CSAA Insurance Group, a AAA Insurer

Compensation

Full Description

External candidates: In order for your application to be correctly processed please sign-in before you apply Internal candidates: Please go to Workday and click "Find Jobs" link under Career Thank you for considering opportunities with us! Job Title IT Security Analyst IV - Remote Requisition Number R7602 IT Security Analyst IV - Remote (Open) Location Glendale, Arizona Additional Locations Arizona - Home Teleworkers, District of Columbia - Home Teleworkers, Pennsylvania - Home Teleworkers, Texas - Home Teleworkers Job Information CSAA Insurance Group (CSAA IG), a AAA insurer, is one of the leading personal lines property and casualty insurance groups in the United States. Here, every employee shapes our mission. We build innovative, human-centered solutions that help AAA members prevent, prepare for, and recover from life's uncertainties. You will join a collaborative, inclusive culture where your strengths have room to grow and your ideas can drive real impact. Step into a role where you can contribute to our shared success through meaningful work. We are actively hiring for an IT Security Analyst IV - Remote! Your Role: The CSAA Security Operations Team is responsible for developing intelligence on advanced cyber threats to our services and our customers. We collect indicators and intelligence from a variety of internal and external sources and use that information to develop an understanding of high-grade actors and their tools, techniques, and procedures. We then bring to bear that understanding to purposefully identify and mitigate malicious activity. We are seeking a skilled Security Operations Center analyst with experience across the full incident response lifecycle and deep expertise in detection engineering, alert development, purple team collaboration, and security reporting. This role emphasizes building high-fidelity detections, leading purple team exercises with supporting log source validation, and contributing to incident response, threat hunting, and security operations across both cloud and on-prem environments. Your Work: Participate in and lead incident response, triage, and investigations by performing systematic analysis of security events and indicators of compromise to identify malicious activity, potential threats, and vulnerabilities. Conduct post-incident analysis to identify root causes and recommend preventative measures Create incident reports and documentation for stakeholders. Design, develop, and maintain high-fidelity security detections aligned to adversary behaviors (e.g., MITRE ATT&CK), while performing ongoing detection gap analysis and recommending new detections based on emerging threats and attack techniques. Tune and optimize security detections and alerts to improve signal quality, reduce false positives, and ensure actionable outcomes for the SOC. Document detection logic, data dependencies, assumptions, and response guidance to support long-term maintainability and SOC effectiveness. Provide technical guidance and mentorship to junior SOC analysts during investigations and detection development efforts. Lead purple team efforts to test adversary techniques, validate existing detections, identify gaps, and inform the development of new or improved security alerts. Proactively conduct threat hunting to identify malicious activity and assess the effectiveness of security controls. Leverage threat intelligence to inform detection development, threat hunting, and incident response activities. Lead SOC project efforts and coordinate with other cyber security groups to elevate the organization's security posture Identify opportunities to improve security processes and technologies Participate in on-call rotation to respond to critical security events Participate in knowledge sharing and training initiatives Able to multitask and prioritize Required Experience, Education and Skills 6+ years of IT experience 4+ years of experience in Cyber Security or related field Bachelor’s degree in computer science, Information Technology, or a related field or an equivalent combination of education and experience Demonstrated experience across the full incident response lifecycle, including detection, analysis, containment, eradication, recovery, and post-incident reporting. Hands-on experience with security technologies such as SIEM, EDR, email security, CNAPP, and NDR platforms. Strong experience of designing, building, and tuning security detections within SIEM solutions. Experience participating in or supporting purple team exercises or adversary simulation activities. Solid understanding of current and emerging SOC technologies, attacker tactics, and defensive techniques, and how they can be applied to improve SOC effectiveness and efficiency Strong understanding of the information security industry and the evolving threat landscape. Experience working with cloud infrastructure and technologies, alongside traditional on-prem environments. What would make us excited about you? A team player who values knowledge sharing and collaboration. A mentoring/leadership background including mentoring other analysts and orchestrating team efforts for problem solving You think in adversary behaviors, not just alerts, and design detections mapped to frameworks like MITRE ATT&CK. You bring a continuous improvement mindset, regularly refining detections, processes, and playbooks based on real incidents and testing. You can translate complex technical findings into clear, actionable reporting for both technical and non-technical audiences. Familiarity with Windows, Mac, and Linux capabilities Strong knowledge of