Incident Response Forensics Examiner
Where good people build rewarding careers.
Think that working in the insurance field can’t be exciting, rewarding and challenging? Think again. You’ll help us reinvent protection and retirement to improve customers’ lives. We’ll help you make an impact with our training and mentoring offerings. Here, you’ll have the opportunity to expand and apply your skills in ways you never thought possible. And you’ll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.Job Description
**We are open to applicants who are willing to work at our home office in Northbrook, IL or our strategic Global Security Fusion Center office in Charlotte, NC. Strong, qualified candidates in other US markets may be given consideration as remote / home-based professionals.**
We are seeking an experienced Digital Forensics Incident Response (DFIR) candidate to perform intelligence-driven network defense supporting the Global Security Fusion Center (GSFC) capabilities (Incident Handling, Threat Intelligence, Threat Hunting and other stakeholders for GSFC). The role involves forensic analysis of online and offline (“dead-box”) hosts and network logs associated with information security incidents discovered by the System-level Monitoring and Threat Hunting capabilities. The role is supported by large amounts of data from vendor SaaS tools and internal sources, including various indicator feeds, SIEM, several threat intelligence tools, etc. in order to assist the role in contributing a near-complete technical understanding of information security incidents. The individual in this position will perform the functions of a digital forensics examiner and collaborate with other teams associated with GSFC.Key Responsibilities
- Identify key data points regarding information security incidents, such as root-cause analysis, possible attack methods and techniques, malware infection and persistence methods, etc.
- Must understand the life cycle of an Incident and tools used to determine root cause during an incident.
- Operation understanding on reverse engineering malware.
- Perform network, disk, system files and memory forensic analysis.
- Custom tool design to assist in analysis and investigation. (Related experience in programming, database, system administration, etc.).
- Implementing integration/orchestration of existing and new forensic infrastructure and tools.
- Perform custom analysis on (centralized) security event information to analyze incidents.
- Collaborate with Engineering on the development of detection signatures and correlation use cases when appropriate.
- Perform as an Information Security SME in the following areas:
- Digital Forensics
- Incident Response
- Log analysis
- Popular operating systems (Windows, Mac, Linux, Android, etc.)
- Networking (firewalls, IDS/IPS, packet capture)
- Other security related disciplines
- Continued collaboration and support with teammates, as well colleagues as it pertains to incident analysis
- Bachelors and/or Masters Degree in Engineering, Computers Science, or related field.
- 5+ years overall technical experience in either forensics, threat intelligence, incident response, security operations, or related technical information security field.
- Deep understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, HTTP, etc.
- Strong Incident Handling experience.
- Strong and recent experience with malware analysis and reverse engineering.
- Strong experience with popular OS architectures (e.g. Russinovich’s Windows Internals, Linux kernel architecture, etc.).
- Experience with security operations tools, including but not limited to:
- Threat Intelligence Platforms
- Link/relationship analysis (e.g. Maltego, IBM i2 Analyst Notebook)
- Signature development/management (e.g. Snort rules, Yara rules)
- Broad experience with various common security infrastructure tools (NIDS, HIPS, EDR, etc.).
- Excellent analytical and problem solving skills, a passion for research and puzzle-solving.
- Expert understanding of large, complex corporate network environments.
- Strong communication (oral, written, presentation), interpersonal and consultative skills, especially in regard to white papers, briefs, and presentations.
- Good organization and documentation skills.
- Leadership and mentorship skills
The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.
Good Work. Good Life. Good Hands®.
As a Fortune 100 company and industry leader, we provide a competitive salary – but that’s just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you’ll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.
Allstate generally does not sponsor individuals for employment-based visas for this position.
Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.
For jobs in San Francisco, please click “here” for information regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click “here” for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.
To view the “EEO is the Law” poster click “here”. This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs
To view the FMLA poster, click “here”. This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint.
It is the Company’s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee’s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.