Lead Associate Principal, Cyber Defense

The OCCChicago, IL
Hybrid

About The Position

Lead the charge in protecting our organization from evolving cyber threats. As Lead Associate Principal, Cyber Defense, you'll drive the analysis of threats and vulnerabilities, lead a team of security professionals, and own the strategy for how we defend our enterprise. You'll take initiative to launch and lead security projects — assembling teams to remediate threats, incidents, and compliance gaps — while sharpening how we monitor third-party feeds and forums for emerging risks. You'll also guide regulatory compliance from documentation through testing and report key metrics directly to senior leadership. If you want a role where your leadership and expertise shape an organization's entire security posture, this is it.

Requirements

  • Proven team leadership and project management skills, with the initiative to drive solutions across diverse skillsets and work independently or with local/remote staff, vendors, and consultants.
  • Skilled in security assessments and control implementation based on standards like NIST, COBIT, ISO, ITIL, and the NIST Cybersecurity Framework.
  • Strong oral and written communication, analytical, and judgment skills, with the ability to engage effectively with all levels of management in both formal and informal settings.
  • Demonstrated proficiency in: Implementation and maintenance of security platforms (Splunk, Crowdstrike, Symantec DLP) and vulnerability assessment tools (Qualys, Nessus, nmap), including incident response playbook development and remediation management.
  • Proficiency with network sniffers/packet tracing tools (Ethereal, tcpdump, etc.), preventative/detective technologies (EDR, network-based analysis), and Web Application Firewalls.
  • Strong background in encryption technologies (PGP, PKI, X.509) and directory services/LDAP security (Active Directory, CA Directory).
  • Experience across client/server platforms (Solaris, Windows, Linux) and OS hardening procedures, plus proxy/caching services.
  • Knowledge of LAN/WAN routing and high availability protocols (OSPF, BGP4/iBGP, EIGRP, NSRP), cloud security tools (AWS, Azure, GCP), and SOAR tools/concepts.
  • Some experience scripting and leveraging APIs to integrate security monitoring tools, with knowledge of Generative and Prompt AI.
  • Minimum five years hands-on security operations experience including interdisciplinary experience with four or more of the following: Cyber Threat Analysis, Digital Computer Forensics, Incident Response, Application Security, Operating Systems Security, Cryptographic Controls, Networking, Programming languages, Incident Response.
  • Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives.
  • Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure.
  • Industry knowledge of leading-edge security technologies and methods.
  • Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities.

Nice To Haves

  • Previous people/project management experience is a plus.

Responsibilities

  • Lead cyber security incident responders in response activities including investigation, coordination, review, and reporting.
  • Oversee technical analysis of security events while coordinating incident response activities with internal and external teams.
  • Ensure and directly oversee the collection and preservation of data associated with cyber security incident response activities following industry best practices and established procedures.
  • Develop and support briefings to OCC senior management as a trusted incident responder.
  • Prioritize and identify security risks, threats and vulnerabilities of networks, systems, applications, and new technology initiatives.
  • Lead systems management team to operationalize remediation efforts for gaps identified.
  • Develop and implement security monitoring roadmaps for OCC technologies, applications, SaaS, and other cloud-hosted solutions. These roadmaps will direct efforts on implementation of monitoring use cases and measurement of monitoring capabilities.
  • Manage, implement, and validate security monitoring use cases, mapping to frameworks, technical configuration for security tools, etc.
  • Subject matter expert on security tools including appliances, hosted systems, and SaaS – including health checks, version updates, and content development.
  • Validate content changes to security tools are appropriate from other analysts and teams.
  • Report on and enhance current metrics surrounding security tool capabilities and efficacy.
  • Subject matter expert in the systems lifecycle --- performing upgrades, implementation of new technologies, and enhancement identification.
  • Confer with and advise subordinates on administrative policies and procedures, technical problems, priorities, and methods.
  • Advise management selecting and scheduling employee training classes, conferences, and seminars.

Benefits

  • A hybrid work environment, up to 2 days per week of remote work
  • Tuition Reimbursement to support your continued education
  • Student Loan Repayment Assistance
  • Technology Stipend allowing you to use the device of your choice to connect to our network while working remotely
  • Generous PTO and Parental leave
  • 401k Employer Match
  • Competitive health benefits including medical, dental and vision
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service