External candidates: In order for your application to be correctly processed please sign-in before you apply
Internal candidates: Please go to Workday and click "Find Jobs" link under Career
Thank you for considering opportunities with us!
Job Title
Cyber Threat Intelligence Analyst - RemoteRequisition Number
R7811 Cyber Threat Intelligence Analyst - Remote (Open)Location
Arizona - Home TeleworkersAdditional Locations
Alabama - Home Teleworkers, Alabama - Home Teleworkers, Arkansas - Home Teleworkers, California - Home Teleworkers, Colorado - Home Teleworkers, Connecticut - Home Teleworkers, Delaware - Home Teleworker, District of Columbia - Home Teleworkers, Florida - Home Teleworkers, Georgia - Home Teleworkers, Idaho - Home Teleworkers, Illinois - Home Teleworkers, Indiana - Home Teleworkers, Iowa - Home Teleworkers, Kansas - Home Teleworker, Kentucky - Home Teleworkers, Louisiana - Home Teleworkers, Maine Home Teleworkers, Maryland - Home Teleworkers, Massachusetts - Home Teleworkers, Michigan - Home Teleworkers, Minnesota - Home Teleworkers, Mississippi - Home Teleworker, Missouri - Home Teleworker, Montana - Home Teleworkers {+ 21 more}Job Information
CSAA Insurance Group (CSAA IG), a AAA insurer, is one of the leading personal lines property and casualty insurance groups in the United States. Here, every employee shapes our mission. We build innovative, human-centered solutions that help AAA members prevent, prepare for, and recover from life's uncertainties. You will join a collaborative, inclusive culture where your strengths have room to grow and your ideas can drive real impact. Step into a role where you can contribute to our shared success through meaningful work.
We are actively hiring for a Cyber Threat Intelligence Analyst - Remote
Your Role: We are seeking an experienced Cyber Threat Intelligence (CTI) Analyst to help mature the CSAA CTI program. This hands‑on role focuses on operationalizing the Threat Intelligence Platform (TIP), tracking priority threats, and delivering actionable, detection‑driven intelligence to security teams and leadership. The ideal person is a well‑rounded security professional who is comfortable working across teams, proactively identifying risk, and translating intelligence into prevention, detection, and response actions.
Your Work: The CSAA Cyber Threat Intelligence Team is responsible for identifying, analyzing, and tracking cyber threats that may impact the organization. We collect intelligence from a wide range of internal and external sources and use that information to understand threat actors, campaigns, vulnerabilities, and attacker tradecraft relevant to our environment.
The successful candidate will be responsible for analyzing and contextualizing threat intelligence, identifying potential risks, and supporting security operations through actionable insights. They will help improve insight into emerging threats, support investigative efforts, and contribute to the continued development and maturity of the CTI program.
Monitor and analyze intelligence from commercial, industry, and OSINT sources to track threat actors, campaigns, and vulnerabilities, and assess their relevance, impact, and risk to the organization
Maintain and use Threat Intelligence Platforms (TIP) and related tools to support intelligence operations, including ingestion, enrichment, tagging, and data quality
Integrate intelligence across security tools (SIEM, SOAR, case management) to support operations
Collect, enrich, and manage actionable IOCs to drive detection, blocking, and mitigation efforts across security operations
Provide real‑time intelligence context during investigations and incidents (e.g., adversary behavior, infrastructure, objectives)
Analyze vulnerability intelligence, including KEV listings and active exploitation trends, to support risk‑based vulnerability prioritization
Respond to ad hoc and time‑sensitive intelligence requests from stakeholders
Support threat hunting by developing indicators, behaviors, and hypotheses
Produce and deliver intelligence reports and briefings for technical and non‑technical audiences
Improve intelligence workflows, intake processes, RFIs, and documentation
6+ years of experience in Cyber Threat Intelligence, SOC, Incident Response, Threat Hunting, or related cybersecurity roles
Bachelor’s degree in computer science, Information Technology, or a related field, or an equivalent combination of education and experience
Deep experience operating and optimizing industry leading Threat Intelligence Platforms (TIPs)
Proven experience leveraging commercial threat intelligence providers such as Flashpoint, Recorded Future, Intel 471, ZeroFox, or comparable services to support operational intelligence requirements
Strong mastery of the intelligence lifecycle, with demonstrated ability to operationalize intelligence from collection through dissemination and action
Advanced working knowledge of the MITRE ATT&CK framework, with experience applying it to threat analysis, detection engineering, and reporting
Demonstrated experience managing and enriching IOCs, with a focus on translating intelligence into measurable detection, blocking, and mitigation outcomes
Solid understanding of SIEM, SOAR, EDR, and case management platforms, and how intelligence integrates into and enhances investigative workflows
Experience analyzing vulnerability and exploit intelligence to assess real‑world risk, likelihood of exploitation, and potential business impact
Strong written and verbal communication skills, with the ability to clearly articulate complex threat and risk concepts to both technical and non‑technical stakeholders
What would make us excited about you?
