Overview

This is a remote position that can be hired in NC, AZ, TX, and VA.

This position supports the Bank's Information Security and Cyber Threat management programs at the highest level of complexity and expertise. Leads the analysis and mitigation of threats identified within the Bank's networks and systems. Ensures that team reporting is timely, accurate, and escalated as necessary to provide actionable intelligence for cyber defense efforts. Develops process improvements and technical solutions that address the identified gaps or deficiencies. Drives the defense of the organization's information security and technological architecture through expert consultation and threat mitigation. Serves as a resource to team members and management on security threats, industry trends, and other relevant intelligence. Leads projects within the work group and resolves escalated, high-risk issues.

Responsibilities

The role will focus on detection engineering, leveraging advanced security tools and frameworks to enhance their threat detection capabilities. The ideal candidate will have deep expertise in SIEM log analysis and detection development, in-depth knowledge of security controls, and strong communication skills to collaborate across IT and enterprise monitoring teams.

Key Responsibilities:

• Perform in-depth analysis of security events and detections from SIEM and EDR platforms.
• Review and recommend improvements to security policies and detection strategies across security tools.
• Assist with log analysis for critical applications, ensuring proper field capture and normalization.
• Collaborate with IT teams and application owners to identify gaps and implement detection enhancements.
• Apply MITRE ATT&CK framework to strengthen detection coverage and threat modeling.
• Document findings, recommendations, and detection logic clearly and concisely.

Qualifications

Bachelor's Degree and 8 years of experience in Information security OR High School Diploma or GED and 12 years of experience in Information security

• Proven experience in detection engineering within cybersecurity operations.
• Strong proficiency in Splunk (Power User level or higher); Splunk administration experience preferred.
• Hands-on experience with security tools such as CrowdStrike, UEBA, and database monitoring solutions.
• Familiarity with SIEM and EDR analysis methodologies.
• Working knowledge of the MITRE ATT&CK framework.
• Excellent communication and organizational skills; ability to guide application owners through technical requirements.

Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at https://jobs.firstcitizens.com/benefits.