Job Description

First American Bank was founded in Chicago, and over the years has expanded throughout Wisconsin and Florida. As the largest privately held bank in Illinois, we now have over 60 locations and assets of $5+ billion. We are a community bank at heart with international expertise, traditional values, and a forward-looking philosophy. Our employees have the experience and vision to meet the needs of savers, borrowers, and businesses in the 21st century. First American Bank can offer employees a level of visibility, career growth, and stability that is difficult to find in many larger corporations.

The Technical Incident Response Analyst is responsible for monitoring, analyzing, and responding to cybersecurity alerts and incidents across enterprise infrastructure and security platforms. This role serves as a primary investigator for security events, ensuring timely detection, containment, remediation, documentation, and escalation of incidents in alignment with established incident response playbooks, regulatory requirements, and internal controls.

The position combines real‑time alert monitoring, technical investigation, firewall and configuration change validation, and execution of defined recurring operational tasks to maintain a strong security posture across the organization.

DUTIES & RESPONSIBILITES

Monitor and respond to cybersecurity alerts generated from SIEM provider dashboards and security monitoring platforms.
Investigate, remediate, and document security incidents reported through automated alerts, tickets, emails, phone calls, or external SOC notifications.
Act as the primary investigator for potential security incidents identified by SOC analysts or monitoring tools.
Follow documented incident response playbooks while exercising sound judgment to contain and remediate threats.
Investigate phishing emails, user‑reported security concerns, and potential attempts at fraud or financial loss.
Review authentication, endpoint, network, and application activity for anomalous or malicious behavior.
Analyze firewall logs, IDS alerts, intrusion prevention activity, anti‑malware events, server logs, and application logs.
Monitor intrusion detection systems, for indicators of compromise or suspicious activity.
Correlate data across SIEM, IDS, endpoint, and firewall platforms to support incident investigations.
Perform log reviews using standardized incident response and log review templates.
Perform reconciliation of firewall rule and configuration changes.
Validate that all changes are authorized, approved, and compliant with change management and security policies.
Identify unauthorized or out‑of‑policy changes and escalate violations as required

Execute daily, weekly, and periodic tasks defined in the Incident Response recurring task schedule, including:

Reviewing Microsoft Defender security incidents and assigning or resolving alerts.

Reviewing external SOC (e.g., Proficio) incident tickets to ensure proper closure.

Reviewing SIEM and Kibana dashboards for authentication failures and other abnormal activity.

Validating completion and documenting evidence through screenshots and reports.

Document incident activity, evidence, analysis, and remediation actions in an audit‑ready manner.
Communicate incident status clearly to Information Security leadership, infrastructure teams, and management.
Provide incident reporting suitable for internal audit, regulatory examination, and compliance reviews.
Track incidents end‑to‑end to ensure timely closure and proper documentation.
Participate in SOC and security working group sessions to improve detection rules and reduce false positives.
Review and update automated alerts and incident response playbooks for accuracy and effectiveness.
Collaborate with networking, systems, endpoint, and application teams during investigations.

QUALIFICATIONS

Minimum of three years of experience directly related to incident response, security monitoring, or cybersecurity operations.
Hands‑on experience with SIEM platforms, incident response tooling, and alert monitoring solutions.
Experience with firewall technologies, network security concepts, and endpoint protection platforms.
Experience performing log analysis and incident investigations across multiple data sources.
Exposure to Linux operating systems preferred.

Working knowledge of:

SIEM and security monitoring platforms

Firewalls, TCP/IP networking, LAN/WAN infrastructure

Endpoint protection and anti‑malware solutions

IDS/HIDS platforms

Microsoft 365 security tools

Demonstrated ability to reconcile configuration changes and validate security controls.
Qualified military veterans are encouraged to apply.
Must be professional, comfortable speaking with external and internal contacts with a demonstrated ability to tailor the message appropriately to the audience and situation effectively.
Ability to relay technical information to both technical and non-technical personnel.
Ability to write technical documentation.
Demonstrated ability to convey thoughts and ideas effectively and succinctly via written formats, including emails, letters, and electronic platforms. Maintain professional standards relating to spelling and grammar.
Maintain credibility through professional demeanor, appearance, and presence by modeling standards appropriate to our environment and industry.
Maintain good working relationships with internal partners by exhibiting exemplary interpersonal skills, adopting a constructive, solutions-focused approach.
Use sound professional judgment to balance the interests of the organization and customer, understanding and using available resources to mitigate risks.
Proficiency with Microsoft 365 products and applications, including the ability to effectively prepare or review documents, procedures, and reports.
Proficiency in Network Management and Firewalls, Servers, TCP/IP Schema, Remote Access Solutions, & NFS/ISCCI/CIFS networking/storage interdependencies.
Demonstrated ability to learn new systems and applications, as well as the ability to understand, adapt and adjust responsibilities/workflows as a result of system upgrades.
Occasional travel to other First American Bank locations, Bank functions, and training facilities may be required.
Typical schedule is Monday through Friday 8:00 a.m. to 5:00 p.m. Additional hours may be required depending upon business need.
Rotational Saturday work and off-hours on-call availability.
Punctuality is required to maintain First American Bank’s customer service standards.

About First American Bank

Founded in Chicago, First American Bank is a privately held, full-service bank with over 900 employees and $7 billion in assets. We stand out by offering traditional, personalized service alongside modern self-service banking apps, giving you the best of both worlds.

As a privately held institution, we're able to focus on long-term goals without the pressure of quarterly performance reviews. This enables us to maintain a customer-focused approach and foster a collaborative work environment for our team. With locations in Chicago, Miami, Tampa, and Milwaukee, we are proud to serve individuals, families, and businesses with personalized banking solutions, expert lending, and comprehensive wealth management services. Your success is our priority. Learn more about us and our commitment to privacy at the links below.

Our Story: https://www.firstambank.com/About/Explore/Our-Story

For information on First American Bank’s commitment to privacy and security, visit https://www.firstambank.com/About/Explore/Policies-and-Notices/Privacy-and-Security

Member FDIC • Equal Housing Lender

Industry

Finance & Insurance

Company Size

1,001-5,000 employees

Headquarters

Elk Grove Village, IL

Year Founded

Unknown

Website

firstambank.com

Social Media