Senior Security Engineer - Cyber Defense (Remote Eligible)

Who We Are

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for ten consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

What We Do

The Senior Security Engineer would be responsible for supporting the Cyber Defense program initiatives within the Security Operations Center (SOC), including protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

For local candidates, this role will be onsite in Santa Ana three days per week.

What You'll Do

• Analyze threat intelligence data to understand adversary tactics, techniques, and procedures (TTPs).
• Rapidly analyze threat intelligence information within the context of the organization to assess potential risks, impact, and prioritize Security Incidents or important threat intelligence.
• Conduct threat hunting activities to identify and mitigate cyber threats.
• Collaborate with internal teams to enhance threat detection and response capabilities.
• Monitor and analyze security alerts from various sources to identify potential threats.
• Provide recommendations for improving security posture based on threat intelligence and hunt findings.
• Act as a senior technical resource in developing processes to proactively monitor, detect, and respond to security threats, including the ongoing refinement and enhancements of security controls and configurations for security monitoring systems.
• Monitor information security systems, alerts and indicators of compromise used to protect the network from attacks and identify compromised systems.
• Collaborate with Incident Responders to identify, develop, and implement incident response processes and procedures to mitigate security risks.
• Lead, develop, and mature the cyber threat intelligence function of the SOC.
• Identify, advise and contribute to system and alert tuning to ensure security related events are properly prioritized and addressed.
• Contribute to the ongoing development and enhancement of Cyber Threat Intelligence handling and associated CTI playbooks.
• Contribute to the execution activities in the areas of security risk identification, analysis, classification, and mitigation strategies.
• Advise customers on security requirements, internal security policies, and security best practices.
• Provide training and support related to security incidents, intelligence, and requests to other members on the team.
• Identify/receive problem, research alternatives, prepare analysis and determine best remediation actions to address issues at hand.
• Conduct risk assessments, interview internal and external customers to gain technical knowledge of security/compliance requirements.
• Develop and maintain threat intelligence reports and briefings; research and analyze data, report trends and vital information to management/business partner.
• Keep abreast of industry advancements and incorporate that knowledge into daily work activities.
• Research and stay abreast of emerging technologies, new vulnerabilities and exploits that may compromise internal systems.
• Track, analyze, and report security metrics and propose counter measures to address security trends that are not in line with company’s desire risk profile.
• Contribute to the evaluation, testing and implementation of new security systems and processes.
• Asist internal audit and disaster recovery activities as needed.
• Develop and maintain documentation for all assigned responsibilities.
• Required to perform duties outside of normal work hours based on business needs.

What You'll Bring

• Familiar working in a Security Operations Center (SOC) environment, using and analyzing alerts from various systems such as SIEM, Cloud Services, Email Security Gateways, Endpoint Security.
• Knowledge of query languages for the purposes of AD-Hoc threat hunting, confirming detection controls, and deploying new use cases in response to emerging threats
• Understanding of operational security best practices and use of common security technologies
• Experience in implementing Information Security technologies and/or processes
• Experience collecting, analyzing, and actioning cyber threat intelligence
• Experience delivering cyber threat intelligence briefings to various audiences
• Experience in product evaluations and analysis
• Excellent written and verbal communication skills
• Excellent interpersonal, relationship-building and teamwork skills
• Self-motivated; self-starter
• Ability to manage multiple tasks, respond quickly to emergent problems, and focus both on long-range projects and immediate tasks
• Proficient in Microsoft Word, Excel and PowerPoint
• Generally, requires a BS Degree in Computer Science, Information Technology, Telecommunications, or Electrical Engineering, or equivalent work experience
• Must have minimum 5+ years information security experience
• 2+ years of consecutive hands-on experience working in a SOC environment, utilizing industry leading network security monitoring technologies, application, web, database and Security Event and Information Management (SIEM), IDS/IPS, endpoint, email security gateways and DLP technologies.
• Certifications: Security+, GIAC, CEH, OSCP, CISSP preferred

Pay Range: $112,400.00 - $149,800.00 AnnuallyThis hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.

** Note that the following statements only apply to candidates who will be working from an unincorporated area within Los Angeles County. **

First American will consider for employment all qualified applicants, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws (e.g., the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act).

First American intends to conduct a review of an applicant’s criminal history in connection with a conditional offer. First American reasonably believes that a criminal history may have a direct, adverse and negative relationship with the following material job duties for this position potentially resulting in the withdrawal of the conditional offer of employment: handling of confidential, proprietary or trade secret information belonging to First American or its customers, administrating or facilitating financial transactions, and the ability to meet customer-imposed criminal history requirements.

What We Offer

By choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.