A teammate who values collaboration and knowledge sharing
Ability to think critically and operate effectively in ambiguous or evolving situations
Strong communication skills
A strong passion for continuous learning, with curiosity to stay current on emerging threats, techniques, and evolving security trends
A self‑starter who takes initiative, operates effectively with minimal direction, and proactively sees opportunities to improve security outcomes
Actively shapes our company culture (e.g., participating in employee resource groups, volunteering, etc.)
Lives into cultural norms (e.g., willing to have cameras when it matters: helping onboard new team members, building relationships, etc.)
Travels as needed for role, including divisional / team meetings and other in-person meetings
Fulfills business needs, which may include investing extra time, helping other teams, etc
Please note we are hiring for this role remote anywhere in the United States with the following exceptions: Hawaii and Alaska.
Why Choose a Career at CSAA IG?
At CSAA IG, we are a mission-driven organization proudly committed to empowering our members, our employees, and our communities to thrive.
Recognition: We offer a total compensation package, annual bonus eligibility for most roles, 401(k) with a company match, and so much more! Read more about what we offer and what it is like to be a part of our dynamic team at https://careers.csaainsurance.aaa.com/us/en/benefits.
Career Growth: We believe in growth for everyone. Here at CSAA IG, leaders and mentors partner with employees to align interests, unlock development opportunities, and support long‑term success.
Flexible Workplace: We embrace a remote-first culture through our Flexible Workplace. Most employees hold Home-Flex roles, working primarily from home, often with the flexibility to work from various locations including CSAA offices. Our flexible workplace empowers you to balance remote work with intentional in‑person moments that deepen connection and collaboration.
Inclusion and Belonging: An inclusive and welcoming workplace is the cornerstone of our success. By fostering an environment where people feel valued and heard, we deepen our ability to understand and meet the unique needs of our members. This strengthens innovation and enhances our products and services, giving us a competitive edge in the market.
Sustainability: As climate change leads to more frequent and severe weather events, we are taking bold action to build more resilient communities and reduce our environmental impact. Submit your application to be considered. We communicate via email, so check your inbox and/or your spam folder to ensure you don’t miss important updates from us.
CSAA is committed to providing reasonable accommodations to qualified applicants and employees with disabilities or other limitations. If you would like to request an accommodation to participate in the job application or interview process, please contact [email protected]
If you apply and are selected to continue in the recruiting process, we will schedule a preliminary call with you to discuss the role and will disclose during that call the available salary/hourly rate range based on your location. Factors used to determine the actual salary offered may include location, experience, or education.
CSAA does not provide visa sponsorship for this role. Applicants must have authorization to work indefinitely in the US. Please do not apply for this role if at any time (now or in the future) you will need immigration support (i.e., H-1B, TN, STEM OPT Training Plans, etc.).
