The TIAA Detection & Response Team is seeking a Tier 2 Senior Incident Response Specialist to participate in the day-to-day operations of its detection team and assist in the training and mentorship of junior analyst. The incumbent will be responsible for developing and training junior staff and working with management and business partners to identify and close gaps in visibility. In addition, the incumbent will provide senior support in the analysis of security events, investigating potentially compromised endpoints, and driving security incidents to resolution.

Key Responsibilities and Duties

• Train, mentor, and assist in the development of other security analysts within the Detection & Response Team.
• Develop and maintain standard operating procedures, use cases, and other documentation to reflect day-to-day security operations.
• Provide Quality assurance on Tier 1 security events and incidents ensuring that the proper investigation requirements are met, evidence is captured, and investigation conclusions come to a substantiated closure.
• Minimize the dwell time of threat actors by monitoring, triaging, and responding to security events; maintaining thorough documentation in the case management system; and coordinating investigation and remediation of security incidents.
• Actively threat hunting for and analyzing previously unidentified threats in the environment, with little-to-no direction; documenting indicators and other TTPs in order to detect the identified threat actor activity.

Educational Requirements

• University (Degree) Preferred

Work Experience

• 3+ Years Required; 5+ Years Preferred

Physical Requirements

• Physical Requirements: Sedentary Work

Career Level
7IC

Required Qualifications:

• 3 or more years in Information Technology or Information Security

Preferred Qualifications:

• Proficiency with Windows
• Familiarity with Linux
• Excellent verbal and written communication skills
• Ability to translate technical concepts to targeted business and senior level management
• Ability to effectively and efficiently collaborate with a diverse and geographically distributed team
• Familiarity with a broad range of security technologies and how they function, as well as non-security devices and how their log outputs can indicate security incidents
• Applied knowledge and understanding of regulatory compliance concerns, data protection and industry standard security and risk frameworks
• Strong Problem-Solving skillsExcel or other data mangling & visualization skills
• Splunk experience
• Knowledge of SQL, Python, and Bash
• Knowledge of scripting and/or programming concepts
• Ability to identify both tactical and strategic solutions

Related Skills
Accountability, Adaptability, Business Continuity Planning, Cloud Computing Security, Collaboration, Communication, Compliance, Consultative Communication, Cybersecurity, Detail-Oriented, General Risk Management, Network Security, Prioritizes Effectively
Anticipated Posting End Date:
2025-04-21
Base Pay Range: $80,700/yr. - $127,200/yr.
Actual base salary may vary based upon, but not limited to, relevant experience, time in role, base salary of internal peers, prior performance, business sector, and geographic location. In addition to base salary, the competitive compensation package may include, depending on the role, participation in an incentive program linked to performance (for example, annual discretionary incentive programs, non-annual sales incentive plans, or other non-annual incentive plans).

Company Overview
Every worker deserves a secure retirement. For more than 100 years, TIAA has delivered it for millions of people. Founded to help educators retire with dignity, today weʼre a market-leading retirement company fueled by world-class asset management. But weʼre not just another legacy financial services firm. Weʼre fighting harder than ever before for our clients and the many Americans who need us.
Benefits and Total Rewards
The organization is committed to making financial well-being possible for its clients, and is equally committed to the well-being of our associates. That’s why we offer a comprehensive Total Rewards package designed to make a positive difference in the lives of our associates and their loved ones. Our benefits include a superior retirement program and highly competitive health, wellness and work life offerings that can help you achieve and maintain your best possible physical, emotional and financial well-being. To learn more about your benefits, please review our
Benefits Summary
.
Equal Opportunity
We are an Equal Opportunity/Affirmative Action Employer. We consider all qualified applicants for employment regardless of age, race, color, national origin, sex, religion, veteran status, disability, sexual orientation, gender identity, or any other protected status.
Accessibility Support
TIAA offers support for those who need assistance with our online application process to provide an equal employment opportunity to all job seekers, including individuals with disabilities.
If you are a U.S. applicant and desire a reasonable accommodation to complete a job application please use one of the below options to contact our accessibility support team:
Phone: (800) 842-2755
Email:
accessibility.support@tiaa.org

• Train, mentor, and assist in the development of other security analysts within the Detection & Response Team.
• Develop and maintain standard operating procedures, use cases, and other documentation to reflect day-to-day security operations.
• Provide Quality assurance on Tier 1 security events and incidents ensuring that the proper investigation requirements are met, evidence is captured, and investigation conclusions come to a substantiated closure.
• Minimize the dwell time of threat actors by monitoring, triaging, and responding to security events; maintaining thorough documentation in the case management system; and coordinating investigation and remediation of security incidents.
• Actively threat hunting for and analyzing previously unidentified threats in the environment, with little-to-no direction; documenting indicators and other TTPs in order to detect the identified threat actor activity