security frameworks (MITRE ATT&CK, NIST CSF, CIS Benchmarks) Strong verbal/written communication and interpersonal skills Knowledge of Incident response frameworks (SANS/NIST) Actively shapes our company culture (e.g., participating in employee resource groups, volunteering, etc.) Lives into cultural norms (e.g., willing to have cameras when it matters: helping onboard new team members, building relationships, etc.) Travels as needed for role, including divisional / team meetings and other in-person meetings Fulfills business needs, which may include investing extra time, helping other teams, etc Please note we are hiring for this role remote anywhere in the United States with the following exceptions: Hawaii and Alaska. #LI-SB1 Why Choose a Career at CSAA IG? At CSAA IG, we are a mission-driven organization proudly committed to empowering our members, our employees, and our communities to thrive. Recognition: We offer a total compensation package, annual bonus eligibility for most roles, 401(k) with a company match, and so much more! Read more about what we offer and what it is like to be a part of our dynamic team at https://careers.csaainsurance.aaa.com/us/en/benefits. Career Growth: We believe in growth for everyone. Here at CSAA IG, leaders and mentors partner with employees to align interests, unlock development opportunities, and support long‑term success. Flexible Workplace: We embrace a remote-first culture through our Flexible Workplace. Most employees hold Home-Flex roles, working primarily from home, often with the flexibility to work from various locations including CSAA offices. Our flexible workplace empowers you to balance remote work with intentional in‑person moments that deepen connection and collaboration. Inclusion and Belonging: An inclusive and welcoming workplace is the cornerstone of our success. By fostering an environment where people feel valued and heard, we deepen our ability to understand and meet the unique needs of our members. This strengthens innovation and enhances our products and services, giving us a competitive edge in the market. Sustainability: As climate change leads to more frequent and severe weather events, we are taking bold action to build more resilient communities and reduce our environmental impact. Submit your application to be considered. We communicate via email, so check your inbox and/or your spam folder to ensure you don’t miss important updates from us. CSAA is committed to providing reasonable accommodations to qualified applicants and employees with disabilities or other limitations. If you would like to request an accommodation to participate in the job application or interview process, please contact TalentAcquistion@csaa.com If you apply and are selected to continue in the recruiting process, we will schedule a preliminary call with you to discuss the role and will disclose during that call the available salary/hourly rate range based on your location. Factors used to determine the actual salary offered may include location, experience, or education. CSAA does not provide visa sponsorship for this role. Applicants must have authorization to work indefinitely in the US. Please do not apply for this role if at any time (now or in the future) you will need immigration support (i.e., H-1B, TN, STEM OPT Training Plans, etc.). CSAA Insurance Group is an equal opportunity employer. . About CSAA Insurance Group CSAA Insurance Group, a AAA insurer, offers automobile, homeowners and other personal lines of insurance to AAA members through AAA clubs in 23 states and the District of Columbia. Founded in 1914, the company has been rated “A” or better by A.M. Best for more than 90 years, and is one of the top personal lines property casualty insurance groups in the United States, according to the National Association of Insurance Commissioners. Headquartered in Walnut Creek, California, we have more than 3,800 employees located primarily in Arizona, California, Colorado, Nevada, New Jersey, and Oklahoma. Guided by the mission to create AAA members for life by fulfilling our promise to be there when they need us, our employees are deeply committed to building relationships and exceptional service. We are proud of our values-based culture and are frequently recognized as a leader in employee professional development, corporate responsibility, diversity and wellness. We are “A community that works.” Top 100 for Leadership Development in Leadership Excellence magazine Perfect score in the Human Rights Campaign’s corporate equality index Gold-Level Fit-Friendly Award from the American Heart Association Repeatedly one of 50 most community-minded companies in the U.S. by Points of Light For more information on CSAA Insurance Group, please visit www.csaa-insurance.aaa.com About AAA The American Automobile Association (AAA) is a federation of approximately 40 automobile clubs serving more than 56 million members. The auto clubs provide a range of services, including emergency roadside service, remote battery delivery and selected DMV services to its members. The AAA Federation owns and manages the AAA brand, licensing the AAA brand to member clubs. In 2011, CSAA Insurance Group separated from the AAA of Northern California, Nevada and Utah club, reflecting its coast-to-coast operations. Under its brand license with the AAA Federation, CSAA Insurance Group has the rights to call itself “a AAA insurer,” to sell “AAA Insurance” and to use the AAA logo. The AAA logo is one of the most recognized brands in the country, providing member clubs and CSAA Insurance Group with immediate recognition and credibility. For more information on AAA, please visit www.aaa.com