The candidate will be responsible for supporting the monitoring, collection, analysis, and reporting for threat related data from vendors, internal sources, and open source intelligence.
Leveraging threat severity and risk, the individual will help drive timely reporting and mitigation by partnering with the Global Fusion Center, other Allstate Information Security (AIS) organizations, and system / application owners.
The role will be accountable for researching and compiling reports and data on the state of the threat landscape and presenting that data to multiple levels of leadership.
Act as a threat intelligence SME with advanced knowledge in at least one of the following areas : Microsoft platform system administration (Server, client, applications), Open Systems platforms system administration (Linux, UNIX, VM Ware ESX), JAVA, Adobe, middleware (web, databases, etc.
networking system administration
Support the Threat Services program developing guidance on improvements that can be made to the identification, assessment, and mitigation of threats to the environment.
Collect, analyze, and assess technical and non-technical threat and security incident-related information made available from OSINT, platform vendors, third parties, and internal sources to help determine course of action for the Allstate environment.
Partner with other security professionals to determine and implement new detection content, such as SIEM correlation rules, IDS / IPS rules, etc.
Generate ad-hoc and scheduled reports on threats and associated actionable activities necessary to protect the environment.
Review and trend patterns in criminal markets and OSINT, as well as internal information security incidents, for identifying relevancy to the company’s secure operations.
Support requests for real-time threat intelligence from other Global Fusion Center analysts, such as incident handlers and researchers.
Bachelor’s degree in Information Systems or related field.
5+ years experience in either threat management or security assurance.
Knowledge of industry standard security best practices and threat management processes & frameworks.
Experience with threat research, threat indicator sharing (such as STIX / TAXII), vulnerability scanning tools, and other tools in the security space.
Advanced knowledge of operating systems security (Windows, *nix).
Strong understanding of secure network / systems configuration management.
Strong understanding of networking concepts and devices (Firewalls, Routers, Switches, Load Balancers, etc.).
Ability to effectively work independently and in a team environment.
Individual must interact with all levels of management, business and IT, and is required to act in a professional and confident manner.
Self-motivator possessing a high sense of urgency and a high level of integrity.
Excellent analytical and problem solving skills.
Strong communication (oral, written, presentation), interpersonal and consultative skills.
Good organization and documentation skills.
Certifications : Obtained certifications in one or more of the following : GIAC, GCIH, CEH, CISSP, CISA
07 : 00AM to 09 : 00PM IST