Who We Are

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for nine consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

What We Do

Responsible for leading the Information Security Incident Response program initiatives, including protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

This role will be hybrid two days a week onsite in Santa Ana, CA.

What You’ll Bring

• Acting as the top technical manager for the people, processes, and technology related to First American’s Security Operations Center (SOC). Responsible for developing and maturing processes to proactively monitor, detect, and respond to security threats, including the ongoing refinement and enhancements of security controls and configurations for security monitoring systems.
• Oversee the monitoring of information security systems, alerts and indicators of compromise used to protect the enterprise from attacks and identify compromised systems.
• Leads incident response actions to protect the company and address cyber threats while ensuring proper adherence to policies and procedures.
• Organizes and, where necessary, participates in an on-call rotation to ensure 24/7 monitoring and incident response.
• Provides leadership by instructing, mentoring, and training team members as they learn processes, develop their skills, and grow their knowledge.
• Work proactively to identify, develop, and implement incident response processes and procedures to mitigate security risks including enhancing the incident response plan and associated incident response playbooks.
• Manage relationships with Security Services Providers to monitor, detect, and respond to security incidents.
• Leads efforts to tune threat detection logic and prioritize alerts to ensure security related events are properly identified.
• Leads and manages the execution of activities in the areas of incident response, risk identification, analysis, classification, and mitigation strategies.
• Advise customers on security requirements, internal security policies, and security best practices.
• Conducts risk assessments, interviewing internal and external customers, to gain technical knowledge of systems and security/compliance requirements.
• Creates reports; researches and analyzes data, report trends and vital information to senior management/business partner.
• Keeps abreast of industry advancements and incorporates that knowledge into daily work activities.
• Research and stay abreast of emerging technologies, new vulnerabilities and exploits that may compromise internal systems.
• Track, analyze, and report security metrics and propose counter measures to address security trends that are not in line with company’s desire risk profile.
• Develops and maintains a holistic view of Information Technology and business acumen to align pragmatic and forward-looking information security practices and architectural design to advance business goals.
• Uses skills as a seasoned, experienced professional with a full understanding of industry practices and established policies and procedures.
• Troubleshoots and guides team members on a wide variety of complex problems and identifies solutions within broad application and functional expertise.
• Sets objectives for project goals and other team members and monitors progress to achieve goals.
• Drives enhancements to department processes and procedures.
• Negotiates, persuades, and gains consensus from cross functional team(s).
• Contribute to the evaluation, testing and implementation of new security systems and processes.
• Assist internal and external auditing entities and disaster recovery activities as needed.
• Develops and maintains documentation for all assigned responsibilities.
• Required to perform duties outside of normal work hours based on business needs.

What You’ll Bring:

Knowledge and Skills/Technology Used, Job Complexities, Impact

• Must have hands-on working knowledge of security incident response tools such as SIEM, SOAR, EDR/XDR, Identity Threat Detection, and Network Threat Detection technologies.

• Experience leading a Security Operations Center (SOC) environment, analyzing alerts from various systems such as SIEM, Cloud Services, Email Security Gateways, Endpoint Security.

• Deep analytical skills and capabilities

• Proven leadership skills and is results focused

• Ability to organize, plan and carry out assignments with minimal supervision/direction.

• Experience in implementing Information Security technologies and/or processes

• Experience in product evaluations and analysis

• Excellent written and verbal communication skills up to and including executive leadership

• Excellent interpersonal, relationship-building and teamwork skills

• Self-motivated; self-starter

• Ability to manage multiple tasks, respond quickly to emergent problems, and focus both on long-range projects and immediate tasks

• Proficient in Microsoft Word, Excel and PowerPoint

• Generally, requires a BS Degree in Computer Science, Information Technology, Cybersecurity, or equivalent work experience

• Must have minimum 5 years information security experience

• 5+ years of consecutive hands-on experience working in a SOC environment, utilizing industry leading network security monitoring technologies, application, web, database and Security Event and Information Management (SIEM), IDS/IPS, endpoint, email security gateways and DLP technologies.

• GIAC, CEH, OSCP, CISSP, CISM preferred

Pay Range: $126,100- $168,100.00 annually

This hiring range is a good faith and reasonable estimate of the salary range of possible compensation at the time of the posting and is subject to change. The actual compensation offered will be determined by various factors, which may include a candidate’s education, training, experience, and geographic location.

#LI-BH1

#techreferral

What We Offer

By choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.