Principal Lead Analyst, Detection & Response Team (DART)

Who We Are

At Corebridge Financial we believe action is everything. Thats why every day we partner with financial professionals and institutions to make it possible for more people to take action in their financial lives for today and tomorrow.

We align to a set of Values that are the core pillars that define our culture and help bring our brand purpose to life:

• We are stronger as one: We collaborate across the enterprise scale what works and act decisively for our customers and partners.
• We deliver on commitments: We are accountable empower each other and go above and beyond for our stakeholders.
• We learn improve and innovate: We get better each day by challenging the status quo and equipping ourselves for the future.
• We are inclusive: We embrace different perspectives enabling our colleagues to make an impact and bring their whole selves to work.

Who Youll Work With

The Information Technology organization is the technological foundation of our business and works in collaboration with our partners from across the company. The team drives technology and digital transformation partners with business leaders to design and execute new strategies through IT and operations services and ensures the necessary IT risk management and security measures are in place and aligned with enterprise architecture standards and principles.

About The Role

As thePrincipal Lead Analyst of DART you are the ultimate technical authority for cyber defense and incident response. This is a high-impact leadership role that combines elite-level technicalexpertisewith strategic vision. You will oversee the most complex security breaches drive the evolution of our threat-hunting program and mentor the next generation of responders. Youare responsible forensuring that the organization is not just ready for a crisis but resilient enough to withstand one.

This role partners closely with Cyber Intelligence Defense and Response Application Security and Cyber Resilience teams and supports incident response efforts as an expert resource on adversarial capabilities.

Responsibilities

Strategic Incident Command (Major Incidents)

• Incident Commander:Serve as the primary Incident Commander for all Tier 3/Critical-level events. You will direct the technical response across all workstreams (Forensics Network Cloud Legal and PR).
• Crisis Communication:Act as the technical voice for executive leadership. You must be able to translate complex exploit chains and technical risks into business-impact narratives for the C-Suite and Board of Directors.
• Adversary Emulation:Lead Purple Team exercises to test DARTs readiness against specific APT (Advanced Persistent Threat) groups and real-world attack scenarios.

Advanced Detection & Hunting Strategy

• Threat Hunting Architecture:Design and oversee the organizations long-term threat-hunting roadmap ensuring coverage across theMITRE ATT&CKframework for Cloud (Azure/AWS) Identity and On-Prem infrastructure.
• Detection Engineering Oversight:Collaborate with engineering teams to ensure that hunt findings are converted into high-fidelity automated detections and SOAR (Security Orchestration Automation and Response) workflows.
• Intelligence Integration:Direct the consumption of tactical and strategic Threat Intelligence to proactively harden the environment before a known threat actor targets the industry.

Technical Leadership & Mentorship

• Force Multiplier:Elevate the entire SOC/DART capability by providing technical mentorship to L1 and L2 analysts. Youare responsible forthe technical QA of the teams investigative output.
• Tooling & Innovation:Evaluate and select next-generation forensic and response technologies. You will drive the business case for new security investments.
• Post-Incident Strategy:Lead the Lessons Learned process for major incidents ensuring that root causes result in fundamental shifts in the enterprise security posture.

Skills and Qualifications

Technical Requirements

• Experience:8 years in Cybersecurity with at least 5 years in a dedicated Incident Response or DFIR role. Proven experience leading response efforts for a large-scale enterprise or a top-tier IR firm (e.g. Mandiant CrowdStrike).

• Forensics:Solid understandingof deep-system forensics (Memory Disk Network) and specialized experience inCloud IR(Azure/AWS/O365).

• The Nuixand/or AxiomForensic Suite:Deep familiarity with enterprise forensic platforms (Nuix Magnet AXIOM EnCase) and the ability to guide L2 analysts in their usage.

• Adversary Knowledge:Expert-level understanding of TTPs (Tactics Techniques and Procedures) used by both state-sponsored and financially motivated (Ransomware) threat actors.

