IT Security Manager

Company: CSAA Insurance Group
Location: Glendale
Posted on: September 23, 2022

Job Description:

CSAA Insurance Group (CSAA IG), a AAA insurer, is one of the top personal lines property and casualty insurance groups in the U.S. Our employees proudly live our core beliefs and fulfill our enduring purpose to help members prevent, prepare for and recover from life's uncertainties, and we're proud of the culture we create together. As we commit to progress over perfection, we recognize that every day is an opportunity to be innovative and adaptable. At CSAA IG, we hire good people for a brighter tomorrow. We are actively hiring for an IT Security Manager - Remote! Join us and support CSAA IG in achieving our goals. Your Role: The CSAA Cyber Defense Services Team is responsible for developing actionable intelligence on advanced cyber threats to our services and our customers. We collect indicators and intelligence from a variety of internal and external sources and use that information to develop an understanding of high-grade actors and their tools, techniques, and procedures. We then bring to bear that understanding to purposefully identify and mitigate malicious activity. Your work:

• Investigating security incidents in accordance to security policies
• Mentor junior team members, support their growth and the development of methods by which they may initiate tactical mitigations based on results of analysis and determination of threat validity
• Contribute to the continuous surveillance of and reporting on the cyber threat landscape, emerging TTP and the reported activities of threat actors
• Shares lessons learned, initial indicators of detection, and opportunities for strengthening signature based detection capabilities
• Maintains and enhances the documentation standard for discoveries and reporting of malicious tactics, techniques, and procedures
• Leads response to audits, penetration tests and vulnerability assessments. Focuses on enterprise wide threats and highly sensitive and confidential issues within the company
• Monitor and analyze the cyber threat landscape in order to identify external and emerging cyber threats
• Conduct analysis on threat information to identify current impact and identify potential mitigations
• Communicate to fellow stakeholders and senior leadership the cyber risk to the organization through operational briefings and threat intelligence reports
• Extract and communicate trends from the cyber threat landscape
• Establish methods of correlating and enriching internal network anomalies with threat intelligence for the purposes of increasing situational awareness among tier one SOC analysts, informing threat hunts, providing attribution, and aiding in the establishment of strategic countermeasures
• Develop, create, and drive current and new reporting methods and products, with the goal of increasing situational awareness and ensuring Intelligence products are actionable
• Support incident response and threat hunting activities to include providing intelligence context, analysis support, industry expertise, and recommendations around remediation and countermeasures
• Continuously evaluate the effectiveness of methods of intelligence ingestion, as well as the reliability of data feeds
• Evaluate new intelligence sources and make recommendations for improvements and new sources
• Assist in maintaining an effective threat actor Intelligence program, which provisions for the identification, tracking, and prioritization of cyber threat actors of various types
• Periodic on-call responsibilities What would make us excited about you?
  • Strong technical experience and familiarity with various techniques of cyber-attacks, MITRE Att&ck framework
  • Experience supporting incident response and/or investigations
  • Possess knowledge of Intelligence Community (IC) fundamentals (classifications, Traffic Light Protocol (TLP), Intelligence Sharing and Analysis Centers (ISACs)
  • Ability to communicate complex ideas and concepts effectively, using the correct grammar and terminology, both orally and in writing, with senior management staff, information systems professionals, and technical and non-technical users
  • Ability to quickly and effectively digest disparate data sources to determine security implications and risk levels
  • Able to provide recommendations of security improvements by assessing current efficacy of current capabilities/solutions, evaluating trends and anticipating requirements
  • Possess knowledge of virtual environments, Cloud platforms (IaaS), network operating systems, mobile device environments, and data encryption methods
  • Demonstrated expertise in network communication protocols, operating systems, servers, firewall implementation, IPS/IDS systems, and advanced malware detection systems
  • Must be able to multi-task and work independently on moderate to complex assignments using independent professional discretion and judgment as well as transition quickly between projects with minimal supervision
  • Ability to maintain effective working relationships with colleagues, users, contractors, and vendors
  • Possesses the ability to use in-depth knowledge to identify and present practical intelligence to team members and senior leadership
  • Maintain advanced knowledge of tools and techniques for analysis and identification of the nature of threats
  • Ability to perform security analysis of network traffic data and report on threats as needed, and act as the escalation point for additional analysis
  • Solid understanding of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols
  • Experience with log analysis, traffic flow analysis and experience with associated infrastructure and systems to aid in the identification of malware or other malicious behavior
