logo Bevi

Partner Enablement Manager

Greentech • Hardware • Healthtech • Internet of Things
Easy Apply
Remote or Hybrid
United States
252 Employees
118K-145K Annually

Shield AI Logo Shield AI

Marketing Manager

Aerospace • Artificial Intelligence • Machine Learning • Robotics • Software
In-Office or Remote
3 Locations
110K-166K Annually

Shield AI Logo Shield AI

Staff Engineer

Aerospace • Artificial Intelligence • Machine Learning • Robotics • Software
In-Office or Remote
4 Locations
170K-250K Annually

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account