Principal Lead Analyst, Detection & Response Team – DART

AIG

. Serve as the primary Incident Commander for all Tier 3/Critical-level events.

Posted 4/22/2026full-timeHouston • New Jersey, Texas • 🇺🇸 United StatesSenior💰 $168,000 - $195,000 per yearWebsite

Tech Stack

Tools & technologies

AWSAzureCloudCyber SecurityDartPython

About the role

Key responsibilities & impact

Serve as the primary Incident Commander for all Tier 3/Critical-level events.
Direct the technical response across all workstreams (Forensics, Network, Cloud, Legal, and PR).
Act as the technical voice for executive leadership, translating complex exploit chains and technical risks into business-impact narratives for the C-Suite and Board of Directors.
Lead "Purple Team" exercises to test DART’s readiness against specific APT groups and real-world attack scenarios.
Design and oversee the organization’s long-term threat-hunting roadmap, ensuring coverage across the MITRE ATT&CK framework for Cloud (Azure/AWS), Identity, and On-Prem infrastructure.
Collaborate with engineering teams to ensure that hunt findings are converted into high-fidelity, automated detections and SOAR workflows.
Direct the consumption of tactical and strategic Threat Intelligence to proactively harden the environment before a known threat actor targets the industry.
Elevate the entire SOC/DART capability by providing technical mentorship to L1 and L2 analysts.

Requirements

What you’ll need

8+ years in Cybersecurity, with at least 5 years in a dedicated Incident Response or DFIR role.
Proven experience leading response efforts for a large-scale enterprise or a top-tier IR firm (e.g., Mandiant, CrowdStrike).
Solid understanding of deep-system forensics (Memory, Disk, Network) and specialized experience in Cloud IR (Azure/AWS/O365).
Deep familiarity with enterprise forensic platforms (Nuix, Magnet AXIOM, EnCase) and the ability to guide L2 analysts in their usage.
Expert-level understanding of TTPs (Tactics, Techniques, and Procedures) used by both state-sponsored and financially motivated (Ransomware) threat actors.
High proficiency in automation (Python, PowerShell) to build custom response scripts or API integrations between security tools.
Preferred Certifications: Advanced SANS: GCFA (Forensics), GNFA (Network Forensics), GREM (Reverse Engineering Malware), or GXPN (Exploit Researcher).
Leadership: CISSP-ISSMP (Management) or GCIH (Incident Handler).

Benefits

Comp & perks

Health and Wellness: We offer a range of medical, dental and vision insurance plans, as well as mental health support and wellness initiatives to promote overall well-being.
Retirement Savings: We offer retirement benefits options, which vary by location. In the U.S., our competitive 401(k) Plan offers a generous dollar-for-dollar Company matching contribution of up to 6% of eligible pay and a Company contribution equal to 3% of eligible pay (subject to annual IRS limits and Plan terms). These Company contributions vest immediately.
Employee Assistance Program: Confidential counseling services and resources are available to all employees.
Matching charitable donations: Corebridge matches donations to tax-exempt organizations 1:1, up to $5,000.
Volunteer Time Off: Employees may use up to 16 volunteer hours annually to support activities that enhance and serve communities where employees live and work.
Paid Time Off: Eligible employees start off with at least 24 Paid Time Off (PTO) days so they can take time off for themselves and their families when they need it.

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Incident ResponseDigital ForensicsThreat HuntingAutomationCloud Incident ResponseTactics Techniques Procedures (TTPs)Memory ForensicsDisk ForensicsNetwork ForensicsAPI Integrations

Soft Skills

LeadershipTechnical MentorshipCommunicationCollaborationStrategic ThinkingProblem SolvingTechnical Translation

Certifications

GCFAGNFAGREMGXPNCISSP-ISSMPGCIH