Technical Incident Response Analyst - Hybrid (IL)

Job Description

First American Bank was founded in Chicago, and over the years has expanded throughout Wisconsin and Florida.  As the largest privately held bank in Illinois, we now have over 60 locations and assets of $8+ billion.  We are a community bank at heart with international expertise, traditional values, and a forward-looking philosophy.  Our employees have the experience and vision to meet the needs of savers, borrowers, and businesses in the 21st century.  First American Bank can offer employees a level of visibility, career growth, and stability that is difficult to find in many larger corporations. 

The Technical Incident Response Analyst is responsible for monitoring, analyzing, and responding to cybersecurity alerts and incidents across enterprise infrastructure and security platforms. This role serves as a primary investigator for security events, ensuring timely detection, containment, remediation, documentation, and escalation of incidents in alignment with established incident response playbooks, regulatory requirements, and internal controls.

The position combines real‑time alert monitoring, technical investigation, firewall and configuration change validation, and execution of defined recurring operational tasks to maintain a strong security posture across the organization.

DUTIES & RESPONSIBILITES

• Monitor and respond to cybersecurity alerts generated from SIEM provider dashboards and security monitoring platforms.
• Investigate, remediate, and document security incidents reported through automated alerts, tickets, emails, phone calls, or external SOC notifications.
• Act as the primary investigator for potential security incidents identified by SOC analysts or monitoring tools.
• Follow documented incident response playbooks while exercising sound judgment to contain and remediate threats.
• Investigate phishing emails, user‑reported security concerns, and potential attempts at fraud or financial loss.
• Review authentication, endpoint, network, and application activity for anomalous or malicious behavior.
• Analyze firewall logs, IDS alerts, intrusion prevention activity, anti‑malware events, server logs, and application logs.
• Monitor intrusion detection systems, for indicators of compromise or suspicious activity.
• Correlate data across SIEM, IDS, endpoint, and firewall platforms to support incident investigations.
• Perform log reviews using standardized incident response and log review templates.
• Perform reconciliation of firewall rule and configuration changes.
• Validate that all changes are authorized, approved, and compliant with change management and security policies.
• Identify unauthorized or out‑of‑policy changes and escalate violations as required

Execute daily, weekly, and periodic tasks defined in the Incident Response recurring task schedule, including:

         Reviewing Microsoft Defender security incidents and assigning or resolving alerts.         

         Reviewing external SOC (e.g., Proficio) incident tickets to ensure proper closure.

         Reviewing SIEM and Kibana dashboards for authentication failures and other abnormal activity.

         Validating completion and documenting evidence through screenshots and reports.

• Document incident activity, evidence, analysis, and remediation actions in an audit‑ready manner.
• Communicate incident status clearly to Information Security leadership, infrastructure teams, and management.
• Provide incident reporting suitable for internal audit, regulatory examination, and compliance reviews.
• Track incidents end‑to‑end to ensure timely closure and proper documentation.
• Participate in SOC and security working group sessions to improve detection rules and reduce false positives.
• Review and update automated alerts and incident response playbooks for accuracy and effectiveness.
• Collaborate with networking, systems, endpoint, and application teams during investigations.

QUALIFICATIONS

• Minimum of three years of experience directly related to incident response, security monitoring, or cybersecurity operations.
• Hands‑on experience with SIEM platforms, incident response tooling, and alert monitoring solutions.
• Experience with firewall technologies, network security concepts, and endpoint protection platforms.
• Experience performing log analysis and incident investigations across multiple data sources.
• Exposure to Linux operating systems preferred.

Working knowledge of:

         SIEM and security monitoring platforms

         Firewalls, TCP/IP networking, LAN/WAN infrastructure

         Endpoint protection and anti‑malware solutions

         IDS/HIDS platforms

         Microsoft 365 security tools

• Demonstrated ability to reconcile configuration changes and validate security controls.
• Qualified military veterans are encouraged to apply.
• Must be professional, comfortable speaking with external and internal contacts with a demonstrated ability to tailor the message appropriately to the audience and situation effectively.
• Ability to relay technical information to both technical and non-technical personnel.
• Ability to write technical documentation.
• Demonstrated ability to convey thoughts and ideas effectively and succinctly via written formats, including emails, letters, and electronic platforms. Maintain professional standards relating to spelling and grammar.
• Maintain credibility through professional demeanor, appearance, and presence by modeling standards appropriate to our environment and industry.
• Maintain good working relationships with internal partners by exhibiting exemplary interpersonal skills, adopting a constructive, solutions-focused approach.
• Use sound professional judgment to balance the interests of the organization and customer, understanding and using available resources to mitigate risks.
• Proficiency with Microsoft 365 products and applications, including the ability to effectively prepare or review documents, procedures, and reports.
• Proficiency in Network Management and Firewalls, Servers, TCP/IP Schema, Remote Access Solutions, & NFS/ISCCI/CIFS networking/storage interdependencies.
• Demonstrated ability to learn new systems and applications, as well as the ability to understand, adapt and adjust responsibilities/workflows as a result of system upgrades. 
• Occasional travel to other First American Bank locations, Bank functions, and training facilities may be required.
• Typical schedule is Monday through Friday 8:00 a.m. to 5:00 p.m. Additional hours may be required depending upon business need.
• Rotational Saturday work and off-hours on-call availability.
• Punctuality is required to maintain First American Bank’s customer service standards.

