Address
Form of workExternal candidates: In order for your application to be correctly processed please sign-in before you apply
Internal candidates: Please go to Workday and click "Find Jobs" link under Career
Thank you for considering opportunities with us!
Job Title
Senior Security Engineer - Threat Hunter/Incident Response - Remote
Requisition Number
R6406 Senior Security Engineer - Threat Hunter/Incident Response - Remote (Open)
Location
Glendale, Arizona
Additional Locations
Arizona - Home Teleworkers, Arizona - Home Teleworkers, Colorado - Home Teleworkers, Connecticut - Home Teleworkers, Florida - Home Teleworkers, Georgia - Home Teleworkers, Idaho - Home Teleworkers, Illinois - Home Teleworkers, Indiana - Home Teleworkers, Iowa - Home Teleworkers, Kansas - Home Teleworker, Kentucky - Home Teleworkers, Louisiana - Home Teleworkers, Maryland - Home Teleworkers, Massachusetts - Home Teleworkers, Michigan - Home Teleworkers, Minnesota - Home Teleworkers, Mississippi - Home Teleworker, Missouri - Home Teleworker, Nevada - Home Teleworkers, New Hampshire - Home Teleworkers, New Mexico - Home Teleworker, New York - Home Teleworkers, North Carolina - Home Teleworkers, Ohio - Home Teleworkers {+ 11 more}
Job Information
CSAA Insurance Group (CSAA IG), a AAA insurer, is one of the top personal lines property and casualty insurance groups in the U.S. Our employees proudly live our core beliefs and fulfill our enduring purpose to help members prevent, prepare for and recover from life's uncertainties, and we're proud of the culture we create together. As we commit to progress over perfection, we recognize that every day is an opportunity to be innovative and adaptable. At CSAA IG, we hire good people for a brighter tomorrow. We are actively hiring for a Senior Security Engineer - Cyber Threat Hunter/Incident Response - Remote! Join us and support CSAA IG in achieving our goals.
Your Role:
The CSAA Security Operations Team is responsible for developing intelligence on advanced cyber threats to our services and our customers. We collect indicators and intelligence from a variety of internal and external sources and use that information to develop an understanding of high-grade actors and their tools, techniques, and procedures. We then bring to bear that understanding to purposefully identify and mitigate malicious activity.
Your work:
The Senior Security Engineer will be a key member of the Security Operations Team functioning within the CSAA Security organization. They are responsible for participating in threat intelligence driven investigations, developing new detection logic, and participating in Incident Response. The focus of the role is to detect, disrupt and eradicate threats from enterprise network. To implement this mission, they will use data analysis, threat intelligence, and innovative security technologies.
They will be required to analyze indicators to generate actionable intelligence and insight into ongoing threats. They will help improve our capabilities by formulating new analytic techniques and working across teams to drive the supporting capabilities. A deep understanding of current APT actors and TTPs as well as experience performing question driven analysis is required. Candidates should have a solid grasp of network and host-based indicators and how to best use them. They should be able to script and help automate recurring tasks to increase the overall efficiency of the team. An understanding of operating systems internals will be an asset.
Specifically, the incumbent will perform digital forensics and security incident response activities, including but not limited to:
- Build Detections to pinpoint potential security threats, drawing on insights into attacker tactics, techniques, and procedures (TTPs) mapping to MITRE Attack Framework.
- Analyze large and unstructured data sets to identify trends and anomalies indicative of malicious activities.
- Monitor and track advanced persistent threats (APT) and report on their tools, techniques, and procedures (TTPs), including attacker's motivations, industries, and attacker trends.
- Malware reverse engineering and analysis to evaluate and analyze complex malicious code using tools, including dissemblers, debuggers, hex editors, un-packers, virtual machines, and network sniffers.
- Assist with crafting security techniques and automation for internal use that enable the team to operate at high speed and broad scale.
- Conducts research into ongoing threat activity to determine relevant threat intelligence by collecting, analyzing, and interpreting threat intelligence data from various sources, including open-source intelligence (OSINT), commercial feeds, internal logs, security news and dark web monitoring.
- Provide situational awareness on the ongoing threat landscape and the techniques, tactics and procedures associated with specific threats.
- Security incident response in a multi-functional environment and drive incident resolution.
- Perform Threat hunting proactively to identify threats and assess the state of security controls.
- Develop Incident Response initiatives that improve our capabilities to effectively respond and remediate security incidents.
