Level 2 Incident Response Analyst
Role details
Job location
Tech stack
Job description
Allstate's Global Security Fusion Center (GSFC) Incident Handling team is responsible for investigating all cybersecurity incidents at Allstate. This team detects, investigates, and remediates threats for the enterprise. The Level 2 Incident Response Analyst is part of the core team for Allstate and is responsible for performing security investigations and training/mentoring of Level 1 Incident Handlers. Level 2 Analysts are also expected to play an active role in process development and assist with the selection of new tools/technologies related to their work. Key Responsibilities
- Conduct daily case reviews and escalate incidents lacking timely or adequate response.
- Prioritize, monitor, & escalate security events based on severity and criticality.
- Triage alerts and generate cases for valid, actionable threats.
- Maintain detailed case notes and escalate unresolved or high-risk incidents.
- Follow detailed operational process and procedures to appropriately analyze, escalate, and assist in remediation of critical information security incidents
- Document all incidents, investigative actions, and outcomes thoroughly.
- Develop and refine standard operating procedures and workflows based on alert reviews and team feedback.
- Coordinate required actions and communications as directed by incident response plans and leadership.
- Work closely with GSFC teams to enrich incident data and support comprehensive analysis.
- Communicate effectively with stakeholders and employees regarding case status and findings.
- Stay informed on emerging cybersecurity threats, trends, and technologies., The candidate(s) offered this position will be required to submit to a background investigation.
Joining our team isn't just a job - it's an opportunity. One that takes your skills and pushes them to the next level. One that encourages you to challenge the status quo. One where you can shape the future of protection while supporting causes that mean the most to you. Joining our team means being part of something bigger - a winning team making a meaningful impact.
Allstate generally does not sponsor individuals for employment-based visas for this position.
Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.
Requirements
- 4+ years of hands-on experience in a SOC environment with depth in incident triage/response.
- Demonstrated ability in analyzing, triaging, & remediating complex security incidents.
- Solid knowledge & hands-on experience in log analysis, network traffic analysis, malware investigation, & digital forensics.
- Background with SIEM platforms (e.g., Splunk, Sentinel, Elastic, Chronicle) for threat detection and analysis.
- Good knowledge of EDR/XDR platforms (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint).
- Sound capabilities in analytical thinking, collaboration, & stress management.
- Relevant certifications preferred: CompTIA CySA+, GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), Certified Information Systems Security Professional (CISSP)
#LI-JJ1
Skills Analytical Thinking, Cyber Incident Response, Cyber Threat Hunting, Digital Forensics, Incident Handling, Information Security, IT Security Operations, Log Analysis, Malware Analysis, Penetration Testing, Problem Solving, Security Incident Response, Security Information and Event Management (SIEM), Security Investigations, SIEM Tools, Stakeholder Management, Threat Detection
Benefits & conditions
Compensation offered for this role is $100,000 - 160,000 annually and is based on experience and qualifications.
