This job is expired.
Cyber Security Investigations Lead
Cyber Security Investigations Lead
Full Job Description
CSAA Insurance Group (CSAA IG), a AAA insurer, is one of the top personal lines property and casualty insurance groups in the U.S. Our employees proudly live our core beliefs and fulfill our enduring purpose to help members prevent, prepare for and recover from life's uncertainties, and we're proud of the culture we create together. As we commit to progress over perfection, we recognize that every day is an opportunity to be innovative and adaptable. At CSAA IG, we hire good people for a brighter tomorrow. We are actively hiring for a Cyber Security Investigations Lead! Join us and support CSAA IG in achieving our goals.
Your Role: We are seeking a skilled cyber security incident investigation lead. The position will provide the security investigations team the expertise in incident handling, in-depth analysis, forensics, advanced attack techniques and reconnaissance techniques. The ideal candidate will have experience in documenting investigations and providing clear evidence-based decisions within an investigation.
Your Work:
• Lead security investigations in collaboration with SOC personnel, ensuring deeper potential threats and root causes are thoroughly explored.
• Strong leadership skills and the ability to inform others during the incident and crisis management processes
• Expertise across multiple operating systems on host-based forensic processes
• Able to evaluate correlation rules and outcomes via security information and event management (SIEM) and security orchestration, automation, and response (SOAR) platforms.
• Expertise on network traffic patterns associated to attacks and expected sources for those patterns
• Technical understanding of current cybersecurity threats and trends.
• Familiarity with and contribution to the detection engineering process
• Excellent communication (oral and written), interpersonal, organizational, and presentation skills
Required Experience, Education and Skills
• Bachelor's degree in computer science, Information Technology, or a related field
• Significant equivalent work experience will be considered
• 10+ years of IT and relevant security experience
• 6+ years of experience leading or serving as a member of a CERT or other similar function
• Knowledge of current and emerging technologies and tactics used within a SOC and how they can be applied to improve efficiency and effectiveness
• Understanding of the information security industry and the current threat landscape
What would make us excited about you?
• Actively shapes our company culture (e.g., supporting employee resource groups, mentoring employees, volunteering, joining cross-functional projects)
• Champions our cultural norms (e.g., willing to have cameras when it matters: helping onboard new team members, building relationships, etc.)
• Demonstrates a company ownership mindset, thinking beyond boundaries of their own area
• Travels as needed for role, including divisional / team meetings and other in-person meetings
• Fulfills business needs, which may include investing extra time, helping other teams, etc
CSAA IG Careers
At CSAA IG, we're proudly devoted to protecting our customers, our employees, our communities, and the world at large. We are on a climate journey to continue to do better for our people, our business, and our planet. Taking bold action and leading by example. We are citizens for a changing world, and we continually change to meet it.
Join us if you...
• BELIEVE in a mission focused on building a community of service, rooted in inclusion and belonging.
• COMMIT to being there for our customers and employees.
• CREATE a sense of purpose that serves the greater good through innovation.
Recognition: We offer a total compensation package, performance bonus, 401(k) with a company match, and so much more! Read more about what we offer and what it is like to be a part of our dynamic team at [https://careers.csaa-insurance.aaa.com/us/en/benefits](https://careers.csaa-insurance.aaa.com/us/en/benefits)
In most cases, you will have the opportunity to choose your preferred working location from the following options when you join CSAA IG: remote, hybrid, or in-person. Submit your application to be considered. We communicate via email, so check your inbox and/or your spam folder to ensure you don't miss important updates from us.
If a reasonable accommodation is needed to participate in the job application or interview process, please contact TalentAcquisition@csaa.com.
As part of our values, we are committed to supporting inclusion and diversity at CSAA IG. We actively celebrate colleagues' different abilities, sexual orientation, ethnicity, and gender. Everyone is welcome and supported in their development at all stages in their journey with us.
We are always recruiting, retaining, and promoting a diverse mix of colleagues who are representative of the U.S. workforce. The diversity of our team fosters a broad range of ideas and enables us to design and deliver a wide array of products to meet customers' evolving needs.
CSAA Insurance Group is an equal opportunity employer.
If you apply and are selected to continue in the recruiting process, we will schedule a preliminary call with you to discuss the role and will disclose during that call the available salary/hourly rate range based on your location. Factors used to determine the actual salary offered may include location, experience, or education.
Must have authorization to work indefinitely in the US.
While we prefer your work location be in the Phoenix metropolitan area, we are also open to hiring for this role remote anywhere in the United States with the following exceptions: Hawaii and Alaska.
Your Role: We are seeking a skilled cyber security incident investigation lead. The position will provide the security investigations team the expertise in incident handling, in-depth analysis, forensics, advanced attack techniques and reconnaissance techniques. The ideal candidate will have experience in documenting investigations and providing clear evidence-based decisions within an investigation.
