IT Security Incident Handler
- Career Level
- Not Specified
Where good people build rewarding careers.
Think that working in the insurance field can't be exciting, rewarding and challenging? Think again. You'll help us reinvent protection and retirement to improve customers' lives. We'll help you make an impact with our training and mentoring offerings. Here, you'll have the opportunity to expand and apply your skills in ways you never thought possible. And you'll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.
The Security Analyst (Tier 3) will perform responsibilities as the technical lead for Allstate's Security Operations Center (SOC), leading technical investigations for security incidents, overseeing process improvements, and driving implementation of new capabilities. Serve as a technical escalation resource for other SOC Analysts and provide mentoring for skill development. Partner with Security Engineers to implement and improve technology and process to enhance SOC monitoring, investigation, and response.
• Serving as an escalation resource and mentor for other analysts
• Perform investigation and escalation for complex or high severity security threats or incidents
• Work with SIEM Engineering and other security partners developing and refining correlation rules
• Work on complex tasks assigned by leadership, which may involve coordination of effort among Tier 1/2 analysts
• Coordinate evidence/data gathering and documentation and review Security Incident reports
• Assist in defining and driving strategic initiatives
• Create and develop SOC processes and procedures working with Tier 2 Analysts
• Provide recommendations for improvements to Allstate's Security Policy, Procedures, and Architecture based on operational insights
• Define and assist in creation of operational and executive reports
• Define tool requirements to improve SOC capabilities
• Provide leadership and technical guidance in project planning, task definition, estimating, reporting, scheduling, documentation, and workflow.
At least 10 years of technical experience in Information Security, System Administration, or Network Engineering with at least 5 years of experience in Information Security. Experience in Security Operations and Incident Response. College degree in related field or equivalent work experience.
• Advanced event analysis leveraging SIEM tools (ArcSight preferred)
• Advanced incident investigation and response skill set
• Advanced log parsing and analysis skill set
• Advanced knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc)
• Advanced knowledge of current threat landscape (threat actors, APT, cyber-crime, etc)
• Advanced knowledge of malware operation and indicators
• Advanced knowledge of penetration techniques
• Moderate to Advanced knowledge of DDoS mitigation techniques
• Moderate to Advanced knowledge or IDS/IPS systems
• Moderate to Advanced knowledge of Windows and Unix or Linux
• Moderate knowledge of Firewall and Proxy technology
• Moderate knowledge of Data Loss Prevention monitoring
• Moderate experience with scripting
• Moderate knowledge of forensic techniques
• Moderate protocol analysis experience (Wireshark, Gigastor, Netwitness, etc.)
• Moderate knowledge of audit requirements (PCI, HIPPA, SOX, etc.)
• Experienced in mentoring and training junior analysts
Security Certifications Preferred (Including but not limited to the following certifications):
- Certified Incident Handler (GCIH)
- Certified Intrusion Analyst (GIAC)
- Certified Ethical hacker (CEH)
- Certified Expert penetration tester (CEPT)
- Networking Certifications (CCNA, etc)
- Platform Certifications (Microsoft, Linux, Solaris, etc)
Good Work. Good Life. Good Hands®.
Allstate is where good people can build a rewarding career and we provide the resources you need to succeed, both personally and professionally. Our culture and employee programs have also drawn praise from outside organizations like Working Mother magazine, LATINA Style and Black Enterprise. Learn more about the resources, benefits, and programs Allstate has to offer you under the MyWorkLife tab on MyDesktop.
Hear what other Allstaters think. Follow us on Twitter, Facebook, Instagram and LinkedIn or watch a video.
Please note, to be fully considered for this opportunity you must attach an updated resume to your profile when you apply, and if applicable, include:
- Your updated Allstate position(s) and titles, specific experiences and skills developed
- Committee/subgroup work
- Talent Share opportunities
- Completed programs/coursework
Visit "Managing Your Career" located under MyWorkLife (via MyDesktop) to further enhance your career profile and development goals.
Allstate generally does not sponsor individuals for employment-based visas for this position.
Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.
For jobs in San Francisco, please see the notice regarding the San Francisco Fair Chance Ordinance.
It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.