Lead SOAR Developer

    • Northbrook, IL

Where good people build rewarding careers.

Think that working in the insurance field can't be exciting, rewarding and challenging? Think again. You'll help us reinvent protection and retirement to improve customers' lives. We'll help you make an impact with our training and mentoring offerings. Here, you'll have the opportunity to expand and apply your skills in ways you never thought possible. And you'll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.

Job Description

The Opportunity:
We are the Good Hands; we help people realize their hopes and dreams through products and services designed to protect them from life's uncertainties and to prepare them for the future. Nearly every major Allstate project has a partnership with technology - a partnership that is imperative to the success of the organization. With the company's size and related technology scale, job opportunities and career advancement paths in IT are abundant at Allstate. In order to maintain our place at the forefront of the technological landscape, Allstate needs to hire the best and the brightest talent - is that you?

The Role:
The Global Security Fusion Center(GSFC) - Lifecycle Management & Automation team handles all of the GSFC's systems lifecycle, SOAR, and application development that the GSFC's teams' processes depend upon.
GSFC LM&A technical/delivery leads function as coordinators and technical subject matter experts for their focus groups. The lead for the SOAR focus group is responsible for the delivery of all Security Orchestration, Automation and Response activities. A growing team of 4-6 playbook developers will rely on their lead for technical advice and guidance. The LM&A manager will rely on this individual as the single point of contact for all SOAR related activities. This role reports to the Manager of GSFC Lifecycle Management & Automation.

Key Responsibilities

  • Closely support and collaborate with other Global Security Fusion Center teams to identify requirements, develop playbooks on the Phantom and Resilient platforms to accomplish the requirements, test playbooks, communicate/coordinate the release of playbooks with affected customers and stake-holders, then release developed automations.
  • Python development, credentials management, Firewall Change Requests, etc.
  • Build strong partnerships with technical dependency teams
  • Light project management
  • Expert-level technical hands-on work
  • Mentoring other platform engineers in OS, networking, IT operations
  • Tracking and driving to completion all of the SOAR development focus group's deliverables
  • Other duties as assigned


Job Qualifications

Technical Qualifications:
  • Bachelors and/or Master's Degree or equivalent experience in Information Security, Engineering, Computers Science, or related field
  • Have 5+ years experience in application care: admin, patching, vendor support interactions, etc.
    • Have 5+ years experience in network fundamentals mastery:
    • OSI/DoD network models
    • Ethernet
    • IPv4/IPv6
    • typical layer 3 and 4 protocols associated with IP
    • application layer protocol knowledge
    • stateful inspection firewalls
    • etc.
  • Have 5+ years experience in security operations center related disciplines: threat intel, vulnerability management, penetration testing, incident handling (preferred), etc...
  • 2+ years programming/software development: procedural and OO programming, scripting, RESTful/SOAP API. Most of our work is with Python, so Python programming is necessary.
  • 5+ years SOAR development experience. Preferred candidates will be well versed in Splunk>Phantom.
  • Outstanding customer service attitude and skill.
  • Moderate familiarity with Splunk and Splunk>Enterprise Security.
  • Passion for constant self-improvement and learning
  • Familiar with industry standard security best practices for information security and cyber security operations


The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.

Good Work. Good Life. Good Hands®.

As a Fortune 100 company and industry leader, we provide a competitive salary - but that's just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you'll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.

Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please click "here" for information regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click "here" for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.

To view the "EEO is the Law" poster click "here". This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs

To view the FMLA poster, click "here". This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint.

It is the Company's policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee's ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.

Allstate is the largest publicly held personal lines property and casualty insurer in America.

Allstate Company Image


Back to top