Responsibilities

First American Bank was founded in Chicago, and over the years has expanded throughout Wisconsin and Florida.  As the largest privately held bank in Illinois, we now have over 60 locations and assets of $8+ billion.  We are a community bank at heart with international expertise, traditional values, and a forward-looking philosophy.  Our employees have the experience and vision to meet the needs of savers, borrowers, and businesses in the 21st century.  First American Bank can offer employees a level of visibility, career growth, and stability that is difficult to find in many larger corporations. 
 
The Technical Incident Response Analyst is responsible for monitoring, analyzing, and responding to cybersecurity alerts and incidents across enterprise infrastructure and security platforms. This role serves as a primary investigator for security events, ensuring timely detection, containment, remediation, documentation, and escalation of incidents in alignment with established incident response playbooks, regulatory requirements, and internal controls.
 
The position combines real‑time alert monitoring, technical investigation, firewall and configuration change validation, and execution of defined recurring operational tasks to maintain a strong security posture across the organization.
 
DUTIES & RESPONSIBILITES
- Monitor and respond to cybersecurity alerts generated from SIEM provider dashboards and security monitoring platforms.
- Investigate, remediate, and document security incidents reported through automated alerts, tickets, emails, phone calls, or external SOC notifications.
- Act as the primary investigator for potential security incidents identified by SOC analysts or monitoring tools.
- Follow documented incident response playbooks while exercising sound judgment to contain and remediate threats.
- Investigate phishing emails, user‑reported security concerns, and potential attempts at fraud or financial loss.
- Review authentication, endpoint, network, and application activity for anomalous or malicious behavior.
- Analyze firewall logs, IDS alerts, intrusion prevention activity, anti‑malware events, server logs, and application logs.
- Monitor intrusion detection systems, for indicators of compromise or suspicious activity.
- Correlate data across SIEM, IDS, endpoint, and firewall platforms to support incident investigations.
- Perform log reviews using standardized incident response and log review templates.
- Perform reconciliation of firewall rule and configuration changes.
- Validate that all changes are authorized, approved, and compliant with change management and security policies.
- Identify unauthorized or out‑of‑policy changes and escalate violations as required
Execute daily, weekly, and periodic tasks defined in the Incident Response recurring task schedule, including:
 
         Reviewing Microsoft Defender security incidents and assigning or resolving alerts.         
         Reviewing external SOC (e.g., Proficio) incident tickets to ensure proper closure.
         Reviewing SIEM and Kibana dashboards for authentication failures and other abnormal activity.
         Validating completion and documenting evidence through screenshots and reports.
- Document incident activity, evidence, analysis, and remediation actions in an audit‑ready manner.
- Communicate incident status clearly to Information Security leadership, infrastructure teams, and management.
- Provide incident reporting suitable for internal audit, regulatory examination, and compliance reviews.
- Track incidents end‑to‑end to ensure timely closure and proper documentation.
- Participate in SOC and security working group sessions to improve detection rules and reduce false positives.
- Review and update automated alerts and incident response playbooks for accuracy and effectiveness.
- Collaborate with networking, systems, endpoint, and application teams during investigations.
 
QUALIFICATIONS
- Minimum of three years of experience directly related to incident response, security monitoring, or cybersecurity operations.
- Hands‑on experience with SIEM platforms, incident response tooling, and alert monitoring solutions.
- Experience with firewall technologies, network security concepts, and endpoint protection platforms.
- Experience performing log analysis and incident investigations across multiple data sources.
- Exposure to Linux operating systems preferred.
Working knowledge of:
 
         SIEM and security monitoring platforms
         Firewalls, TCP/IP networking, LAN/WAN infrastructure
         Endpoint protection and anti‑malware solutions
         IDS/HIDS platforms
         Microsoft 365 security tools
- Demonstrated ability to reconcile configuration changes and validate security controls.
- Qualified military veterans are encouraged to apply.
- Must be professional, comfortable speaking with external and internal contacts with a demonstrated ability to tailor the message appropriately to the audience and situation effectively.
- Ability to relay technical information to both technical and non-technical personnel.
- Ability to write technical documentation.
- Demonstrated ability to convey thoughts and ideas effectively and succinctly via written formats, including emails, letters, and electronic platforms. Maintain professional standards relating to spelling and grammar.
- Maintain credibility through professional demeanor, appearance, and presence by modeling standards appropriate to our environment and industry.
- Maintain good working relationships with internal partners by exhibiting exemplary interpersonal skills, adopting a constructive, solutions-focused approach.
- Use sound professional judgment to balance the interests of the organization and customer, understanding and using available resources to mitigate risks.
- Proficiency with Microsoft 365 products and applications, including the ability to effectively prepare or review documents, procedures, and reports.
- Proficiency in Network Management and Firewalls, Servers, TCP/IP Schema, Remote Access Solutions, & NFS/ISCCI/CIFS networking/storage interdependencies.
- Demonstrated ability to learn new systems and applications, as well as the ability to understand, adapt and adjust responsibilities/workflows as a result of system upgrades. 
- Occasional travel to other First American Bank locations, Bank functions, and training facilities may be required.
- Typical schedule is Monday through Friday 8:00 a.m. to 5:00 p.m. Additional hours may be required depending upon business need.
- Rotational Saturday work and off-hours on-call availability.
- Punctuality is required to maintain First American Bank’s customer service standards.