IT Security Analyst IV - Remote

IT Security Analyst IV

• Remote Hope Hull, AL Job Details Full-time $122,850
• $164,000 a year 6 days ago Benefits 401(k) matching Qualifications Bachelor's degree in information technology Computer Science Technical documentation Process improvement Gap analysis Windows Incident response Bachelor's degree NIST standards Intelligence analysis Mentoring Incident Investigation mac

OS IT SIEM

Linux Threat intelligence Training & development

MITRE ATT&CK

Root cause analysis Senior level 4 years Bachelor's degree in computer science Project leadership Leadership Communication skills Cloud services Information Technology IT security monitoring Full Job Description External candidates: In order for your application to be correctly processed please sign-in before you apply Internal candidates: Please go to Workday and click "Find Jobs" link under Career Thank you for considering opportunities with us! Job Title IT Security Analyst IV

• Remote Requisition Number

R7602 IT

Security Analyst IV

• Remote (Open) Location Glendale, Arizona Additional Locations Arizona
• Home Teleworkers, District of Columbia
• Home Teleworkers, Pennsylvania
• Home Teleworkers, Texas
• Home Teleworkers Job Information CSAA Insurance Group (CSAA IG), a AAA insurer, is one of the leading personal lines property and casualty insurance groups in the United States.

Here, every employee shapes our mission. We build innovative, human-centered solutions that help AAA members prevent, prepare for, and recover from life's uncertainties. You will join a collaborative, inclusive culture where your strengths have room to grow and your ideas can drive real impact. Step into a role where you can contribute to our shared success through meaningful work. We are actively hiring for an IT Security Analyst IV

• Remote!

Your Role:

The CSAA Security Operations Team is responsible for developing intelligence on advanced cyber threats to our services and our customers. We collect indicators and intelligence from a variety of internal and external sources and use that information to develop an understanding of high-grade actors and their tools, techniques, and procedures. We then bring to bear that understanding to purposefully identify and mitigate malicious activity. We are seeking a skilled Security Operations Center analyst with experience across the full incident response lifecycle and deep expertise in detection engineering, alert development, purple team collaboration, and security reporting. This role emphasizes building high-fidelity detections, leading purple team exercises with supporting log source validation, and contributing to incident response, threat hunting, and security operations across both cloud and on-prem environments.

Your Work:

Participate in and lead incident response, triage, and investigations by performing systematic analysis of security events and indicators of compromise to identify malicious activity, potential threats, and vulnerabilities. Conduct post-incident analysis to identify root causes and recommend preventative measures Create incident reports and documentation for stakeholders. Design, develop, and maintain high-fidelity security detections aligned to adversary behaviors (e.g., MITRE ATT&CK), while performing ongoing detection gap analysis and recommending new detections based on emerging threats and attack techniques. Tune and optimize security detections and alerts to improve signal quality, reduce false positives, and ensure actionable outcomes for the SOC. Document detection logic, data dependencies, assumptions, and response guidance to support long-term maintainability and SOC effectiveness. Provide technical guidance and mentorship to junior SOC analysts during investigations and detection development efforts. Lead purple team efforts to test adversary techniques, validate existing detections, identify gaps, and inform the development of new or improved security alerts. Proactively conduct threat hunting to identify malicious activity and assess the effectiveness of security controls. Leverage threat intelligence to inform detection development, threat hunting, and incident response activities. Lead SOC project efforts and coordinate with other cyber security groups to elevate the organization's security posture Identify opportunities to improve security processes and technologies Participate in on-call rotation to respond to critical security events Participate in knowledge sharing and training initiatives Able to multitask and prioritize Required Experience, Education and Skills 6+ years of IT experience 4+ years of experience in Cyber Security or related field Bachelor's degree in computer science, Information Technology, or a related field or an equivalent combination of education and experience Demonstrated experience across the full incident response lifecycle, including detection, analysis, containment, eradication, recovery, and post-incident reporting. Hands-on experience with security technologies such as SIEM, EDR, email security, CNAPP, and NDR platforms. Strong experience of designing, building, and tuning security detections within SIEM solutions. Experience participating in or supporting purple team exercises or adversary simulation activities. Solid understanding of current and emerging SOC technologies, attacker tactics, and defensive techniques, and how they can be applied to improve SOC effectiveness and efficiency Strong understanding of the information security industry and the evolving threat landscape. Experience working with cloud infrastructure and technologies, alongside traditional on-prem environments. What would make us excited about you? A team player who values knowledge sharing and collaboration. A mentoring/leadership background including mentoring other analysts and orchestrating team efforts for problem solving You think in adversary behaviors, not just alerts, and design detections mapped to frameworks like

