Title: SOC Level 3 Analyst
Ref: 21/02/SOC
Think Technology- Think Allstate
We build solutions that touch 16 million customers on a daily basis.
You will work alongside people as passionate as you, focused on delivering the best possible user experiences.
You will work in a highly collaborative environment primed to adapt to an ever-changing landscape and which places technology solutions at its core.
You will thrive, you will think differently, you will challenge convention and have the freedom to act with integrity, intention and speed; you will be at the forefront of developing capabilities in support of Allstate’s global business model; you will deliver results and you will leave things better than you found them.
Location
Belfast
Job Description
The Security Analyst (Level 3) will perform responsibilities as the technical lead and incident responder for Allstate’s Security Operations Center (SOC). This will involve, leading technical investigations for security incidents, overseeing process improvements, and driving implementation of new capabilities. You will serve as a technical escalation resource for other Global Fusion Center Analysts and provide mentoring for skill development. You will partner with Security Engineers to implement and improve technology and process to enhance Global Fusion Center monitoring, investigation, and response.
Responsibilities include (but aren't limited to):
- Serve as an escalation resource and mentor for other analysts.
- Perform investigation and escalation for complex or high severity security threats or incidents.
- Work on complex tasks assigned by leadership, which may involve coordination of effort among Level 1/2 analysts.
- Coordinate evidence/data gathering and documentation and review Security Incident reports.
- Assist in defining and driving strategic initiatives.
- Create and develop SOC processes and procedures working with Level 2 Analysts.
- Provide recommendations for improvements to Allstate’s Security Policy, Procedures, and Architecture based on operational insights.
- Define and assist in creation of operational and executive reports.
- Define tool requirements to improve SOC capabilities.
- Provide leadership and technical guidance in project planning, task definition, estimating, reporting, scheduling, documentation, and workflow.
- Demonstrate the ability to work with little to no management.
Essential Criteria
- Must be an EU citizen or possess a current UK Tier 1 Visa or Tier 2 visa and eligible to take up full time, permanent employment. EU candidates must also demonstrate they are eligible to take up UK employment post-Brexit.
- 5+ years of relevant technical experience in Information Security, System Administration, or Network Engineering
- 3+ years at tech lead level
- College degree in related field or equivalent work experience.
- Experience in Security Operations and Incident Response.
- Detailed practical knowledge of Internet protocols, firewalls, load balancers, routers, switches, intrusion detection/prevention systems.
- Ability to conduct multi-step breach and investigative analysis to trace the dynamic activities associated with advanced threats.
- Knowledge of configuration of firewalls, load balancers, routers, and switches.
- Advanced knowledge and expertise of using SIEM technologies for event investigation.
- Work with SIEM Engineering and other security partners developing and refining correlation rules.
Desirable Criteria
- Advanced event analysis leveraging SIEM tools.
- Advanced incident investigation and response skill set.
- Advanced log parsing and analysis skill set.
- Advanced knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc).
- Advanced knowledge of current threat landscape (threat actors, APT, cyber-crime, etc).
- Advanced knowledge of malware operation and indicators.
- Advanced knowledge of penetration techniques.
- Moderate to Advanced knowledge of DDoS mitigation techniques.
- Moderate to Advanced knowledge or IDS/IPS systems.
- Moderate to Advanced knowledge of Windows and Unix or Linux.
- Moderate knowledge of Firewall and Proxy technology.
- Moderate knowledge of Data Loss Prevention monitoring.
- Moderate knowledge and experience with Cloud technologies (Amazon, Azure, Google Cloud).
- Moderate experience with scripting.
- Moderate knowledge of forensic techniques.
- Moderate protocol analysis experience (Wireshark, Gigastor, Netwitness, etc.)
- Moderate knowledge of audit requirements (PCI, HIPPA, SOX, etc.)
- Experienced in mentoring and training junior analysts.
- Security certifications such as Certified Information Systems Security Professional (CISSP), Networking Certifications (CCNA, etc), Certified Incident Handler (GCIH), Certified Intrusion Analyst (GIAC), Certified Ethical hacker (CEH)
On-call Requirements
Apply Here: https://bit.ly/3bZv90y
Closing Date: Friday 28th February
Statement on Fair Employment and Equal Opportunities:
Allstate NI wishes to ensure equal opportunity is given to all job applicants. This company will not discriminate on the grounds of race, gender (including gender reassignment status), sexual orientation, religious belief, political opinion, marital status, age or disability.
We are an equal opportunities employer. We welcome applications from all suitably qualified persons. However, as women are currently under-represented in our workforce, we would particularly welcome applications from women. All appointments will be made on merit.
Applicants should note Allstate NI complete AccessNI background checks on all candidates offered a position.
