Senior Cyber Security Engineer - SIEM and Automation

Corebridge Financial•Jersey City, NJ

1d•Hybrid

About The Position

At Corebridge Financial, we believe action is everything. That’s why every day we partner with financial professionals and institutions to make it possible for more people to take action in their financial lives, for today and tomorrow. We align to a set of Values that are the core pillars that define our culture and help bring our brand purpose to life: We are stronger as one: We collaborate across the enterprise, scale what works and act decisively for our customers and partners. We deliver on commitments: We are accountable, empower each other and go above and beyond for our stakeholders. We learn, improve and innovate: We get better each day by challenging the status quo and equipping ourselves for the future. We are inclusive: We embrace different perspectives, enabling our colleagues to make an impact and bring their whole selves to work. Who You’ll Work With The Information Technology organization is the technological foundation of our business and works in collaboration with our partners from across the company. The team drives technology and digital transformation, partners with business leaders to design and execute new strategies through IT and operations services and ensures the necessary IT risk management and security measures are in place and aligned with enterprise architecture standards and principles. About The Role We are seeking a highly skilled Senior Cyber Security Engineer - SIEM and Automation to lead and enhance our detection engineering capabilities. This role is responsible for developing high-fidelity use cases, optimizing logging strategies, integrating security tools, and tuning alerts to improve signal-to-noise ratio. You will work closely with Security Operations, Threat Intelligence, and Engineering teams to ensure our SIEM platform delivers actionable insights and supports rapid incident detection and response.

Requirements

Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience)
3–7+ years of experience in SIEM engineering, detection engineering, or security operations
Hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar, Elastic)
Strong understanding of log sources (Windows, Linux, cloud platforms, network devices)
Experience with query languages (e.g., SPL, KQL, Lucene, SQL)
Knowledge of MITRE ATT&CK framework and adversary tactics/techniques
Experience onboarding and parsing diverse data sources

Nice To Haves

Experience with SOAR platforms and security automation
Familiarity with cloud environments (AWS, Azure, GCP) and their native logging tools
Scripting or programming skills (Python, PowerShell, etc.)
Experience with detection-as-code and version control practices
Security certifications (e.g., GCIA, GCIH, CISSP, Splunk Certified, Microsoft SC-200)

Responsibilities

Use Case Development: Design, develop, and maintain SIEM detection use cases aligned with MITRE ATT&CK and threat intelligence. Translate threat scenarios into actionable detection logic and correlation rules. Continuously improve detection coverage through gap analysis and adversary simulation insights.
Logging & Data Analysis: Define and implement logging requirements across cloud, endpoint, network, and application layers. Analyze log sources to ensure data quality, normalization, and completeness. Identify gaps in telemetry and recommend improvements to enhance visibility.
Tool Integration & Data Onboarding: Integrate new data sources into the SIEM (e.g., EDR, IAM, firewall, SaaS platforms). Work with engineering teams to onboard logs using APIs, agents, and log pipelines. Ensure proper parsing, enrichment, and normalization of ingested data.
Alert Tuning & Optimization: Reduce false positives through continuous alert tuning and threshold optimization. Implement risk-based alerting and prioritization strategies. Collaborate with SOC analysts to refine detection logic based on incident feedback.
SIEM Platform Engineering: Maintain and optimize SIEM performance, scalability, and cost efficiency. Develop dashboards, reports, and visualizations for operational and leadership insights. Support automation and orchestration efforts with SOAR integrations where applicable.
Collaboration & Continuous Improvement: Partner with Threat Intelligence to operationalize indicators and emerging threats. Support incident response investigations with log analysis and detection enhancements. Stay current with evolving attack techniques and detection methodologies.

Benefits

Medical insurance
Dental insurance
Vision insurance
Mental health support
Wellness initiatives
401(k) Plan with a generous dollar-for-dollar Company matching contribution of up to 6% of eligible pay
Company contribution equal to 3% of eligible pay (subject to annual IRS limits and Plan terms)
Employee Assistance Program (Confidential counseling services and resources)
Matching charitable donations (up to $5,000)
Volunteer Time Off (up to 16 hours annually)
Paid Time Off (at least 24 days)