Allstate
Level 2 Incident Response Analyst
Posted on Mar 13 Remote, IL 14 views
At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years, our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection.
Job Description
Allstate’s Global Security Fusion Center (GSFC) Incident Handling team is responsible for investigating all cybersecurity incidents at Allstate. This team detects, investigates, and remediates threats for the enterprise. The Level 2 Incident Response Analyst is part of the core team for Allstate and is responsible for performing security investigations and training/mentoring of Level 1 Incident Handlers. Level 2 Analysts are also expected to play an active role in process development and assist with the selection of new tools/technologies related to their work.
Key Responsibilities
Key Skills & Qualifications
#LI-JJ1
Skills
Analytical Thinking, Cyber Incident Response, Cyber Threat Hunting, Digital Forensics, Incident Handling, Information Security, IT Security Operations, Log Analysis, Malware Analysis, Penetration Testing, Problem Solving, Security Incident Response, Security Information and Event Management (SIEM), Security Investigations, SIEM Tools, Stakeholder Management, Threat Detection
Compensation
Compensation offered for this role is $100,000 – 160,000 annually and is based on experience and qualifications.
The candidate(s) offered this position will be required to submit to a background investigation.
Joining our team isn’t just a job — it’s an opportunity. One that takes your skills and pushes them to the next level. One that encourages you to challenge the status quo. One where you can shape the future of protection while supporting causes that mean the most to you. Joining our team means being part of something bigger – a winning team making a meaningful impact.
Allstate generally does not sponsor individuals for employment-based visas for this position.
Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.
For jobs in San Francisco, please click “here” for information regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click “here” for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.
To view the “EEO Know Your Rights” poster click “here”. This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs.
To view the FMLA poster, click “here”. This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint.
It is the Company’s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee’s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.
Job Description
Allstate’s Global Security Fusion Center (GSFC) Incident Handling team is responsible for investigating all cybersecurity incidents at Allstate. This team detects, investigates, and remediates threats for the enterprise. The Level 2 Incident Response Analyst is part of the core team for Allstate and is responsible for performing security investigations and training/mentoring of Level 1 Incident Handlers. Level 2 Analysts are also expected to play an active role in process development and assist with the selection of new tools/technologies related to their work.
Key Responsibilities
Conduct daily case reviews and escalate incidents lacking timely or adequate response.
Prioritize, monitor, & escalate security events based on severity and criticality.
Triage alerts and generate cases for valid, actionable threats.
Maintain detailed case notes and escalate unresolved or high-risk incidents.
Follow detailed operational process and procedures to appropriately analyze, escalate, and assist in remediation of critical information security incidents
Document all incidents, investigative actions, and outcomes thoroughly.
Develop and refine standard operating procedures and workflows based on alert reviews and team feedback.
Coordinate required actions and communications as directed by incident response plans and leadership.
Work closely with GSFC teams to enrich incident data and support comprehensive analysis.
Communicate effectively with stakeholders and employees regarding case status and findings.
Stay informed on emerging cybersecurity threats, trends, and technologies.
Key Skills & Qualifications
4+ years of hands-on experience in a SOC environment with depth in incident triage/response.
Demonstrated ability in analyzing, triaging, & remediating complex security incidents.
Solid knowledge & hands-on experience in log analysis, network traffic analysis, malware investigation, & digital forensics.
Background with SIEM platforms (e.g., Splunk, Sentinel, Elastic, Chronicle) for threat detection and analysis.
Good knowledge of EDR/XDR platforms (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint).
Sound capabilities in analytical thinking, collaboration, & stress management.
Relevant certifications preferred: CompTIA CySA+, GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), Certified Information Systems Security Professional (CISSP)
#LI-JJ1
Skills
Analytical Thinking, Cyber Incident Response, Cyber Threat Hunting, Digital Forensics, Incident Handling, Information Security, IT Security Operations, Log Analysis, Malware Analysis, Penetration Testing, Problem Solving, Security Incident Response, Security Information and Event Management (SIEM), Security Investigations, SIEM Tools, Stakeholder Management, Threat Detection
Compensation
Compensation offered for this role is $100,000 – 160,000 annually and is based on experience and qualifications.
The candidate(s) offered this position will be required to submit to a background investigation.
Joining our team isn’t just a job — it’s an opportunity. One that takes your skills and pushes them to the next level. One that encourages you to challenge the status quo. One where you can shape the future of protection while supporting causes that mean the most to you. Joining our team means being part of something bigger – a winning team making a meaningful impact.
Allstate generally does not sponsor individuals for employment-based visas for this position.
Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.
For jobs in San Francisco, please click “here” for information regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click “here” for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.
To view the “EEO Know Your Rights” poster click “here”. This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs.
To view the FMLA poster, click “here”. This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint.
It is the Company’s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee’s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.
