Cyber Threat Hunter (hybrid or remote)

• About Us

   

  The world isn’t standing still, and neither is Allstate.  We’re moving quickly, looking across our businesses and brands and taking bold steps to better serve customers’ evolving needs.  That’s why now is an exciting time to join our team.  You’ll have opportunities to take risks, challenge the status quo and shape the future for the greater good.

   

  You’ll do all this in an environment of excellence and the highest ethical standards – a place where values such as integrity, inclusive diversity and accountability are paramount.  We empower every employee to lead, drive change and give back where they work and live.  Our people are our greatest strength, and we work as one team in service of our customers and communities.

   

  Allstate operate a very flexible hybrid working policy that will allow you to design your working week in collaboration with your manager with a blend of remote and office working for NI based employees as well as condensed working patterns (4 day week/9 day fortnight).  Employees based in GB will be employed on a permanent remote working contract.

   

  Join our team and you’ll find challenge and reward in a culture of innovation, support and balance.

   

   

  Location

   

  Belfast / Derry / Londonderry / Strabane / remote, UK

   

   

  Your role in the team

   

  The Allstate Information Security (AIS) department is responsible for managing cyber security at Allstate.  This includes Governance/Risk/Compliance, Access Management, Network Security, and Threat Response Services.  The department is responsible for ensuring confidentiality, integrity, and availability of Allstate systems.

   

  We are seeking a number of Threat Hunters to perform intelligence-driven network defense supporting the monitoring and incident response capabilities.  The role will involve analysis of large amounts of data from vendors and internal sources, including various indicator feeds, Splunk, and several threat intelligence tools, etc.  The successful candidate will perform the functions of threat hunting and serve as a liaison for Threat Services for the Security Operations Center (SOC), and mentor the incident handling and forensics teams. 

   

   

  Responsibilities include (but aren't limited to):

   

  • Design and run custom analysis models on security event information to discover active threats
  • Identify (hunting) security nuances and abnormalities in the environment
  • Develop use cases and actionable content to identify security variants that are currently not alerted within the environment
  • Custom tool design to assist in analysis and investigations
  • Perform as an Information Security Resource in the SOC
  • Collaborate and support teammates in day to day and threat hunting techniques
  • Communication/rapport with other divisions and various peers
  • Capable of identifying need & driving solutions, and providing guidance, in an autonomous manner

   

   

  So, what are the essential criteria to apply?

   

  • All candidates must evidence an existing right to work in the UK
  • 3+ years commercial experience with 2+ years overall technical experience in an information security field (e.g. threat hunting, incident response, security operations, network security, threat intelligence)

  • Bachelors or Master’s degree in Engineering, Computers Science, or related field; or equivalent experience
  • Solid understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, HTTP, etc.
  • Strong experience or knowledge of security operations tools within at least 1 of the following areas:
    • SIEM (e.g. Splunk, ArcSight)
    • Network analysis (e.g. NetWitness, PaloAlto)
    • Signature development/management (e.g. Splunk rules, Snort rules, Yara rules)
    • Endpoint detection and response (EDR) solutions (e.g. CrowdStrike, Tanium)

   

   

  We also have some desirable criteria

   

  • Excellent analytical and problem-solving skills, a passion for research and puzzle-solving
  • Strong communication (oral, written, presentation), interpersonal and consultative skills
  • Deep understanding of large, complex corporate network environments
  • Knowledge or experience in penetration testing, ethical hacking, exploit writing, and/or vulnerability management
  • Broad experience with various common security infrastructure tools (NIDS, HIPS, EDR, etc.)
  • Knowledge or experience in application design/engineering, including but not limited to programming/scripting, Windows/Linux system administration, RDBMS/NoSQL database administration, etc.
  • Scripting experience related to system administration and security operations (Python, Bash, PowerShell, Perl, C/C++)
  • Recent experience with malware analysis and reverse engineering
  • Strong organization and documentation skills
  • Obtained certifications in several of the following: SANS GIAC courses, CEH, CCNA, CISSP, OSCP, or tool-specific certifications

   

   

  What we offer

   

  As Digital DNA’s Workplace of the Year 2020 winners, we offer a generous benefits package that includes flexible annual leave entitlement, dental and healthcare insurance, an attractive pension package and discounts on gym memberships, public transport and parking.

   

  Allstate invests heavily in your development, as an employee you will have access to multiple world-class learning platforms and courses from our award-winning in-house Learning & Development team.

   

  We pride ourselves in providing clear career paths and opportunities for internal mobility allowing you to further develop within the organisation.

   

  We encourage a better work life balance and you’ll have the opportunity to apply for various flexible working arrangements.

   

   

  Closing Date for applications is Friday 5th November 2021

   

  Apply Here: https://bit.ly/3b8zGyR 

   

  Statement on Fair Employment and Equal Opportunities

   

  Allstate NI wishes to ensure equal opportunity is given to all job applicants.  This company will not discriminate on the grounds of race, gender (including gender reassignment status), sexual orientation, religious belief, political opinion, marital status, age or disability.

   

  We are an equal opportunities employer.  We welcome applications from all suitably qualified persons. However, as women are currently under-represented in our workforce, we would particularly welcome applications from women.  All appointments will be made on merit.

   

  Applicants should note Allstate NI complete AccessNI background checks on all candidates offered a position.