Level 3 Incident Response Analyst
Allstate
full-time
Posted on:
Location Type: Remote
Location: United States
Visit company websiteExplore more
Salary
💰 $100,000 - $160,000 per year
About the role
- Lead end-to-end incident response activities from triage through closure
- Manage high-severity threats from start to finish, ensuring all actions are thoroughly completed
- Partner with engineering teams to improve detection rules and integrate tooling that enhances security capabilities
- Facilitate incident response retrospectives and surface operational gaps and improvement opportunities
- Mentor SOC analysts and serve as a subject-matter expert for complex security challenges
- Help refine and maintain SOC workflows to ensure clarity, efficiency, and ongoing maturation
- Analyze large volumes of security telemetry to identify patterns, build custom queries, and uncover hidden threats
- Develop application-specific detection rules and response procedures with system and application owners
- Coordinate evidence collection and produce documentation for both technical and non-technical audiences
- Contribute to the development of operational and executive reporting
- Create and prioritize backlogs that drive desired business outcomes by incorporating insights and improvement actions identified during incident response retrospectives
- Maintain active communication with teammates and cross-functional partners to strengthen overall response capability
Requirements
- 7+ years of hands-on Cybersecurity experience
- 5+ years in Incident Response and/or Digital Forensics
- Strong background in Incident Response, Incident Handling, and Security Operations
- Extensive knowledge of Windows and Linux operating systems and associated applications (IIS, SQL, Apache, etc)
- Strong knowledge of cloud computing services including Azure, GCP, & AWS
- Proficiency with EDR/XDR platforms (CrowdStrike, SentinelOne, Microsoft XDR)
- Experience using SIEM platforms (Splunk, Microsoft Sentinel, Elastic, Chronicle)
- Next Generation firewalls (Cisco ASA, Palo Alto experience)
- Practical knowledge of MITRE ATT&CK and common threat-actor TTPs
- PCAP and network-traffic analysis skills using Wireshark or Zeek
- Scripting familiarity (Python, PowerShell, Bash)
Benefits
- Equal Opportunity employer – Veterans/Disabled and other protected categories
- Candidates must possess authorization to work in the United States
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Incident ResponseDigital ForensicsSecurity OperationsWindows Operating SystemLinux Operating SystemCloud ComputingEDR/XDR PlatformsSIEM PlatformsNetwork Traffic AnalysisScripting
Soft Skills
LeadershipMentoringCommunicationCollaborationAnalytical ThinkingProblem SolvingOperational ImprovementDocumentation