CSAA Insurance Group is an equal opportunity employer.
#LI-SB1
.
The national average salary range for this position is $122,850.00-$136,500.00. However, we have a location-based compensation structure. Our salary ranges vary and are calculated based on work location. The starting pay range for this position across all the states we hire in is $122,850.00-$164,000.00. This role also includes an opportunity for a company-wide annual discretionary bonus, through our Annual Incentive Plan (AIP), of up to 10% of eligible pay.This job posting will be unposted on Fri, 31 Jul 2026.Skills Required
- 6+ years of experience in Cyber Threat Intelligence, SOC, Incident Response, Threat Hunting, or related cybersecurity roles
- Bachelor's degree in computer science, Information Technology, or related field, or equivalent combination of education and experience
- Deep experience operating and optimizing Threat Intelligence Platforms (TIPs)
- Proven experience leveraging commercial threat intelligence providers (Flashpoint, Recorded Future, Intel 471, ZeroFox, or comparable)
- Strong mastery of the intelligence lifecycle and ability to operationalize intelligence from collection through dissemination and action
- Advanced working knowledge of the MITRE ATT&CK framework and applying it to analysis and detection engineering
- Demonstrated experience managing and enriching IOCs to support detection, blocking, and mitigation
- Solid understanding of SIEM, SOAR, EDR, and case management platforms and their integration with intelligence
- Experience analyzing vulnerability and exploit intelligence (including KEV listings) to support risk-based vulnerability prioritization
- Strong written and verbal communication skills for technical and non-technical audiences
- Collaborative team player who values knowledge sharing and continuous learning
- Ability to think critically and operate effectively in ambiguous or evolving situations
- Self-starter who operates effectively with minimal direction and proactively improves security outcomes
- Willingness to travel as needed for team/divisional in-person meetings
CSAA Insurance Group Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about CSAA Insurance Group and has not been reviewed or approved by CSAA Insurance Group.
-
Fair & Transparent Compensation — Pay is considered good or competitive across many roles, with base compensation often viewed as solid for the work. Feedback suggests overall compensation feels stronger when flexibility and attainable bonuses are part of the package.
-
Retirement Support — 401(k) matching and annual profit sharing, with immediate vesting, are highlighted as meaningful strengths in total rewards. Tuition reimbursement and student‑loan support further reinforce the company’s financial well‑being focus.
-
Leave & Time Off Breadth — Flexible Time Off or PTO, multiple paid company holidays, and dedicated paid enrichment time create a robust time‑off mix. A largely remote, flexible workplace helps employees make practical use of these benefits.
CSAA Insurance Group Insights
What We Do
Why we're forever forward -- At CSAA IG, one thing will always endure: our commitment to excellence in everything we do for our members, employees and communities. As insurance industry leaders, we know things can change in an instant. It’s why we’re here. We’re not afraid of change. We welcome it and use it to advance the cause. For employees, our cause is to become ever more inclusive and supportive of their goals and contributions. For our AAA Members, it’s finding new ways to help them prevent, prepare for and recover from whatever comes. For our communities, it’s exploring new ways of helping them meet evolving challenges. Whatever may happen, change becomes progress at CSAA IG. Benefits for today and for your future -- Benefits at CSAA IG represent our commitment to protect our employees by providing for their needs today and helping them prepare for a more secure future. Our suite of benefits is designed to provide for your physical, mental, social and financial health. Our sense of belonging keeps us together -- Belonging is the feeling of being welcomed and accepted for who you are and the qualities you bring. It’s knowing you’re heard and valued as an individual and employee. At CSAA IG, we share a strong sense of purpose and a hunger for adventure. Change should always be expected, but can’t always be predicted. Whatever happens, we remain true to our beliefs and clear on our purpose. We meet change head on and grow from each experience. A promise to act -- Life is uncertain, but we are not. When our AAA Members need us, we know how to move with the speed, expertise and confidence they rely on.








