Principal Lead Analyst, Detection & Response Team; DART
Listed on 2026-07-04
-
IT/Tech
Cybersecurity
About the Role
As the Principal Lead Analyst of DART, you are the ultimate technical authority for cyber defense and incident response. This high‑impact leadership role combines elite technical expertise with strategic vision. You will oversee the organization’s most complex security breaches, drive the evolution of our threat‑hunting program, and mentor a growing team of responders to ensure the organization is not just “ready” for a crisis, but resilient enough to withstand one.
This role partners closely with Cyber Intelligence, Defense and Response, Application Security, and Cyber Resilience teams, and supports incident response efforts as an expert resource on adversarial capabilities.
Responsibilities Strategic Incident Command (Major Incidents)- Incident Commander:
Serve as the primary Incident Commander for all Tier 3/Critical‑level events, directing the technical response across work streams (Forensics, Network, Cloud, Legal, and PR). - Crisis Communication:
Act as the technical voice for executive leadership. Translate complex exploit chains and technical risks into business‑impact narratives for the C‑Suite and Board of Directors. - Adversary Emulation:
Lead “Purple Team” exercises to test DART’s readiness against specific APT groups and real‑world attack scenarios.
- Threat Hunting Architecture:
Design and oversee the organization’s long‑term threat‑hunting roadmap, ensuring coverage across the MITRE ATT&CK framework for Cloud (Azure/AWS), Identity, and On‑Prem infrastructure. - Detection Engineering Oversight:
Collaborate with engineering teams to ensure hunt findings are converted into high‑fidelity, automated detections and SOAR workflows. - Intelligence Integration:
Direct the consumption of tactical and strategic Threat Intelligence to proactively “harden” the environment before a known threat actor targets the industry.
- Force Multiplier:
Elevate the entire SOC/DART capability by providing technical mentorship to L1 and L2 analysts. Responsible for the technical “QA” of the team’s investigative output. - Tooling & Innovation:
Evaluate and select next‑generation forensic and response technologies, driving the business case for new security investments. - Post‑Incident Strategy:
Lead the “Lessons Learned” process for major incidents, ensuring root causes result in fundamental shifts in the enterprise security posture.
- Experience: 8+ years in Cybersecurity, with at least 5 years in a dedicated Incident Response or DFIR role. Proven experience leading response efforts for a large‑scale enterprise or a top‑tier IR firm.
- Forensics: Solid understanding of deep‑system forensics (Memory, Disk, Network) and specialized experience in Cloud IR (Azure/AWS/O365).
- Nuix / Axiom Forensic Suite: Deep familiarity with enterprise forensic platforms (Nuix, Magnet AXIOM, EnCase) and the ability to guide L2 analysts.
- Adversary Knowledge: Expert‑level understanding of TTPs used by state‑sponsored and financially motivated threat actors.
- Coding for Defense: High proficiency in automation (Python, Power Shell) to build custom response scripts or API integrations between security tools.
- Advanced SANS: GCFA, GNFA, GREM, or GXPN.
- Leadership: CISSP‑ISSMP or GCIH.
- Decisiveness: Ability to make high‑value decisions with limited information during a live attack.
- Political Acumen: Skill in navigating the complexities of a large organization, working with Legal, Privacy, and Human Resources during sensitive investigations.
- Resilience: Unwavering composure during high‑stress, 24/7 incident cycles.
The anticipated salary range for this position is $168,000 to $195,000 at commencement of employment for the Jersey City, NJ and Woodland Hills, CA area. Candidates may be eligible for a discretionary bonus in accordance with the applicable incentive plan.
Work LocationPositions are based in Corebridge Financial’s Woodland Hills, CA;
Jersey City, NJ; or Houston, TX offices and are subject to a hybrid working policy.
May include up to 25% travel.
Benefit…(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).