Digital Forensics Incident Response (DFIR) Lead

Description :

Where good people build rewarding careers.

Think that working in the insurance field can't be exciting, rewarding and challenging? Think again. You'll help us reinvent protection and retirement to improve customers' lives. We'll help you make an impact with our training and mentoring offerings. Here, you'll have the opportunity to expand and apply your skills in ways you never thought possible. And you'll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.

Job Description

Role Description

We are seeking an experienced DFIR team lead to perform intelligence-driven network defense supporting the Security Operations Center capabilities (Threat Intelligence, Threat Hunting, and Incident Monitoring/Response/Handling, et al.) The role involves forensic analysis of online and offline ("dead-box") hosts and network logs associated with information security incidents discovered by the Threat Hunting and Monitoring capabilities. The role is supported by large amounts of data from vendor SaaS tools and internal sources, including various indicator feeds, SIEM, several threat intelligence tools, case management tools, forensics hardware/software, etc. in order to assist the DFIR team in contributing a near-complete technical understanding of information security incidents. The candidate will perform the functions of a digital forensics examiner team lead and collaborate with other teams in the Security Operations Center.

Job Description


  • Manage the collection, preservation, processing, and analysis of digital evidence in support of investigations and incident response. Responsibilities include, but are not limited to, incident scoping, workflow, execution of forensically sound collections through proposed workflows, relevant data identification, and coordination of data handoffs to investigative resources.
  • Generate concise, accurate, and unbiased forensic findings reports on an as-needed basis.
  • Work and coordinate with additional Allstate personnel to assist as-needed throughout the active investigations.
  • Mentor other forensic examiners in procedures, skills uplift, and approaches
  • Manage evidence including collection and forensic preservation, storage, and chain-of-custody.
  • Maintain highly detailed incident-related notes and documentation.
  • Candidate should be comfortable with work-related travel as well as occasionally working extended hours.

Job Qualifications


  • 4-year Bachelor of Science degree in one or more of the following preferred concentrations: Computer Forensics, Computer Science, Computer Engineering, Information Technology, or Management of Information Systems.
  • 5+ years of direct computer forensics experience.
  • Operational understanding of modern threats and tactics used currently.
  • Experience with malware investigations and techniques used to investigate these incident.
  • Experience with PII and PCI investigations, as well identifying the resources needed to successfully investigate them.
  • Experience in supporting an Enterprise or Security Operation Center (SOC) investigation.
  • Familiar with industry accepted Open Source Solutions to help with varied components of an investigation.
  • Familiar with industry standard forensic software such as XWays, EnCase, FTK, and other software's that may come to market.
  • Experience with identification, preservation, and analysis of electronic data pertaining to laptops, desktops, servers, backup tapes, mobile devices, webmail providers, cloud services, and other emerging technologies.
  • Strong background with Microsoft Windows, Apple OS X, and Linux operating systems.
  • Familiar with network environments and computer and network administration protocols.
  • Strong hardware and software troubleshooting technical experience.
  • Excellent analytics skills.
  • Efficient multi-tasking abilities.
  • Excellent written and oral communication skills.
  • Ability to create and deliver tasked items when such are required.
  • Experience with scripting and programming languages such as: C#, Go, Java, Python, Pearl, Bash scripting, PHP, and others that would help streamline investigative techniques.

Desired Skills

  • Master of Science degree in one of the above concentrations.
  • Forensic concept/software certifications such as SCERS, CFCE, CCE, SANS, and other industry accepted skillsets.

Good Work. Good Life. Good Hands®.

As a Fortune 100 company and industry leader, we provide a competitive salary – but that's just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you'll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.

Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please see the notice regarding the San Francisco Fair Chance Ordinance.

For jobs in Los Angeles, please seethe notice regarding the Los Angeles Ordinance.

It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.


Meet Some of Allstate's Employees


Director Of Technology Strategy

Josh is constantly looking for opportunities for Allstate to use technology and computer software in innovative ways that continue to build on the company’s core strengths.


Agile Software Developer

Because developers at Allstate engage in paired programming, Jordan spends the majority of his day working with one of his fellow developers on various coding projects.

Back to top