Principal Threat Detection Engineer

Cybersecurity Analyst

RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 500 Company and listed among its World’s Most Admired Companies, we’re the only global reinsurance company to focus primarily on life- and health-related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all.

Responsible for owning, creating and executing standards, procedures, and processes that manage, mitigate, and reduce the risk of cyberattacks against RGA. Provide leadership and accountability for project and service delivery. Deliver measurable, cross organizational, impactful projects. Enable global Security Operations by delivering operations, development, and engineering.

What you will do:

• If required, participate in a 24/7 on-call rotation, alert triage, investigation
• Accountable for team level ownership of one or more of the following functions: incident response, threat detection, offensive security
• Lead the development of orchestrations and automations that significantly reduce manual tasks
• Perform expert-level intrusion and/or defensive analysis
• Responsible for security related audit/compliance/risk-reduction efforts for the team
• Own and deliver offensive and/or defensive security tooling development, testing, and management. Responsible for team-level logging requirements to better detect and respond to security threats
• Provide mentorship and guidance to junior team members
• Develop and deliver metrics/reports at an Organizational, Company, and/or Executive level
• Develop and implement cross team functions and process for internal stakeholders and external reporters (partners, vendors, governments, individuals)
• Own and deliver team level projects that drive down the overall risk and/or impact of a cybersecurity incident

Qualifications:

• Master’s degree in Arts/Sciences (MA/MS) or equivalent experience required
• 8+ years of experience in one or more areas: incident response, security engineering, offensive security, threat emulation, penetration testing, or security operations required
• 5+ years experience creating automation/workflows to scale security operations required
• Strong experience identifying and addressing telemetry gaps in security monitoring required
• Experience developing and supporting cybersecurity metrics and reporting to support security operations required
• Experience developing and leading purple team exercises, including supporting risk hunting, telemetry validation, and detection efficacy required
• 10+ years of relevant experience preferred
• Ability to lead complex incidents and evolve strategies based on new information required
• Advanced analytical skills with the ability to investigate network, host, cloud and identity platforms required
• Ability to work independently, and lead team members, within a globally distributed environment required
• Strong written and verbal communications skills with the ability to effectively collaborate with partner teams required
• Ability to quickly adapt to new methods, work under tight deadlines and stressful conditions required
• Advanced investigative, analytical and problem solving skills required
• Advanced ability to set goals and handle multiple tasks, clients, and projects simultaneously required
• Ability to appropriately balance priorities, deadlines, and deliverables required
• Advanced ability to translate business needs and problems into viable/accepted solutions required
• Technical Requirements: Windows, Mac, and Linux internals, Scripting (Powershell/Python/Javascript/Typescript), Forensic tools (FTK, Encase, X-Ways, SIFT), Cloud computing (AWS), M365 suite and ecosystem, Microsoft domain environments, IAM/AAA technologies and architectures (Active Directory, Okta, OpenID, SAML, Oauth, JWT), Physical and Virtual networking technologies and architecture, Physical and Virtual networking defensive technologies, SIEM (Splunk), EDR (CrowdStrike, Microsoft Defender), Threat Intelligence Platforms and Feeds, Email architecture and security, DNS architecture and security required
• Industry-level contributions (conferences, publications, tooling, seminars) preferred
• Technical Requirements: Cloud Computing (GCP, Azure), Forensic tools (FTK, Encase, X-Ways, SIFT), Service Now preferred
• Professional Industry certification preferred

What you can expect from RGA:

• Gain valuable knowledge from and experience with diverse, caring colleagues around the world.
• Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.
• Join the bright and creative minds of RGA, and experience vast, endless career potential.

Compensation Range: $123,500.00 - $184,050.00 Annual Base pay varies depending on job-related knowledge, skills, experience and market location. In addition, RGA provides an annual bonus plan that includes all roles and some positions are eligible for participation in our long-term equity incentive plan. RGA also maintains a full range of health, retirement, and other employee benefits.

RGA is an equal opportunity employer. Qualified applicants will be considered without regard to race, color, age, gender identity or expression, sex, disability, veteran status, religion, national origin, or any other characteristic protected by applicable equal employment opportunity laws.