Cyber Threat Hunter
Where good people build rewarding careers.
Think that working in the insurance field can't be exciting, rewarding and challenging? Think again. You'll help us reinvent protection and retirement to improve customers' lives. We'll help you make an impact with our training and mentoring offerings. Here, you'll have the opportunity to expand and apply your skills in ways you never thought possible. And you'll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.
We are seeking an experienced Threat Operations Hunter to perform intelligence-driven network defense supporting the monitoring and incident response capabilities. The role will involve analysis of large amounts of data from vendors and internal sources, including various indicator feeds, Splunk, and several threat intelligence tools, etc. The candidate will perform the functions of threat operations and hunting and serve as the liaison for Threat Intelligence on-site in the Security Operations Center, and mentor the incident handling, incident response, and forensics teams.
- Enhancing the Security Operations and Threat Intelligence workflow by redesigning process and approach to operationalize the sharing and utilization of actionable intelligence and indicators.
- Assist in identifying (hunting) and profiling threat actors and TTPs.
- Custom tool design to assist in analysis and investigation. (Related experience in programming, database, system administration, etc.)
- Implementing integration/orchestration of existing security infrastructure and indicators.
- Design and run custom analysis models on (centralized) security event information to discover active threats, including collaboration on the development of use cases when appropriate.
- Perform as an Information Security SME in the following areas:
- Threat Intelligence
- Incident Response
- Log analysis (statistical modeling, correlation, pattern recognition, etc.)
- Microsoft platform (Server, workstation, applications)
- Open Systems platforms (Linux, UNIX, VM Ware ESX)
- Web Application
- Networking (firewalls, IDS/IPS, packet capture)
- Databases (Oracle, SQL Server, DB2, IMS)
- …and others.
- Providing mentorship and support to teammates with regard to Threat Intelligence, communication/rapport with other divisions and various levels of leadership, technical expertise, and career development.
- Capable of identifying need & driving solutions, and providing guidance, in an autonomous manner.
- Bachelors and/or Masters Degree in Engineering, Computers Science, or related field
- 10+ years overall technical experience in either threat intelligence, incident response, security operations, or related information security field.
- 5+ years experience in application design/engineering, including but not limited to programming/scripting, Windows/Linux system administration, RDBMS/NoSQL database administration, etc.
- 2+ years experience in penetration testing, ethical hacking, exploit writing, and vulnerability management
- Deep understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, HTTP, etc.
- Strong and recent experience with malware analysis and reverse engineering.
- Advanced experience with security operations tools, including but not limited to:
- SIEM (e.g. Splunk, ArcSight)
- Indicator management (e.g. ThreatConnect)
- Link/relationship analysis (e.g. Maltego, IBM i2 Analyst Notebook)
- Signature development/management (e.g. Snort rules, Yara rules)
- Broad experience with various common security infrastructure tools (NIDS, HIPS, EDR, etc.)
- Excellent analytical and problem solving skills, a passion for research and puzzle-solving.
Expert understanding of large, complex corporate network environments
- Strong communication (oral, written, presentation), interpersonal and consultative skills, especially in regard to white papers, briefs, and presentations.
- Good organization and documentation skills
Leadership and mentorship skills
- At least hobbyist experience in "maker"/hardware hacking, e.g. Raspberry Pi, Arduino, etc.
- Experience with incident response workflow (or other case management "ticketing") tools such as RSA Archer, ServiceNow, Remedy, JIRA, Resilient, Best Practical Request Tracker, etc.
- Obtained certifications in several of the following: SANS GIAC courses, CEH, CISSP, OSCP, or tool-specific certifications
Scripting experience related to system administration and security operations (Python, Bash, Powershell, Perl, C/C++)
The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.
Good Work. Good Life. Good Hands®.
As a Fortune 100 company and industry leader, we provide a competitive salary – but that's just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you'll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.
Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.
Allstate generally does not sponsor individuals for employment-based visas for this position.
Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.
For jobs in San Francisco, please see the notice regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please seethe notice regarding the Los Angeles Ordinance.
It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.
Meet Some of Allstate's Employees
Data Analytics Engineer
Patrick supports the work of his fellow Data Scientists by coding predictive models. He works to create functional Allstate products by making sense of the company's vast amount of customer data.
Back to top