Your Work:
• Lead security investigations in collaboration with SOC personnel, ensuring deeper potential threats and root causes are thoroughly explored.
• Strong leadership skills and the ability to inform others during the incident and crisis management processes
• Expertise across multiple operating systems on host-based forensic processes
• Able to evaluate correlation rules and outcomes via security information and event management (SIEM) and security orchestration, automation, and response (SOAR) platforms.
• Expertise on network traffic patterns associated to attacks and expected sources for those patterns
• Technical understanding of current cybersecurity threats and trends.
• Familiarity with and contribution to the detection engineering process
• Excellent communication (oral and written), interpersonal, organizational, and presentation skills
Required Experience, Education and Skills
• Bachelor's degree in computer science, Information Technology, or a related field
• Significant equivalent work experience will be considered
• 10+ years of IT and relevant security experience
• 6+ years of experience leading or serving as a member of a CERT or other similar function
• Knowledge of current and emerging technologies and tactics used within a SOC and how they can be applied to improve efficiency and effectiveness
• Understanding of the information security industry and the current threat landscape
What would make us excited about you?
• Actively shapes our company culture (e.g., supporting employee resource groups, mentoring employees, volunteering, joining cross-functional projects)
• Champions our cultural norms (e.g., willing to have cameras when it matters: helping onboard new team members, building relationships, etc.)
• Demonstrates a company ownership mindset, thinking beyond boundaries of their own area
• Travels as needed for role, including divisional / team meetings and other in-person meetings
• Fulfills business needs, which may include investing extra time, helping other teams, etc
CSAA IG Careers
At CSAA IG, we're proudly devoted to protecting our customers, our employees, our communities, and the world at large. We are on a climate journey to continue to do better for our people, our business, and our planet. Taking bold action and leading by example. We are citizens for a changing world, and we continually change to meet it.
Join us if you...
• BELIEVE in a mission focused on building a community of service, rooted in inclusion and belonging.
• COMMIT to being there for our customers and employees.
• CREATE a sense of purpose that serves the greater good through innovation.
Recognition: We offer a total compensation package, performance bonus, 401(k) with a company match, and so much more! Read more about what we offer and what it is like to be a part of our dynamic team at [https://careers.csaa-insurance.aaa.com/us/en/benefits](https://careers.csaa-insurance.aaa.com/us/en/benefits)
In most cases, you will have the opportunity to choose your preferred working location from the following options when you join CSAA IG: remote, hybrid, or in-person. Submit your application to be considered. We communicate via email, so check your inbox and/or your spam folder to ensure you don't miss important updates from us.
If a reasonable accommodation is needed to participate in the job application or interview process, please contact TalentAcquisition@csaa.com.
As part of our values, we are committed to supporting inclusion and diversity at CSAA IG. We actively celebrate colleagues' different abilities, sexual orientation, ethnicity, and gender. Everyone is welcome and supported in their development at all stages in their journey with us.
We are always recruiting, retaining, and promoting a diverse mix of colleagues who are representative of the U.S. workforce. The diversity of our team fosters a broad range of ideas and enables us to design and deliver a wide array of products to meet customers' evolving needs.
CSAA Insurance Group is an equal opportunity employer.
If you apply and are selected to continue in the recruiting process, we will schedule a preliminary call with you to discuss the role and will disclose during that call the available salary/hourly rate range based on your location. Factors used to determine the actual salary offered may include location, experience, or education.
Must have authorization to work indefinitely in the US.
While we prefer your work location be in the Phoenix metropolitan area, we are also open to hiring for this role remote anywhere in the United States with the following exceptions: Hawaii and Alaska.
Job Information
Job Category:
Information Technology
Spotlight
Employer
Related jobs
Associate Roving Personal Banker Westside
Wells Fargo
Why Wells Fargo:Are you looking for more? Find it here. At Wells Fargo, we're more than a financial services leader – we’re a global trailblazer committed to driving innovation, empowering communi...
Jul 12, 2025
SANTA MONICA, CA
Associate Roving Personal Banker Westside
Wells Fargo
Why Wells Fargo:Are you looking for more? Find it here. At Wells Fargo, we're more than a financial services leader – we’re a global trailblazer committed to driving innovation, empowering communi...
Jul 12, 2025
LOS ANGELES, CA
Associate Roving Personal Banker Westside
Wells Fargo
Why Wells Fargo:Are you looking for more? Find it here. At Wells Fargo, we're more than a financial services leader – we’re a global trailblazer committed to driving innovation, empowering communi...
Jul 12, 2025
PACIFIC PALISADES, CA
