Security Engineering Lead Engineer (Hybrid)

At Allstate, great things happen when our people work together to protect families and their belongings from life's uncertainties. And for more than 90 years, our innovative drive has kept us a step ahead of our customers' evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection.

Your role in the team
The Lead Engineer - Security Engineering will be the direct leader responsible for the day-to-day development, implementation, and support of security controls across multiple product security engineering teams, working with global stakeholders. This position requires a strong, well-rounded technical leader who can quickly learn the overall business and technology processes supported by the teams, and who is eager to grow skills within the security engineering landscape, including secure software development, cloud security, application security, and modern DevSecOps practices. The role demands hands-on expertise in security engineering, along with solid integration and compliance knowledge.

Lead Engineers are expected to build relationships throughout the organization to ensure whole-company alignment and support for their goals, and vice-versa. The Lead Engineer architects and designs secure digital products using modern tools, technologies, frameworks, and systems. They apply a systematic application of scientific and technological knowledge, methods, and experience to the design, implementation, testing, and documentation of secure software. They own and manage running their applications in production and are accountable for the success of their digital products through achieving KPIs, including security metrics.

Key Responsibilities

• Frequently advise others on complex security engineering matters.
• Build foundation to translate security strategy into challenging and meaningful goals.
• Manage teams responsible for strategic and critical security architecture or provide functions that are of key strategic value to the business.
• Act as an authority in secure software best practices and propagate these throughout the broader organization, beyond their individual team.
• Expert ability to view the organization as a whole, especially in terms of risk and security posture.
• Leverage and influence key stakeholders to drive adoption of security controls and practices.

• Designing, implementing, and productizing security controls to address complex business and technology challenges.

• Working directly with business and technical teams to assess and provide security technology support.

• Understanding multiple end-to-end business and technology processes, with a focus on security risks and mitigations.

• Deep knowledge of technical details, integration, and functions of security tools and platforms (e.g., IAM, SIEM, vulnerability management, cloud security).

• Evaluating potential system enhancements and upgrades, influencing the security product roadmap.

• Identifying and implementing process improvements and product simplification opportunities, especially in security operations.

• Providing technical or functional leadership for team members in security engineering.

• Ensuring industry and technology best practices are followed for secure development and operations.

• All applicants must demonstrate they have a legal right to work in the UK for employment at Allstate. Allstate is not providing sponsorship for this vacancy.
• A minimum of 5 years of experience in software or security engineering
• A minimum of 3 year's experience in technical leadership or managerial role.
• Deep understanding of secure software development, vulnerability management, cloud security, application security, and modern security engineering practices.
• Experience with secure software configuration and development, including secure APIs, authentication/authorization, encryption, and threat modeling.
• Experience working with modern security frameworks, tools, and methodologies (e.g., DevSecOps, CI/CD security, cloud-native security).
• Deep understanding of technology best practices in areas of secure development and compliance.
• Experience in Test Driven Development (TDD), Agile SCRUM methodologies, and secure SDLC.

• Prior accountability for security KPIs such as vulnerability SLAs, incident rates, control coverage, and posture improvements.
• Experience owning systems end-to-end in production, including reliability and operational security.
• Experience conducting post-incident reviews and driving systemic improvements.

• This job does have supervisory duties.