Architect (Threat Detection & Incident Response)

Mutual of Omaha is hiring an Architect to support our TDIR team. In this role, you will design and evolve the enterprise detection and response architecture that protects our people, data, and infrastructure. You’ll set technical requirements in response to modern threats, and drive end-to-end event telemetry, detection logic, and incident response workflows across on-prem, endpoint, SaaS, and public cloud environments. This role partners closely with Exposure Management, Detection Engineering, and Incident Response practices to measurably reduce risk and improve MTTD/MTTR. 

WHAT WE CAN OFFER YOU:

• Estimated Salary: $130,000 - $165,000, plus annual bonus opportunity.
• Work-life balance with vacation, personal time and paid holidays. See our benefits and perks page for details.
• Applicants for this position must not now, nor at any point in the future, require sponsorship for employment.

WHAT YOU'LL DO:

• Design and oversee the implementation of a comprehensive threat detection architecture, integrating SIEM, EDR, DLP, CNAPP, and NDR to ensure high-fidelity alerting and visibility. 
• Develop strategies for the Exposure Management team, utilizing infrastructure vulnerability/configuration management and data security tools to reduce attack surface risks. 
• Architect and optimize detection engineering to ensure efficient log collection, parsing normalization, and routing to SIEM and UEBA for advanced behavioral analysis. 
• Work closely with other Security Architect II, III, and IV roles to ensure team objectives are solutioned in alignment with division initiatives.

WHAT YOU’LL BRING:

• A strong work ethic and desire to contribute. Self-motivated, problem solver, takes initiative and look for ways to improve and achieve more for the team. 
• SOAR & case management integration experience (e.g., playbook orchestration, triage workflows, ticketing integrations) to accelerate incident handling and automation. 
• Cloud & platform security architecture skills: AWS security patterns (identity, network, workload protection, logging), M365 security ecosystem integration, and identity driven signal correlation.  
• Detection engineering proficiency: event schemas, parsing/normalization, hunting & query languages, and scripting/automation to build, test, and maintain detections and enrichments.  
• Mentoring & communication: experience guiding cross functional teams, mentoring engineers, and presenting complex architectures and risk tradeoffs to technical and business stakeholders.
• You promote a culture of diversity and inclusion, value different ideas and opinions, and listen courageously, remaining curious in all that you do.
• Able to work remotely with access to a high-speed internet connection and located in the United States or Puerto Rico.

PREFERRED:

• Certifications: CISSP, ISSAP, and relevant GIAC (e.g., GCIH, GCDA, GMON).  
• Framework fluency: MITRE ATT&CK & D3FEND, NIST CSF/80053, and CIS Controls; ability to translate framework requirements into practical controls, coverage maps, and KPIs.  
• Proven delivery of architecture artifacts (HLD/LLD, threat models, data flow diagrams), performance/cost optimization of logging pipelines, and continuous detection coverage improvement. 

We value diverse experience, skills, and passion for innovation. If your experience aligns with the listed requirements, please apply! 

If you have questions about your application or the hiring process, email our Talent Acquisition area at careers@mutualofomaha.com. Please allow at least one week from time of applying if you are checking on the status.

Stay Safe from Job Scams
Mutual of Omaha only accepts applications from mutualofomaha.com/careers. Legitimate communications will come from '@mutualofomaha.com.' We never request sensitive information or extend job offers without conducting interviews. For more details, check our Hiring FAQs. Stay alert for scams and apply securely!

Fair Chance Notices