IT Security Analyst III REMOTE

IT Security Analyst III – Remote

Requisition Number: R7517

Location:

Glendale, Arizona (Remote)

CSAA Insurance Group (CSAA IG) is a AAA insurer and one of the top personal lines property and casualty insurance groups in the U.S. Our employees proudly live our core beliefs and fulfill our enduring purpose to help members prevent, prepare for, and recover from life’s uncertainties. We are committed to innovation and adaptability, hiring good people for a brighter tomorrow.

We are actively hiring for a Cybersecurity Analyst! Join us and support CSAA IG in achieving our goals.

We are seeking a skilled Security Operations Center Analyst. The position will play a critical role in proactively monitoring, detecting, analyzing, and responding to security events and providing support to all SOC team members. The ideal candidate is a technical security expert with experience in incident response, threat monitoring and analysis, and security tooling across cloud and on‑prem environments.

The CSAA Security Operations Team develops intelligence on advanced cyber threats to our services and customers. We collect indicators and intelligence from a variety of internal and external sources to understand high‑grade actors and their tools, techniques, and procedures, and use that understanding to identify and mitigate malicious activity.

The IT Security Analyst is a mid‑level cybersecurity professional responsible for monitoring, detecting, analyzing, and responding to security threats across the organization. This role provides advanced triage, incident response, threat hunting, and guidance while working closely with engineering, IT, and cybersecurity leadership to improve the overall security posture.

• Participate and lead incident response triage and investigations for security events.
• Continuously monitor SIEM, EDR, IDS/IPS, cloud security, and other security platforms for potential threats.
• Conduct in‑depth analysis of security events to determine root cause, impact, and severity.
• Perform systematic analysis of security events using IOCs to determine the presence of malicious activity, potential threats, and vulnerabilities.
• Escalate critical incidents and provide recommendations for containment and remediation.
• Lead or support incident response activities including investigation, containment, eradication, and recovery.
• Document incidents thoroughly following established incident response procedures.
• Coordinate with cross‑functional teams to resolve security issues promptly.
• Perform proactive threat hunting across on‑prem, cloud, and endpoint environments.
• Leverage threat intelligence to identify and defend against emerging threats.
• Develop detection use cases and recommend improvements to SOC tooling.
• Serve as a subject matter expert for SOC Level I and II analysts.
• Provide guidance, training, and feedback to junior team members.
• Develop and refine SOC procedures and playbooks.
• Assist in tuning SIEM rules, detection logic, and alert thresholds to reduce false positives.
• Analyze large and unstructured data sets to identify trends and anomalies indicative of malicious activities.
• Create security techniques and automation for internal use that enable the team to operate at high speed and broad scale.
• Participate in on‑call rotation to respond to critical security events.

• Bachelor’s degree in Computer Science, Information Technology, or a related field, or an equivalent combination of education and experience.
• 4 years of IT experience.
• 2 years of experience in Cyber Security or a related field.
• Experience with SIEM solutions (e.g., Splunk), EDR platforms, and log analysis.
• Strong understanding of modern attack techniques, TTPs, and the MITRE ATT&CK framework.
• Working knowledge of networks, operating systems (Windows/Linux), firewalls, and cloud environments (AWS, Azure, GCP).

• A team player who values knowledge sharing and collaboration.
• Familiarity with Windows, Mac, and Linux capabilities.
• Strong knowledge of security frameworks (MITRE ATT&CK, NIST CSF, CIS Benchmarks).
• Strong verbal and written communication and interpersonal skills.
• Knowledge of Incident Response frameworks (SANS/NIST).
• Background in detection engineering processes.
• Active participation in company culture initiatives (e.g., employee resource groups, volunteering).
• Willingness to adopt cultural norms such as using cameras during onboarding and team meetings.
• Willingness to travel for role, including divisional/team meetings and other in‑person meetings.
• Ability to fulfill business needs, including investing extra time to help other teams if needed.

CSAA Insurance Group is an equal opportunity employer.

Must have authorization to work indefinitely in the United States.