IT Security Incident Commander – Open to Remote

About the job

WI Madison Remote Work

At American Family Insurance, we believe people are an organization’s most valuable asset, and their ideas and experiences matter. From our CEO to our agency force, we’re committed to growing a diverse and inclusive culture that empowers innovation that will inspire, protect, and restore our customers’ dreams in ways never imagined.

American Family Insurance is driven by our customers and employees. That’s why we provide more than just a job – we provide opportunity. Whether you’re already part of our team in search of a new challenge or new to our company and ready for what’s next, you’re in the right place. Every dream is a journey that starts with a single step. Start your journey right here. Join our team. Bring your dreams.

Job ID: R27684 IT Security Incident Commander – Open to Remote (Open)

Compensation may vary based on the job level and your geographic work location.

Compensation Minimum:$68,200 Compensation Maximum:$144,500 Summary: The Cyber Security Incident Commander investigates, analyzes, and responds to cyber incidents within the Enterprise Cyber Environment. They will collect intrusion artifacts (e.g., source code, malware, trojans) and use discovered data to enable mitigation of potential cyber incidents within the enterprise. Provides leadership and expertise as it relates to emerging cyber threats and actionable intelligence. The role will be responsible to manage and lead Enterprise Teams to contain and eradicate malicious behavior and lead follow up conversations to ensure we maintain customer trust and protect the brand. This role provides 24x7x365 support coverage, meaning each team member participates in an on-call rotation.

Job Description

Job Description – Primary Accountabilities

  • Ability to lead large complex CSIRP activities
  • Perform incident triage, to include determining scope, urgency and potential impact; identifying specific vulnerability and making recommendations that enable expedition remediation
  • Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
  • Serve as a technical expert and liaison to law enforcement personnel and other internal teams, and explain incident details as required
  • Track and document incidents from initial detection through final resolution and closure
  • Write and publish after actions reviews
  • Researches and analyzes emerging cyber threats and threat intelligence from a number of sources and relevant cyber-intelligence feeds. Contextualizes finding to company`s specific business risks or vulnerabilities.
  • Monitors sources and feeds for indicators of information security threats and analyzes such threats to provide actionable intelligence.
  • Act as a point of escalation for Security investigations and Incidents to provide guidance and oversight on incident resolution and containment techniques
  • Rapidly cycle through discovering gaps, identifying solutions, and developing simplified approaches for delivering and integrating security solutions into the security and IT ecosystems
  • Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.

Security Research and Development

  • Maintaining ongoing knowledge of cyber threat actors and their tools, techniques and procedures.
  • Develops technical proof of concepts related to attacks involving web applications, mobile applications, network, hardware, Internet of Things and social engineering.
  • Conduct threat hunting exercises.
  • Simulate real-world attacks on company assets to uncover defensive control weaknesses
  • Continually enhances skills and build knowledge in all aspects of the organization, the business and information systems
  • Uncovering the unknown about cyber security threats and threat actors.

Cyber Security Leadership

  • Interfacing with other teams in information security (security operations, incident response and vulnerability management) along with information risk officers and technology management to help guide cyber security strategy.
  • Drives reduction of high risk vulnerabilities by regularly communicating with stakeholders and management.
  • Provides direction and thought leadership in the cyber security and threat landscape space.
  • Interface into Business units to bring business context to Cyber Security threat management practices, security controls and threat reporting etc, as needed
  • Researches and communicates needed configuration standards in response to ever changing threat landscape. Demonstrates innovation and agility in the mitigation of data exposure.
  • Partner with Information Security Operations to provide leadership and support in the areas of Threat analysis, Cyber defense techniques and approaches
  • Interface with affiliates, industry peers, government and law enforcement organizations as appropriate to acquire and share information
  • Provides direction, expertise, feedback, coaching and development to build the capability of more junior staff
  • Provide expert analytic investigative support of large scale and complex security incidents

Travel Requirements

  • This position requires travel up to 10% of the time.

Specialized Knowledge & Skills Requirements

  • Demonstrated experience providing customer-driven solutions, support or service
  • Basic knowledge and understanding of software engineering architectures, system/software designs, and system deployments
  • Basic knowledge and understanding of Cyber Security, Cyber Engineering, Computer Science, Software Engineering
  • Basic knowledge and understanding of security technologies and application development methodologies.
  • Demonstrated experience performing cyber threat analysis and incident response. Working knowledge of penetration testing.
  • Solid knowledge and understanding of directory services and identity stores.

Education & Licenses

  • Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent work experience.

Additional Job Information:

We are open to hiring at various levels across the job family so are open to those with a couple years experience and more!

The selected candidate would ideally be familiar/experienced with the following:

  • * Knowledge of computer networking concepts and protocols, and network security methodologies.
  • * Knowledge of cyber threats and vulnerabilities.
  • * Knowledge of cybersecurity principles.
  • * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
  • * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • * Knowledge of specific operational impacts of cybersecurity lapses.
  • Knowledge of basic system administration, network, and operating system hardening techniques.
  • Knowledge of cloud service models and possible limitations for an incident response.
  • Knowledge of cyber defense policies, procedures, and regulations.
  • Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).
  • Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non- nation state sponsored], and third generation [nation state sponsored]).
  • Knowledge of disaster recovery continuity of operations plans.
  • Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks).
  • Knowledge of how network services and protocols interact to provide network communications.
  • Knowledge of incident categories, incident responses, and timelines for responses.
  • Knowledge of incident response and handling methodologies.
  • Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies.
  • Knowledge of malware analysis concepts and methodologies.
  • Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
  • Skill in performing damage assessments.
  • Skill in preserving evidence integrity according to standard operating procedures or national standards.
  • Skill in protecting a network against malware.
  • Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
  • Skill in securing network communications.
  • Skill in using security event correlation tools.
  • Skill of identifying, capturing, containing, and reporting malware.
  • Knowledge of an organization’s information classification program and procedures for information compromise.
  • Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.
  • Knowledge of host/network access control mechanisms (e.g., access control list).
  • Knowledge of network traffic analysis methods.
  • Knowledge of packet-level analysis.
  • Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.

KSAs designated with asterisk (*) reflect basic types of knowledge for cyber professionals and are applied across all work roles.

  • Offer to selected candidate will be made contingent on the results of applicable background checks
  • Offer to selected candidate is contingent on signing a non-disclosure agreement for proprietary information, trade secrets, and inventions
  • We are open to remote candidates (anywhere in the USA)



When you work at American Family you can expect benefits that support your physical, emotional, and financial wellbeing. You will have access to comprehensive medical, dental, vision and wellbeing benefits that enable you to take care of your health. We also offer a competitive 401(k) contribution, a pension plan, an annual incentive, and a paid-time off program. In addition, our student loan repayment program and paid-family leave are available to support our employees and their families.Interns and contingent workers are not eligible for American Family Enterprise benefits.

We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.

Stay connected: Join Our Enterprise Talent Community !

Posted 4 Days Ago Full time R27684

At American Family Insurance, we know how hard our customers and employees work to achieve their dreams. That’s why, for over 90 years, we’ve made it our mission to protect those dreams. It’s all part of who we are and who we’ll always be – innovative, caring, agile, trustworthy, transparent and passionate. We’re a strong, forward-looking company and a proven leader in our industry. And if you’re looking to make a difference, we’re looking for you.

Join Our Enterprise Talent Community !

More Information

Apply for this job

Leave your thoughts