Senior Cyber Security Engineer - SIEM and Automation

Who We Are

At Corebridge Financial, we believe action is everything. That's why every day we partner with financial professionals and institutions to make it possible for more people to take action in their financial lives, for today and tomorrow.

We align to a set of Values that are the core pillars that define our culture and help bring our brand purpose to life:

• We are stronger as one: We collaborate across the enterprise, scale what works and act decisively for our customers and partners.
• We deliver on commitments: We are accountable, empower each other and go above and beyond for our stakeholders.
• We learn, improve and innovate: We get better each day by challenging the status quo and equipping ourselves for the future.
• We are inclusive: We embrace different perspectives, enabling our colleagues to make an impact and bring their whole selves to work.

Who You'll Work With

The Information Technology organization is the technological foundation of our business and works in collaboration with our partners from across the company. The team drives technology and digital transformation, partners with business leaders to design and execute new strategies through IT and operations services and ensures the necessary IT risk management and security measures are in place and aligned with enterprise architecture standards and principles.


About The Role

We are seeking a highly skilled Senior Cyber Security Engineer - SIEM and Automation to lead and enhance our detection engineering capabilities. This role is responsible for developing high-fidelity use cases, optimizing logging strategies, integrating security tools, and tuning alerts to improve signal-to-noise ratio.


You will work closely with Security Operations, Threat Intelligence, and Engineering teams to ensure our SIEM platform delivers actionable insights and supports rapid incident detection and response.

Responsibilities

• Use Case Development
  • Design, develop, and maintain SIEM detection use cases aligned with MITRE ATT&CK and threat intelligence
  • Translate threat scenarios into actionable detection logic and correlation rules
  • Continuously improve detection coverage through gap analysis and adversary simulation insights
• Logging & Data Analysis
  • Define and implement logging requirements across cloud, endpoint, network, and application layers
  • Analyze log sources to ensure data quality, normalization, and completeness
  • Identify gaps in telemetry and recommend improvements to enhance visibility
• Tool Integration & Data Onboarding
  • Integrate new data sources into the SIEM (e.g., EDR, IAM, firewall, SaaS platforms)
  • Work with engineering teams to onboard logs using APIs, agents, and log pipelines
  • Ensure proper parsing, enrichment, and normalization of ingested data
• Alert Tuning & Optimization
  • Reduce false positives through continuous alert tuning and threshold optimization
  • Implement risk-based alerting and prioritization strategies
  • Collaborate with SOC analysts to refine detection logic based on incident feedback
• SIEM Platform Engineering
  • Maintain and optimize SIEM performance, scalability, and cost efficiency
  • Develop dashboards, reports, and visualizations for operational and leadership insights
  • Support automation and orchestration efforts with SOAR integrations where applicable
• Collaboration & Continuous Improvement
  • Partner with Threat Intelligence to operationalize indicators and emerging threats
  • Support incident response investigations with log analysis and detection enhancements
  • Stay current with evolving attack techniques and detection methodologies

Skills and Qualifications

Technical Requirements

• Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent experience)
• 3-7+ years of experience in SIEM engineering, detection engineering, or security operations
• Hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar, Elastic)
• Strong understanding of log sources (Windows, Linux, cloud platforms, network devices)
• Experience with query languages (e.g., SPL, KQL, Lucene, SQL)
• Knowledge of MITRE ATT&CK framework and adversary tactics/techniques
• Experience onboarding and parsing diverse data sources

Preferred Qualifications

• Experience with SOAR platforms and security automation
• Familiarity with cloud environments (AWS, Azure, GCP) and their native logging tools
• Scripting or programming skills (Python, PowerShell, etc.)
• Experience with detection-as-code and version control practices
• Security certifications (e.g., GCIA, GCIH, CISSP, Splunk Certified, Microsoft SC-200)

Skills & Competencies

• Strong analytical and problem-solving skills
• Ability to balance detection fidelity with operational efficiency
• Effective communication and collaboration across technical teams
• Continuous learning mindset with a focus on threat-driven defense

Compensation :

The anticipated salary range for this position is $168,000 to $195,000 at the commencement of employment for the Jersey City, NJ and Woodland Hills, CA area. Not all candidates will be eligible for the upper end of the salary range. The actual compensation offered will ultimately be dependent on multiple factors, which may include the candidate's geographic location, skills, experience and other qualifications.

In addition, the position is eligible for a discretionary bonus in accordance with the terms of the applicable incentive plan.

Corebridge also offers a range of competitive benefits as part of the total compensation package, as detailed below.

Work Location

This position is based in Corebridge Financial's Woodland Hills, CA, Jersey City, NJ, or Houston, TX office and is subject to our hybrid working policy, which gives colleagues the benefits of working both in an office and remotely.

Estimated Travel

May include up to 25%.

#LI-SAFG #LI-CW1 #LI-Hybrid

Why Corebridge?

At Corebridge Financial, we prioritize the health, well-being, and work-life balance of our employees. Our comprehensive benefits and wellness program is designed to support employees both personally and professionally, ensuring that they have the resources and flexibility needed to thrive.

Benefit Offerings Include:

• Health and Wellness: We offer a range of medical, dental and vision insurance plans, as well as mental health support and wellness initiatives to promote overall well-being.
• Retirement Savings: We offer retirement benefits options, which vary by location. In the U.S., our competitive 401(k) Plan offers a generous dollar-for-dollar Company matching contribution of up to 6% of eligible pay and a Company contribution equal to 3% of eligible pay (subject to annual IRS limits and Plan terms). These Company contributions vest immediately.
• Employee Assistance Program: Confidential counseling services and resources are available to all employees.
• Matching charitable donations: Corebridge matches donations to tax-exempt organizations 1:1, up to $5,000.
• Volunteer Time Off: Employees may use up to 16 volunteer hours annually to support activities that enhance and serve communities where employees live and work.
• Paid Time Off: Eligible employees start off with at least 24 Paid Time Off (PTO) days so they can take time off for themselves and their families when they need it.

Eligibility for and participation in employer-sponsored benefit plans and Company programs will be subject to applicable law, governing Plan document(s) and Company policy.

We are an Equal Opportunity Employer

Corebridge Financial, is committed to being an equal opportunity employer and we comply with all applicable federal, state, and local fair employment laws. All applicants will be considered for employment based on job-related qualifications and without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, disability, neurodivergence, age, veteran status, or any other protected characteristic. The Company is also committed to compliance with all fair employment practices regarding citizenship and immigration status. At Corebridge Financial, we believe that diversity and inclusion are critical to building a creative workplace that leads to innovation, growth, and profitability. Through a wide variety of programs and initiatives, we invest in each employee, seeking to ensure that our colleagues are respected as individuals and valued for their unique perspectives.

Corebridge Financial is committed to working with and providing reasonable accommodations to job applicants and employees, including any accommodations needed on the basis of physical or mental disabilities or sincerely held religious beliefs. If you believe you need a reasonable accommodation in order to search for a job opening or to complete any part of the application or hiring process, please send an email to View email address on click.appcast.io. Reasonable accommodations will be determined on a case-by-case basis, in accordance with applicable federal, state, and local law.

We will consider for employment qualified applicants with criminal histories, consistent with applicable law.

To learn more please visit:

Functional Area:

IT - Information Technology

Estimated Travel Percentage (%): Up to 25%

Relocation Provided: No

American General Life Insurance Company