Principal Lead Analyst, Detection & Response Team; DART
Listed on 2026-07-01
-
IT/Tech
Cybersecurity
Principal Lead Analyst of DART
At Corebridge Financial, we believe action is everything. That's why every day we partner with financial professionals and institutions to make it possible for more people to take action in their financial lives, for today and tomorrow. We align to a set of Values that are the core pillars that define our culture and help bring our brand purpose to life:
- We are stronger as one:
We collaborate across the enterprise, scale what works and act decisively for our customers and partners. - We deliver on commitments:
We are accountable, empower each other and go above and beyond for our stakeholders. - We learn, improve and innovate:
We get better each day by challenging the status quo and equipping ourselves for the future. - We are inclusive:
We embrace different perspectives, enabling our colleagues to make an impact and bring their whole selves to work.
The Information Technology organization is the technological foundation of our business and works in collaboration with our partners from across the company. The team drives technology and digital transformation, partners with business leaders to design and execute new strategies through IT and operations services and ensures the necessary IT risk management and security measures are in place and aligned with enterprise architecture standards and principles.
About The Role
As the Principal Lead Analyst of DART, you are the ultimate technical authority for cyber defense and incident response. This is a high-impact leadership role that combines elite-level technical expertise with strategic vision. You will oversee the most complex security breaches, drive the evolution of our threat-hunting program, and mentor the next generation of responders. You are responsible for ensuring that the organization is not just "ready" for a crisis, but resilient enough to withstand one.
This role partners closely with Cyber Intelligence, Defense and Response, Application Security, and Cyber Resilience teams, and supports incident response efforts as an expert resource on adversarial capabilities.
Responsibilities
- Strategic Incident Command (Major Incidents)
- Incident Commander:
Serve as the primary Incident Commander for all Tier 3/Critical-level events. You will direct the technical response across all work streams (Forensics, Network, Cloud, Legal, and PR). - Crisis Communication:
Act as the technical voice for executive leadership. You must be able to translate complex exploit chains and technical risks into business-impact narratives for the C-Suite and Board of Directors. - Adversary Emulation:
Lead "Purple Team" exercises to test DART's readiness against specific APT (Advanced Persistent Threat) groups and real-world attack scenarios. - Advanced Detection & Hunting Strategy
- Threat Hunting Architecture:
Design and oversee the organization's long-term threat-hunting roadmap, ensuring coverage across the MITRE ATT&CK framework for Cloud (Azure/AWS), Identity, and On-Prem infrastructure. - Detection Engineering Oversight:
Collaborate with engineering teams to ensure that hunt findings are converted into high-fidelity, automated detections and SOAR (Security Orchestration, Automation, and Response) workflows. - Intelligence Integration:
Direct the consumption of tactical and strategic Threat Intelligence to proactively "harden" the environment before a known threat actor targets the industry. - Technical Leadership & Mentorship
- Force Multiplier:
Elevate the entire SOC/DART capability by providing technical mentorship to L1 and L2 analysts. You are responsible for the technical "QA" of the team's investigative output. - Tooling & Innovation:
Evaluate and select next-generation forensic and response technologies. You will drive the business case for new security investments. - Post-Incident Strategy:
Lead the "Lessons Learned" process for major incidents, ensuring that root causes result in fundamental shifts in the enterprise security posture.
Skills and Qualifications
Technical Requirements
- Experience:
8+ years in Cybersecurity, with at least 5 years in a dedicated Incident Response or DFIR role. Proven experience leading response efforts for a large-scale enterprise or a…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).