• Coding for Defense:Highproficiencyin automation (Python PowerShell) to build custom response scripts or API integrations between security tools.

Preferred Certifications

• Advanced SANS:GCFA (Forensics) GNFA (Network Forensics) GREM (Reverse Engineering Malware) or GXPN (Exploit Researcher).

• Leadership:CISSP-ISSMP (Management) or GCIH (Incident Handler).

Soft Skills & Leadership Traits

• Decisiveness:The ability to make $1M decisions (e.g. Shut down this data center now) with limited information during a live attack.

• Political Acumen:Skill in navigating the complexities of a large organization working with Legal Privacy and Human Resources during sensitive internal investigations.

• Resilience:Unwavering composure during high-stress 24/7 incident cycles.

Compensation:

The anticipated salary range for this position is $168000 to $195000 at the commencement of employment for the Jersey City NJ and Woodland Hills CA area. Not all candidates will be eligible for the upper end of the salary range. The actual compensation offered will ultimately be dependent on multiple factors which may include the candidates geographic location skills experience and other qualifications.

In addition the position is eligible for a discretionary bonus in accordance with the terms of the applicable incentive plan.

Corebridge also offers a range of competitive benefits as part of the total compensation package as detailed below.

Work Location

This position is based in Corebridge Financials Woodland Hills CA Jersey City NJ or Houston TX office and is subject to our hybrid working policy which gives colleagues the benefits of working both in an office and remotely.

Estimated Travel

May include up to 25%.

#LI-SAFG #LI-CW1 #LI-Hybrid

Why Corebridge

At Corebridge Financial we prioritize the health well-being and work-life balance of our employees. Our comprehensive benefits and wellness program is designed to support employees both personally and professionally ensuring that they have the resources and flexibility needed to thrive.

Benefit Offerings Include:

• Health and Wellness: We offer a range of medical dental and vision insurance plans as well as mental health support and wellness initiatives to promote overall well-being.
• Retirement Savings: We offer retirement benefits options which vary by location. In the U.S. our competitive 401(k) Plan offers a generous dollar-for-dollar Company matching contribution of up to 6% of eligible pay and a Company contribution equal to 3% of eligible pay (subject to annual IRS limits and Plan terms). These Company contributions vest immediately.
• Employee Assistance Program: Confidential counseling services and resources are available to all employees.
• Matching charitable donations: Corebridge matches donations to tax-exempt organizations 1:1 up to $5000.
• Volunteer Time Off: Employees may use up to 16 volunteer hours annually to support activities that enhance and serve communities where employees live and work.
• Paid Time Off: Eligible employees start off with at least 24 Paid Time Off (PTO) days so they can take time off for themselves and their families when they need it.

Eligibility for and participation in employer-sponsored benefit plans and Company programs will be subject to applicable law governing Plan document(s) and Company policy.

We are an Equal Opportunity Employer

Corebridge Financial is committed to being an equal opportunity employer and we comply with all applicable federal state and local fair employment laws. All applicants will be considered for employment based on job-related qualifications and without regard to race color religion sex gender gender identity or expression sexual orientation national origin disability neurodivergence age veteran status or any other protected characteristic. The Company is also committed to compliance with all fair employment practices regarding citizenship and immigration status. At Corebridge Financial we believe that diversity and inclusion are critical to building a creative workplace that leads to innovation growth and profitability. Through a wide variety of programs and initiatives we invest in each employee seeking to ensure that our colleagues are respected as individuals and valued for their unique perspectives.

Corebridge Financial is committed to working with and providing reasonable accommodations to job applicants and employees including any accommodations needed on the basis of physical or mental disabilities or sincerely held religious beliefs. If you believe you need a reasonable accommodation in order to search for a job opening or to complete any part of the application or hiring process please send an email to . Reasonable accommodations will be determined on a case-by-case basis in accordance with applicable federal state and local law.

We will consider for employment qualified applicants with criminal histories consistent with applicable law.

To learn more please visit:

Functional Area: