Level 2 Incident Handler

Where good people build rewarding careers.

Think that working in the insurance field can't be exciting, rewarding and challenging? Think again. You'll help us reinvent protection and retirement to improve customers' lives. We'll help you make an impact with our training and mentoring offerings. Here, you'll have the opportunity to expand and apply your skills in ways you never thought possible. And you'll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.

Job Summary

The Global Security Fusion Center Incident Handling team is responsible for investigating all cyber security incidents at Allstate. This team detects, responds, and remediates threats for the enterprise. The Level 2 Incident Handler is part of the core investigation team for Allstate and is responsible for performing security investigations and training/mentoring Level 1 Incident Handlers. Level 2 Incident Handlers are also expected to play an active role in process development and assist with the selection of new technologies related to their work.

Job Qualifications

  • Ideal candidate will have 3+ years of security related experience in incident triage/incident response
  • Experience with command line interface and some level of exposure to administering systems and services for various operating systems.
  • Knowledge of security incident and event management, log analysis, network traffic analysis, malware investigation/remediation, SIEM correlation logic and alert generation
  • Demonstrated ability to analyze, triage and remediate security incidents
  • Understanding of Security principles, techniques and technologies such as SANS Top 20 Critical Security Controls and OWASP Top 10
  • Ability to manage multiple priorities simultaneously
  • Moderate knowledge of networking fundamentals (TCP/IP, Network Layers, etc.)
  • Moderate knowledge of malware operation and indicators
  • Moderate knowledge of current threat landscape (threat actors, APT, cyber-crime, etc.)
  • Moderate knowledge of security related technologies and their functions (IDS, IPS, EDR, IRP, FW, WAF, SIEM, etc.)
  • Moderate protocol analysis experience (Wireshark, tcpdump, Netwitness, Snort, Bro, etc.)
  • Basic knowledge of audit requirements (PCI, HIPPA, SOX, etc.)


Education / Certifications

Security Certifications Preferred (including but not limited to the following certifications):
  • Certified Incident Handler (GCIH)
  • Certified Intrusion Analyst (GIAC)
  • Certified Ethical hacker (CEH)
  • Certified Expert penetration tester (CEPT)
  • Certified Information Systems Security Professional (CISSP)
  • Networking Certifications (CCNA, etc.)
  • Platform Certifications (Microsoft, Linux, Solaris, etc.)


The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.

Good Work. Good Life. Good Hands®.

As a Fortune 100 company and industry leader, we provide a competitive salary - but that's just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you'll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.

Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please click "here" for information regarding the San Francisco Fair Chance Ordinance.

For jobs in Los Angeles, please click "here" for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.

It is the Company's policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee's ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race, religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.


Back to top