MITRE ATT&CK.

You bring a continuous improvement mindset, regularly refining detections, processes, and playbooks based on real incidents and testing. You can translate complex technical findings into clear, actionable reporting for both technical and non-technical audiences. Familiarity with Windows, Mac, and Linux capabilities Strong knowledge of security frameworks (MITRE

ATT&CK, NIST CSF, CIS

Benchmarks) Strong verbal/written communication and interpersonal skills Knowledge of Incident response frameworks (SANS/NIST) Actively shapes our company culture (e.g., participating in employee resource groups, volunteering, etc.) Lives into cultural norms (e.g., willing to have cameras when it matters: helping onboard new team members, building relationships, etc.) Travels as needed for role, including divisional / team meetings and other in-person meetings Fulfills business needs, which may include investing extra time, helping other teams, etc. Please note we are hiring for this role remote anywhere in the United States with the following exceptions: Hawaii and Alaska. Why Choose a Career at CSAA IG? At CSAA IG, we are a mission-driven organization proudly committed to empowering our members, our employees, and our communities to thrive .

Recognition:

We offer a total compensation package, annual bonus eligibility for most roles, 401(k) with a company match, and so much more! Read more about what we offer and what it is like to be a part of our dynamic team at https://careers.csaainsurance.aaa.com/us/en/benefits.

Career Growth:

We believe in growth for everyone. Here at CSAA IG, leaders and mentors partner with employees to align interests, unlock development opportunities, and support long‑term success.

Flexible Workplace:

We embrace a remote-first culture through our Flexible Workplace. Most employees hold Home-Flex roles, working primarily from home, often with the flexibility to work from various locations including CSAA offices. Our flexible workplace empowers you to balance remote work with intentional in‑person moments that deepen connection and collaboration.

Inclusion and Belonging:

An inclusive and welcoming workplace is the cornerstone of our success. By fostering an environment where people feel valued and heard, we deepen our ability to understand and meet the unique needs of our members. This strengthens innovation and enhances our products and services, giving us a competitive edge in the market.

Sustainability:

As climate change leads to more frequent and severe weather events, we are taking bold action to build more resilient communities and reduce our environmental impact. Submit your application to be considered. We communicate via email, so check your inbox and/or your spam folder to ensure you don't miss important updates from us. CSAA is committed to providing reasonable accommodations to qualified applicants and employees with disabilities or other limitations. If you would like to request an accommodation to participate in the job application or interview process, please contact If you apply and are selected to continue in the recruiting process, we will schedule a preliminary call with you to discuss the role and will disclose during that call the available salary/hourly rate range based on your location. Factors used to determine the actual salary offered may include location, experience, or education. CSAA does not provide visa sponsorship for this role. Applicants must have authorization to work indefinitely in the US. Please do not apply for this role if at any time (now or in the future) you will need immigration support (i.e., H-1B, TN, STEM OPT Training Plans, etc.). CSAA Insurance Group is an equal opportunity employer. #LI-SB1 . The national average salary range for this position is $122,850.00

• 136,500.00. However, we have a location-based compensation structure. Our salary ranges vary and are calculated based on work location. The starting pay range for this position across all the states we hire in is $122,850.00
• 164,000.

00. This role also includes an opportunity for a company-wide annual discretionary bonus, through our Annual Incentive Plan (AIP), of up to 10% of eligible pay. This job posting will be unposted on Mon, 13 Apr 2026.