- Engages with external entities, such as industry sharing groups and intelligence communities, to exchange information and collaborate on threat intelligence initiatives.
- Periodic on-call responsibilities
Required Experience, Education and Skills
- BS degree in Computer Science, MIS, Computer Engineering, or 6+ years equivalent technology experience.
- Ability to work across a variety of technologies.
- Solid foundation in cloud-native investigative techniques and incident response methodologies
- Solid understanding in Security frameworks MITRE ATT&CK.
- Solid understanding in Security Models Cyber Kill Chain and Diamond Model of Intrusion Analysis.
- Experience with network, operating system, and application security tools sets.
- Firm grasp of cloud service models and a shared responsibility model (IaaS, PaaS, SaaS) across public cloud CSPs (AWS, GCP, Azure).
- Strong analytical, written, and verbal communication skills.
- Able to work with a changing schedule that includes standard or non-standard business hours of work.
- Ability to weigh business needs against security concerns and articulate issues to management.
- Solid understanding and technical expertise in security architecture.
What would make us excited about you?
- 6+ years of experience in a Security Operations, Threat Hunting, Threat Intelligence, or similar role.
- 4+ years of hands-on experience in responding to threats in public cloud. (AWS, GCP, Azure)
- 2+ years of experience with tracking APT groups and other high-grade threats.
- 6+ years of experience in system, network, and/or application security.
- 2+ years of experience building SOAR automation.
- 6+ years of experience with scripting Python, Go or other programming languages.
- Actively shapes our company culture (e.g., supporting employee resource groups, mentoring employees, volunteering, joining cross-functional projects)
- Champions our cultural norms (e.g., willing to have cameras when it matters: helping onboard new team members, building relationships, etc.)
- Demonstrates a company ownership mindset, thinking beyond boundaries of their own area.
- Travels as needed for role, including divisional / team meetings and other in-person meetings.
- Fulfills business needs, which may include investing extra time, helping other teams, etc.
Preferred Qualifications:
- Splunk ES (Security)
- Splunk SOAR
- CrowdStrike
- Sysmon
- GCIH, CISSP, GREM, OSCP Certifications.
CSAA IG Careers
At CSAA IG, we're proudly devoted to protecting our customers, our employees, our communities, and the world at large. We are on a climate journey to continue to do better for our people, our business, and our planet. Taking bold action and leading by example. We are citizens for a changing world, and we continually change to meet it.
Join us if you...
- BELIEVE in a mission focused on building a community of service, rooted in inclusion and belonging.
- COMMIT to being there for our customers and employees.
- CREATE a sense of purpose that serves the greater good through innovation.
Recognition: We offer a total compensation package, performance bonus, 401(k) with a company match, and so much more! Read more about what we offer and what it is like to be a part of our dynamic team at https://careers.csaa-insurance.aaa.com/us/en/benefits
In most cases, you will have the opportunity to choose your preferred working location from the following options when you join CSAA IG: remote, hybrid, or in-person. Submit your application to be considered. We communicate via email, so check your inbox and/or your spam folder to ensure you don't miss important updates from us. If a reasonable accommodation is needed to participate in the job application or interview process, please contact TalentAcquisition@csaa.com.
As part of our values, we are committed to supporting inclusion and diversity at CSAA IG. We actively celebrate colleagues' different abilities, sexual orientation, ethnicity, and gender. Everyone is welcome and supported in their development at all stages in their journey with us.
We are always recruiting, retaining, and promoting a diverse mix of colleagues who are representative of the U.S. workforce. The diversity of our team fosters a broad range of ideas and enables us to design and deliver a wide array of products to meet customers' evolving needs.
CSAA Insurance Group is an equal opportunity employer.
The national average salary range for this position is $136,800-$152,000. However, we have a location-based compensation structure. Our salary ranges vary and are calculated based on county of residence. The full salary range for this position across all the states we hire in is $123,120-$182,500. This role also includes an opportunity for a company-wide annual discretionary bonus, through our Annual Incentive Plan (AIP), of up to 12% of eligible pay.
If you apply and are selected to continue in the recruiting process, we will schedule a preliminary call with you to discuss the role and will disclose during that call the available salary/hourly rate range based on your location. Factors used to determine the actual salary offered may include location, experience, or education.
Please note we are hiring for this role remote anywhere in the United States with the following exceptions: Hawaii and Alaska.
Must have authorization to work indefinitely in the US.
#LI-MB1
#Expand
#HP_RX
