- Senior
You desire impactful work.
You’re RGA ready
RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 500 Company and listed among its World’s Most Admired Companies, we’re the only global reinsurance company to focus primarily on life- and health-related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all.
A Brief Overview
Responsible for driving, developing and executing standards, procedures, and processes to monitor, maintain, and create new detections. Leads and manages telemetry health monitoring to ensure existing monitoring/alerts are performing as intended. Enable global Security Operations by participating in on-call rotations, alert triage, investigations, and engineering.
What you will do
- Participates in 24/7 on-call rotation, alert triage, and investigations
- Own and drive portions of the Incident Response Lifecycle (readiness, training, response, command, post-mortem)
- Utilizing CI/CD pipeline, leads monitoring, maintaining, and optimizing existing detections to ensure high fidelity and low noise detections, inclusive of Detection Playbooks.
- Supports the validation of security telemetry health and the identification of gaps in telemetry that may introduce risk to the organization. Drives and develops processes and standards for validation of security telemetry.
- Drives, develops, and supports efforts to identify and close detection and telemetry gaps.
- Leads and contributes to purple team exercises for Monitoring and Detection by assisting with hunt, data and detection validation.
- Leads metric and reporting initiatives to drive strategic business decisions and leadership situational awareness.
- Leads systemic issue mitigation initiatives across GSO.
- Leads purple team engagements for the SOC tracking findings and ensuring actionable detections and telemetry improvements.
- Acts as technical leader within the team in the areas of detection engineering, telemetry validation, and investigation.
- Perform other duties as assigned.
Qualifications
Bachelor’s degree or equivalent experience
Required
- 5+ years of hands-on experience in a Security Operations Center (SOC) or similar environment, with a focus on incident response, threat investigations or detection development
- 5+ years of experience assessing security telemetry to identify and close visibility gaps to improve detection and investigation fidelity.
- Advanced analytical skills with the ability to investigate activity across network, host, cloud, and identify platforms.
- Thrives working in a globally distributed team environment
Strong written and verbal communications skills with the ability to effectively collaborate with partner teams - 5+ years of experience contributing to purple team exercises, including supporting risk hunting, telemetry validation, and detection efficacy
- Experience developing and supporting cybersecurity metrics and reporting to support security operations.
- 5+ years experience creating automationworkflows to scale security operations
Ability to quickly adapt to new methods, work under tight deadlines and stressful conditions - 5+ experience designing and implementing automation and workflows to scale security operations
- Demonstrated ability to manage multiple priorities and deadlines in alignment with business needs, while maintaining a strong security posture and delivering high-quality deliverables
- Advanced ability to translate business needs and problems into viable/accepted solutions
- Deep understanding of industry best practice for security concepts around NIST frameworks.
Technical Requirements
- General knowledge of SIEM/SOAR technology (Splunk, CrowdStrike, Sentinel, etc.)
- EDR Platforms (CrowdStrike, Microsoft Defender, etc.)
- Network and client / server technologies and standards
- Malware prevention and remediation
- Advanced knowledge of Cloud Computing Security (AWS, Azure, GCP)
- AM/AAA technologies and architectures (Entra/Active Directory, Okta, OpenID, SAML, Oauth, JWT, LDAP)
- M365 Suite and Environments
- Forensic tools (FTK, Encase, X-Ways, SIFT)
- ServiceNow
- Advanced email security concepts
What you can expect from RGA:
Gain valuable knowledge from and experience with diverse, caring colleagues around the world.
Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.
Join the bright and creative minds of RGA, and experience vast, endless career potential.