  • Experience using a broad array of security tools including Security Information and Event Management (SIEM) system, intrusion detection systems, web proxy systems, routers, switches, firewall deployment and other tools used to assess network security
  • Demonstrated knowledge of techniques used to analyze network traffic for malicious activity and perform packet analysis
  • Identify, extract, and leverage intelligence from intrusion attempts carried out by advanced cybercriminals or advanced persistent threat (APT) groups
  • Piece together and track intrusion campaigns and activity carried out by various threat actors, and nation-state/advanced threat actor activity
  • Fully analyze network and host activity in successful and unsuccessful intrusions by advanced attackers
  • Demonstrated ability to work in a team environment both in-person and remotely, with minimal supervision
  • Possess strong time management skills and the ability to effectively prioritize tasks and work independently with minimal daily management interaction
  • Excellent written and verbal communication skills, analytical ability, strong judgment and leadership skills, and the ability to work effectively with peers, IT management, and senior leaders
  • Ability to participate in meetings and projects with customers and partners, including those involving technical topics or technical service delivery
  • Strong problem-solving skills, and a desire to attempt to work through blockers prior to seeking assistance
  • Splunk ES (Security)
  • Splunk UBA
  • Splunk Phantom
  • Cloud
  • Python coding experience
  • Endpoint Protection
  • Correlation rule development
  • SPL - search processing language
  • MSSP Engagement experience
  • BS degree in Computer Science, MIS, Computer Engineering, or 15+ years equivalent technology experience
  • 10+ years direct security operations experience
  • 10+ years of experience with tracking APT groups and other high-grade threats
  • 10+ years of experience in system, network, and/or application security
  • 10+ years of experience building automation
  • 10+ years of experience with SQL or other query languages
  • GCIH Certification
  • Shows respect for differences through superb communication skills with people from an array of backgrounds.
  • Confidence can sometimes hold us back from applying for a job. But we'll let you in on a secret: there's no such thing as a 'perfect' candidate. CSAA IG is a place where everyone can grow. So, however you identify and whatever background you bring with you, please apply if you meet most of the requirements (not all) and this is a role that would make you excited to come to work every day. CSAA IG Careers At CSAA IG, we're proudly devoted to protecting our customers, our employees, our communities, and the world at large. We are on a climate journey to continue to do better for our people, our business, and our planet. Taking bold action and leading by example. We are citizens for a changing world, and we continually change to meet it. Join us if you---
    • BELIEVE in a mission focused on building a community of service, rooted in inclusion and belonging.
    • COMMIT to being there for our customers and employees.
    • CREATE a sense of purpose that serves the greater good through innovation. Recognition: We offer a total compensation package, performance bonus, 401(k) with a company match, and so much more! Read more about what we offer and what it is like to be a part of our dynamic team at: Benefits (aaa.com) In most cases, you will have the opportunity to choose your preferred working location from the following options when you join CSAA IG: remote, hybrid, or in-person. Submit your application to be considered. We communicate via email, so check your inbox and/or your spam folder to ensure you don't miss important updates from us. If a reasonable accommodation is needed to participate in the job application or interview process, please contact TalentAcquisition@csaa.com. As part of our values, we are committed to supporting inclusion and diversity at CSAA IG. We actively celebrate colleagues' different abilities, sexual orientation, ethnicity, and gender. Everyone is welcome and supported in their development at all stages in their journey with us. We are always recruiting, retaining, and promoting a diverse mix of colleagues who are representative of the U.S. workforce. The diversity of our team fosters a broad range of ideas and enables us to design and deliver a wide array of products to meet customers' evolving needs. CSAA Insurance Group is an equal opportunity employer. The national average salary range for this position is $147,510-$163,900. However, we have a location-based compensation structure. Our salary ranges vary and are calculated based on county of residence. The full salary range for this position across all the states we hire in is $132,750-$196,600 This role also includes an opportunity for a company-wide annual discretionary bonus, through our Annual Incentive Plan (AIP), of up to 15% of eligible pay. If you apply and are selected to continue in the recruiting process, we will schedule a preliminary call with you to discuss the role and will disclose during that call the available salary/hourly rate range based on your location. Factors used to determine the actual salary offered may include location, experience, or education. Please note we are hiring for this role remote anywhere in the United States with the exception of California, Hawaii and Alaska. Must have authorization to work indefinitely in the US. #hp_rx #LI-MB1 #Dice_RX #Expand

Keywords: CSAA Insurance Group, Glendale , IT Security Manager, Executive , Glendale, Arizona