Job Description

About Us

Finance of America helps homeowners 55+ access the equity they’ve built while staying in full control of their home and their financial future. Through a range of reverse mortgage solutions, we help customers shape the retirement they’ve earned while continuing to evolve how we serve and work together.

Joining Finance of America now means stepping into a period of momentum and growth, with teams actively shaping what comes next and opportunities to make an impact and grow your career.

To learn more about us, visit www.financeofamerica.com

Purpose of Role

Responsible for conducting deep investigations into security events, correlating data across multiple platforms, and leading incident response activities for moderate-complexity threats. Refines detection logic, improves SOC workflows, and provides guidance to Level I analysts while serving as a technical escalation point.

Key Responsibilities and Expectations

• Utilizes Crowdstrike, Azure/M365, Elastic/Kibana, and other enterprise tooling to correlate events across multiple data sources to identify patterns and emerging threats.
• Leads investigations for escalated alerts involving endpoints, cloud identity, authentication, and network telemetry.
• Performs containment actions such as host isolation, token revocations, and malicious rule quarantines following established Incident Response procedures and playbooks.
• Reviews and tunes detections, lenses, dashboards, and alerts thresholds to reduce false positives and improve actionable intelligence.
• Participates in threat hunting missions and proposes hypotheses based on telemetry gaps or unusual environmental behavior.
• Contributes to playbook updates, new runbook/playbook creations, and continuous improvement of SOC operations.
• Documents incident timelines, root causes, and recommended mitigations for larger organizational teams.
• Maintains awareness of current threats, attack techniques, and organizational security policies.
• Provides timely communication to senior analysts regarding suspicious activity, potential incidents, and operational risks.
• Follows SOC procedures for incident response, containment actions, and enhanced monitoring tasks.
• Participates in shift turnover briefings, contributes to daily operational reporting, and ensures accurate case hand-off.
• Protects sensitive information and maintains strict confidentiality in all SOC work.
• Performs other duties as assigned.

Reports To

• Director, Security Operations Center

Qualifications - Experience/Skills/Competencies

• Minimum 3 years experience in cyber security analysis or a related role.
• Foundational understanding of networking, operating systems, and security principles.
• Strong knowledge of security event triage, threat indicators, and common attack techniques (MITRE ATT&CK familiarity preferred).
• Experience and working knowledge in: Azure/M365 Security (Entra ID sign-ins, Defender alerts, Audit Logs, Conditional Access), CrowdStrike Falcon (detections, host overview, process trees, investigations), Elastic / Kibana (search queries, dashboards, lenses, detection alerts), JIRA (ticket management, documentation, workflow transitions), and Endpoint/Network Security Fundamentals.
• Experience performing incident containment and coordinating with IT or cloud engineering teams.
• Ability to read and interpret logs from endpoints, cloud systems, email security tools, and authentication platforms.
• Basic understanding of Windows and Linux system behaviors, processes, and common administrative commands.
• Familiarity with phishing indicators, malware behaviors, user account anomalies, and suspicious network activity.
• Ability to research new technologies, techniques, tactics, and incorporate that information into analytical processes.
• Strong analytical thinking and problem-solving skills, including ability to follow playbooks accurately.
• Ability to work in a fast-paced 24/7 SOC environment with shifting priorities and time-sensitive responses.
• Clear written communication for documenting investigations and summarizing findings.
• High attention to detail and disciplined adherence to procedures and evidence-handling standards.
• Willingness to learn new tools, techniques, and detection methods, including shadowing senior analysts and participating in training.
• Ability to work collaboratively with IT, security engineering, incident response, and management teams.
• Ability to multitask, work on multiple events, and communicate with other team members virtually.
• Ability to take initiative, work autonomously, and complete tickets as prioritized.

Qualifications - Education - Required

• Bachelor's Degree or comparable qualifications

Qualifications - Education - Field(s)/Profession(s)

• Cybersecurity, Information Technology, Computer Science, or related field.
• Equivalent technical certification or hands-on experience (e.g., Security+, CySA+, CCNA CyberOps, or similar).

Qualifications - Education - Preferred

• Scripting for automation or enrichment (Python, Powershell), Intermediate cloud security experience, Certifications (CySA+).

Compensation

The base salary range for this position is ($80,000 - $130,000) inclusive of all geographical differences in the labor market. The base salary for the position will be determined based on factors such as the candidate’s work location, skills, education, and experience. In addition to those factors, we believe in the importance of pay equity and consider the internal equity of our current team members in determining any final offer. We offer a competitive benefits package including health, dental, vision, life insurance, paid time-off benefits, flexible spending account, 401(k) with employer match, and ESPP.

Additional Information

The application deadline for this job opportunity is 7/1/2026.

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.

Finance of America is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, sex (including pregnancy), sexual orientation, religion, creed, age, national origin, physical or mental disability, gender identity and/or expression, marital status, veteran status or other characteristics protected by law.

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.

Finance of America is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, sex (including pregnancy), sexual orientation, religion, creed, age, national origin, physical or mental disability, gender identity and/or expression, marital status, veteran status or other characteristics protected by law.