Lead Fraud SIEM Content Developer, SVP

About Citi: Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.

Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.

The Lead Fraud SIEM Lead Content Developer is a senior lead level position critical to driving our proactive defense against fraud-related information/data breaches and cyber-attacks. This role is responsible for leading a team of Splunk ES content developers focused on building and maintaining a robust and effective fraud detection capability within our Security Operations Center (SOC).

• Lead and mentor a team of Splunk ES developers, fostering a collaborative and high-performing environment
• Define and maintain the overall architecture and roadmap for Splunk ES content related to fraud detection, ensuring alignment with the SOC's strategic objectives
• Stay abreast of emerging fraud trends, attack vectors, and industry best practices to continuously enhance the team's detection capabilities
• Oversee the design, development, testing, and implementation of high-fidelity Splunk ES alerts and dashboards specifically tailored for fraud detection use cases
• Ensure content is well-documented, easily maintainable, and adheres to established coding standards and best practices
• Collaborate closely with SOC analysts to understand their operational workflows and tailor content to meet their investigative needs
• Partner with various internal teams (e.g., Applications Development, Threat Intelligence, and Incident Response) to integrate fraud detection capabilities into existing security processes
• Communicate effectively with both technical and non-technical stakeholders across different levels of the organization, providing regular updates on the team's progress and addressing any concerns
• Continuously evaluate and recommend new and emerging technologies that can enhance the team's ability to detect and respond to sophisticated fraud attempts

• 8+ years' experience performing Security Event monitoring and analysis specifically around Fraud incidents and events monitoring
• Strong understanding of fraud detection methodologies, techniques, and tools, with a focus on leveraging Splunk ES to its full potential
• Experience working in a financial services large-scale or enterprise environment
• Proven experience as a Security Architect or Application Architect with deep knowledge of security principles and best practices
• Extensive experience with Splunk ES, including content development, dashboarding, and alert creation
• Strong scripting skills (e.g., Python, PowerShell) for automating tasks and integrating with other security tools
• Demonstrated ability to lead and motivate technical teams, providing guidance, mentorship, and support
• Excellent communication skills, both written and verbal, with the ability to effectively convey complex technical information to diverse, technical and non-technical audiences
• Advanced analytical and problem-solving skills, with a proven ability to identify and troubleshoot complex technical issues
• Strong attention to detail and commitment to delivering high-quality work

• Bachelor's degree/University degree in Computer Science, Information Security, or a related field, or equivalent experience
• Relevant industry certifications (e.g., Splunk Certified Architect, CISSP, CISM) are highly preferred or willingness to obtain certification within first 12-18 months of employment

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Job Family Group: Technology

Job Family: Information Security

Time Type: Full time

Primary Location: Tampa Florida United States

Primary Location Full Time Salary Range: $141,440.00 - $212,160.00

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

Most Relevant Skills: Please see the requirements listed above.

Other Relevant Skills: For complementary skills, please see above and/or contact the recruiter.

Anticipated Posting Close Date: Sep 11, 2025

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. Citi is an equal opportunity employer. View Citi’s EEO Policy Statement and Know Your Rights poster in accessibility resources.