Intelligence Lead Analyst - OSINT Threat Hunting
Go beyond traditional analysis and become a proactive threat hunter at the heart of Citi's global security operations. The CSIS Advanced Analytics and Cyber OSINT program seeks a senior Intelligence Lead Analyst to design, lead, and mature our threat hunting capabilities.
In this pivotal role, you will transform open-source information into actionable intelligence, safeguarding the assets, integrity, and reputation of Citi and its clients against emerging threats. CSIS Intelligence Advanced Analytics and Cyber OSINT — Program Description Citi Security and Investigative Services (CSIS) is a full-service security and investigative team that protects the assets, integrity, and reputation of Citi and its clients as the industry-leading provider of security, investigations, and intelligence.
The CSIS Advanced Analytics and Cyber OSINT program delivers timely, actionable intelligence to Citi stakeholders through collection and analysis using both open-source and internal data sources, supporting complex financial crime investigations, cyber-enabled fraud matters, and high-risk security events.
The program drives efficiencies through the creation, integration, and deployment of custom analytical tools and intelligence capabilities into the hands of analysts and investigators across the enterprise
Job Description
The Intelligence Lead Analyst (Open Source Intelligence - Threat Hunting) is a senior-level intelligence analyst position responsible for designing, leading, and maturing Citi's proactive threat hunting and cyber Open Source Intelligence (OSINT) capabilities.
The role goes beyond reactive analysis: the incumbent will drive hypothesis-driven hunt operations across Citi's global enterprise environment, operationalize cyber threat intelligence into detection engineering, and serve as a subject matter expert on adversary tradecraft, tactics, techniques, and procedures (TTPs), and emerging threat actor campaigns targeting the financial sector.
The role requires deep expertise in the cyber threat intelligence lifecycle, adversary emulation, and the ability to translate complex intelligence into actionable outcomes for Investigations, Security, and other stakeholders
Responsibilities
Analyze regional threat data and determine a correlation if any, to existing intelligence requirements Monitor and research cyber threats with a direct or indirect impact to the Citi brand Research and identify malicious activity by performing post-mortem analysis on logs, traffic flows, and other activities Conduct intrusion analyses to ascertain the impact of an attack, and develop mitigation techniques for future attacks Evaluate networks and programs to assess potential weaknesses and points of entry Analyze and present to senior leadership discovered patterns to forecast future cyber-attacks and their potential impact Liaise with intelligence communities, law enforcement, industry partners, peer financial institutions, and information sharing communities Triage, process, analyze, and disseminate intelligence alerts, reports, and briefings Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency
Qualifications
- 6-10 years of relevant experience Should have a working knowledge in one or more of the following areas: Advanced Persistent Threat, Third Party Risks/Threats, Cybercrime, Extremist Groups and Cyber Terrorists, Hacktivism, Distributed Denial of Service attacks, Fraud, Malware, Mobile Threats Proven track record of operationalizing cyber threat intelligence — translating raw intelligence into detections, hunt packages
- risk-relevant reporting.
- Consistently demonstrates clear and concise written and verbal communication Proven influencing and relationship management skills Proven analytical skills Education: Bachelor’s degree/University degree or equivalent experience Master’s degree preferred (Advanced degree preferred, ideally in Computer Science, Cybersecurity, Information Security
- a related STEM discipline) Additional valued certifications include: CREST CCTIM, Recorded Future Certified Analyst, CISSP, CEH
- Required Skills: Proficiency in the MITRE ATT&CK framework — mapping adversary TTPs, building hunt hypotheses, and driving detection coverage analysis.
- Hands-on experience with Threat Intelligence Platforms including Recorded Future, Mandiant Advantage, ThreatConnect, MISP, or OpenCTI.
- Experience with scripting and automation languages including Python, PowerShell, and Bash for intelligence collection, enrichment pipelines, and hunt tooling development.
- Advanced OSINT tradecraft including dark web monitoring, social media intelligence, infrastructure pivoting, and digital footprint analysis.
- Experience with link analysis platforms such as Palantir, Maltego, and i2 Analyst's Notebook, including building custom extractors, web scrapers, and automation workflows to support investigative and analytical tasks.
- Solid understanding of network forensics, log analysis, and reverse engineering in support of hunt operations.
- Working knowledge of malware analysis (static and dynamic) and adversary infrastructure analysis.
- Exceptional written and verbal communication skills with the ability to produce intelligence products for both technical and executive audiences, consistently demonstrating clarity, conciseness, and attention to detail.
- Proven influencing, relationship management, and analytical skills with a track record of driving outcomes across cross-functional teams.
- This job description provides a high-level review of the types of work performed.
- Other job-related duties may be assigned as required. ------------------------------------------------------ Job Family Group: Technology ------------------------------------------------------ Job Family: Information Security ------------------------------------------------------ Time Type: Full time ------------------------------------------------------ Primary Location: NC-CHARLOTTE (BALLANTYNE) ------------------------------------------------------ Primary Location Full Time Salary Range: $117,440.00 - $176,160.00 In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards.
- Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs.
- Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays.
- For additional information regarding Citi employee benefits, please visit citibenefits.com.
- Available offerings may vary by jurisdiction, job level
- date of hire. ------------------------------------------------------ Most Relevant Skills Please see the requirements listed above. ------------------------------------------------------ Other Relevant Skills For complementary skills, please see above and/or contact the recruiter. ------------------------------------------------------ Anticipated Posting Close Date: Jul 03, 2026 ------------------------------------------------------ Citi is an equal opportunity employer
- qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran
- any other characteristic protected by law.
- If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi .
- View Citi’s EEO Policy Statement and the Know Your Rights poster.