IT Security Analyst IV - Remote

CSAA Insurance Group, a AAA InsurerGlendale, AZ
1dRemote

About The Position

CSAA Insurance Group (CSAA IG), a AAA insurer, is one of the leading personal lines property and casualty insurance groups in the United States. Here, every employee shapes our mission. We build innovative, human-centered solutions that help AAA members prevent, prepare for, and recover from life's uncertainties. You will join a collaborative, inclusive culture where your strengths have room to grow and your ideas can drive real impact. Step into a role where you can contribute to our shared success through meaningful work. We are actively hiring for an IT Security Analyst IV - Remote! Your Role: The CSAA Security Operations Team is responsible for developing intelligence on advanced cyber threats to our services and our customers. We collect indicators and intelligence from a variety of internal and external sources and use that information to develop an understanding of high-grade actors and their tools, techniques, and procedures. We then bring to bear that understanding to purposefully identify and mitigate malicious activity. We are seeking a skilled Security Operations Center analyst with experience across the full incident response lifecycle and deep expertise in detection engineering, alert development, purple team collaboration, and security reporting. This role emphasizes building high-fidelity detections, leading purple team exercises with supporting log source validation, and contributing to incident response, threat hunting, and security operations across both cloud and on-prem environments.

Requirements

  • 6+ years of IT experience
  • 4+ years of experience in Cyber Security or related field
  • Bachelor’s degree in computer science, Information Technology, or a related field or an equivalent combination of education and experience
  • Demonstrated experience across the full incident response lifecycle, including detection, analysis, containment, eradication, recovery, and post-incident reporting.
  • Hands-on experience with security technologies such as SIEM, EDR, email security, CNAPP, and NDR platforms.
  • Strong experience of designing, building, and tuning security detections within SIEM solutions.
  • Experience participating in or supporting purple team exercises or adversary simulation activities.
  • Solid understanding of current and emerging SOC technologies, attacker tactics, and defensive techniques, and how they can be applied to improve SOC effectiveness and efficiency
  • Strong understanding of the information security industry and the evolving threat landscape.
  • Experience working with cloud infrastructure and technologies, alongside traditional on-prem environments.

Nice To Haves

  • A team player who values knowledge sharing and collaboration.
  • A mentoring/leadership background including mentoring other analysts and orchestrating team efforts for problem solving
  • You think in adversary behaviors, not just alerts, and design detections mapped to frameworks like MITRE ATT&CK.
  • You bring a continuous improvement mindset, regularly refining detections, processes, and playbooks based on real incidents and testing.
  • You can translate complex technical findings into clear, actionable reporting for both technical and non-technical audiences.
  • Familiarity with Windows, Mac, and Linux capabilities
  • Strong knowledge of security frameworks (MITRE ATT&CK, NIST CSF, CIS Benchmarks)
  • Strong verbal/written communication and interpersonal skills
  • Knowledge of Incident response frameworks (SANS/NIST)
  • Actively shapes our company culture (e.g., participating in employee resource groups, volunteering, etc.)
  • Lives into cultural norms (e.g., willing to have cameras when it matters: helping onboard new team members, building relationships, etc.)
  • Travels as needed for role, including divisional / team meetings and other in-person meetings
  • Fulfills business needs, which may include investing extra time, helping other teams, etc

Responsibilities

  • Participate in and lead incident response, triage, and investigations by performing systematic analysis of security events and indicators of compromise to identify malicious activity, potential threats, and vulnerabilities.
  • Conduct post-incident analysis to identify root causes and recommend preventative measures
  • Create incident reports and documentation for stakeholders.
  • Design, develop, and maintain high-fidelity security detections aligned to adversary behaviors (e.g., MITRE ATT&CK), while performing ongoing detection gap analysis and recommending new detections based on emerging threats and attack techniques.
  • Tune and optimize security detections and alerts to improve signal quality, reduce false positives, and ensure actionable outcomes for the SOC.
  • Document detection logic, data dependencies, assumptions, and response guidance to support long-term maintainability and SOC effectiveness.
  • Provide technical guidance and mentorship to junior SOC analysts during investigations and detection development efforts.
  • Lead purple team efforts to test adversary techniques, validate existing detections, identify gaps, and inform the development of new or improved security alerts.
  • Proactively conduct threat hunting to identify malicious activity and assess the effectiveness of security controls.
  • Leverage threat intelligence to inform detection development, threat hunting, and incident response activities.
  • Lead SOC project efforts and coordinate with other cyber security groups to elevate the organization's security posture
  • Identify opportunities to improve security processes and technologies
  • Participate in on-call rotation to respond to critical security events
  • Participate in knowledge sharing and training initiatives
  • Able to multitask and prioritize

Benefits

  • We offer a total compensation package, annual bonus eligibility for most roles, 401(k) with a company match, and so much more!
  • Career Growth: We believe in growth for everyone. Here at CSAA IG, leaders and mentors partner with employees to align interests, unlock development opportunities, and support long‑term success.
  • Flexible Workplace: We embrace a remote-first culture through our Flexible Workplace. Most employees hold Home-Flex roles, working primarily from home, often with the flexibility to work from various locations including CSAA offices. Our flexible workplace empowers you to balance remote work with intentional in‑person moments that deepen connection and collaboration.
  • Inclusion and Belonging: An inclusive and welcoming workplace is the cornerstone of our success. By fostering an environment where people feel valued and heard, we deepen our ability to understand and meet the unique needs of our members. This strengthens innovation and enhances our products and services, giving us a competitive edge in the market.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service