External candidates: In order for your application to be correctly processed please sign-in before you apply
Internal candidates: Please go to Workday and click "Find Jobs" link under Career
Thank you for considering opportunities with us!
Job Title
IT Security Analyst III - REMOTERequisition Number
R7517 IT Security Analyst III - REMOTE (Open)Location
Glendale, ArizonaAdditional Locations
Alabama - Home Teleworkers, Alabama - Home Teleworkers, Arizona - Home Teleworkers, Arkansas - Home Teleworkers, California - Home Teleworkers, Colorado Springs, Colorado, Connecticut - Home Teleworkers, Delaware - Home Teleworker, District of Columbia - Home Teleworkers, Florida - Home Teleworkers, Georgia - Home Teleworkers, Idaho - Home Teleworkers, Illinois - Home Teleworkers, Indiana - Home Teleworkers, Iowa - Home Teleworkers, Kansas - Home Teleworker, Kentucky - Home Teleworkers, Louisiana - Home Teleworkers, Maine Home Teleworkers, Maryland - Home Teleworkers, Massachusetts - Home Teleworkers, Michigan - Home Teleworkers, Minnesota - Home Teleworkers, Mississippi - Home Teleworker, Missouri - Home Teleworker {+ 22 more}Job Information
CSAA Insurance Group (CSAA IG), a AAA insurer, is one of the top personal lines property and casualty insurance groups in the U.S. Our employees proudly live our core beliefs and fulfill our enduring purpose to help members prevent, prepare for and recover from life's uncertainties, and we're proud of the culture we create together. As we commit to progress over perfection, we recognize that every day is an opportunity to be innovative and adaptable. At CSAA IG, we hire good people for a brighter tomorrow.
We are actively hiring for a Cybersecurity Analyst! Join us and support CSAA IG in achieving our goals.
Your Role: We are seeking a skilled Security Operations Center Analyst. The position will play a critical role in proactively monitoring, detecting, analyzing and responding to security events as well as providing support to all SOC team members. The ideal candidate is a technical security expert with experience in various areas such as incident response, threat monitoring and analysis, and security tooling across cloud and on-prem environments.
The CSAA Security Operations Team is responsible for developing intelligence on advanced cyber threats to our services and our customers. We collect indicators and intelligence from a variety of internal and external sources and use that information to develop an understanding of high-grade actors and their tools, techniques, and procedures. We then bring to bear that understanding to purposefully identify and mitigate malicious activity.
The IT Security Analyst is a mid-level cybersecurity professional responsible for monitoring, detecting, analyzing, and responding to security threats across the organization. This role provides advanced triage, incident response, threat hunting, and guidance, while working closely with engineering, IT, and cybersecurity leadership to improve the overall security posture. You will help enhance our capabilities by formulating new analytic techniques and working across teams to drive the supporting capabilities. An understanding of current APT actors and TTPs as well as experience performing question driven analysis is required. You should have a solid grasp of network and host-based indicators and how to best use them
Your work:
Participate and lead incident response, triage, and investigations for security events
Continuously monitor SIEM, EDR, IDS/IPS, cloud security, and other security platforms for potential threats
Conduct in-depth analysis of security events to determine root cause, impact, and severity.
Perform systematic analysis of security events using IOCs to determine the presence of malicious activity, potential threats, and vulnerabilities.
Escalate critical incidents and provide recommendations for containment and remediation.
Lead or support incident response activities, including investigation, containment, eradication, and recovery.
Document incidents thoroughly following established incident response procedures.
Coordinate with cross-functional teams to resolve security issues promptly.
Perform proactive threat hunting across on-prem, cloud, and endpoint environments.
Leverage threat intelligence to identify and defend against emerging threats.
Develop detection use cases and recommend improvements to SOC tooling.
Serve as a subject matter expert for SOC Level I and II analysts.
Provide guidance, training, and feedback to junior team members.
Develop and refine SOC procedures, playbooks, and documentation.
Assist in tuning SIEM rules, detection logic, and alert thresholds to reduce false positives.
Analyze large and unstructured data sets to identify trends and anomalies indicative of malicious activities.
Create security techniques and automation for internal use that enable the team to operate at high speed and broad scale.
Participate in on-call rotation to respond to critical security events
The successful candidate will be responsible for monitoring and analyzing security events across enterprise systems, identifying and responding to potential threats, and leading mid-level incident response activities. They will proactively hunt for indicators of compromise, leverage threat intelligence to strengthen defenses, and collaborate with cross-functional teams. Additionally, the candidate will support the enhancement of SOC processes and detection capabilities.
Required Experience, Education and Skills
Bachelor’s degree in computer science, Information Technology, or a related field or an equivalent combination of education and experience
4+ years of IT experience
2+ years of experience in Cyber Security or related field.
Experience with SIEM solutions (e.g., Splunk), EDR platforms, and log analysis.
Strong understanding of modern attack techniques, TTPs, and the MITRE ATT&CK framework.
Working knowledge of networks, operating systems (Windows/Linux), firewalls, and cloud environments (AWS, Azure, GCP).
What would make us excited about you?
A team player who values knowledge sharing and collaboration.
Familiarity with Windows, Mac, and Linux capabilities
Strong knowledge of security frameworks (MITRE ATT&CK, NIST CSF, CIS Benchmarks)
Strong verbal/written communication and interpersonal skills
Knowledge of Incident response frameworks (SANS/NIST)
Background in detection engineering process
Actively shapes our company culture (e.g., participating in employee resource groups, volunteering, etc.)
Lives into cultural norms (e.g., willing to have cameras when it matters: helping onboard new team members, building relationships, etc.)
Travels as needed for role, including divisional / team meetings and other in-person meetings
Fulfills business needs, which may include investing extra time, helping other teams, etc
CSAA IG Careers
At CSAA IG, we’re proudly devoted to protecting our customers, our employees, our communities, and the world at large. We are on a climate journey to continue to do better for our people, our business, and our planet. Taking bold action and leading by example. We are citizens for a changing world, and we continually change to meet it.
Join us if you…
BELIEVE in a mission focused on building a community of service, rooted in inclusion and belonging.
COMMIT to being there for our customers and employees.
CREATE a sense of purpose that serves the greater good through innovation.
Recognition: We offer a total compensation package, performance bonus, 401(k) with a company match, and so much more! Read more about what we offer and what it is like to be a part of our dynamic team at https://careers.csaa-insurance.aaa.com/us/en/benefits
In most cases, you will have the opportunity to choose your preferred working location from the following options when you join CSAA IG: remote, hybrid, or in-person. Submit your application to be considered. We communicate via email, so check your inbox and/or your spam folder to ensure you don’t miss important updates from us.
If a reasonable accommodation is needed to participate in the job application or interview process, please contact TalentAcquisition@csaa.com.
As part of our values, we are committed to supporting inclusion and diversity at CSAA IG. We actively celebrate colleagues’ different abilities, sexual orientation, ethnicity, and gender. Everyone is welcome and supported in their development at all stages in their journey with us.
We are always recruiting, retaining, and promoting a diverse mix of colleagues who are representative of the U.S. workforce. The diversity of our team fosters a broad range of ideas and enables us to design and deliver a wide array of products to meet customers’ evolving needs.
CSAA Insurance Group is an equal opportunity employer.
If you apply and are selected to continue in the recruiting process, we will schedule a preliminary call with you to discuss the role and will disclose during that call the available salary/hourly rate range based on your location. Factors used to determine the actual salary offered may include location, experience, or education.
Must have authorization to work indefinitely in the US.
Please note we are hiring for this role remote anywhere in the United States with the following exceptions: Hawaii and Alaska.
#LI-SB1