200+ applicants

Company

Allstate · 9 hours ago

Manager, Incident Handling (Remote - Home Based Worker)

Illinois, United States

Full-time

Remote

Senior Level, Lead/Staff

$104K/yr - $188K/yr

10+ years exp

Maximize your interview chances

BankingFinance

No H1B

Insider Connection @Allstate

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Lead and manage Security Operations Center across different regions and shifts with primary responsibilities in security event monitoring, management, and response.

Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.

Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives.

Review policies and highlight the challenges in managing SLAs.

Review standard operating procedures to ensure SOC continues to effectively meet operational requirements.

Provide team & vendor management, evaluate overall use of resources, and initiate corrective action where required for SOC.

Create reports, dashboards, and metrics and present to Sr. Mgmt.

Evaluate existing technical capabilities and systems and identify opportunities for improvement.

Oversee training and exercises to ensure SOC team proficiency. Conduct after action reviews to identify lessons learned and best practices.

Work closely Security Leadership to identify and implement process changes, improvements, and efficiencies to ensure solid security practices.

Develop communication channels with technology owners and business to evangelize the evolving threat landscape.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Incident HandlingIncident ResponseSecurity Operations CenterNetwork SecurityVulnerability ManagementThreat DetectionSIEMTechnical ReportingTeam ManagementEncryptionMalware OperationsForensic TechniquesAudit RequirementsChange ManagementInformation Security ManagementSecurity InformationEvent ManagementNetworking FundamentalsScriptingOperating Systems Knowledge

Required

10+ years incident handling and incident response experience.

Technical knowledge of network security, operating system security, vulnerability management, common attacker techniques and exploits, encryption, and SIEM.

Know how to lead investigations and direct incident handlers and question the investigative process being followed.

Possess experience in writing both technical incident investigation reports as well as reports for senior leadership.

Ability to manage multiple initiatives at once in addition to day-to-day operations.

Experience in managing teams of 8 or more people and providing mentorship.

Advanced incident investigation and response experience.

Advanced log parsing and analysis skill sets.

Advanced knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.).

Moderate knowledge of Windows, Unix/Linux, and Mac operating systems.

Moderate knowledge of SIEM technologies and use case design.

Moderate knowledge of malware operations and indicators.

Moderate knowledge of network defenses such as firewalls, IDS/IPS, Packet Capture, Proxies.

Moderate experience with scripting.

Moderate knowledge of forensic techniques.

Moderate knowledge of audit requirements (PCI, HIPPA, SOX, etc.).

Advanced understanding of information security technology.

Ability to influence others and achieve results.

Ability to think strategically, conceptually, analytically and creatively.

Advanced time management skills including ability to manage multiple projects, prioritize and organize, and create alignment and buy in from clients and direct reports.

Demonstrated clear, concise and effective oral and written communication skills.

Ability to establish, manage and leverage relationships with internal and external partners.

Ability to analyze data and apply it to complex problem resolution.

Advanced understanding of security trends in the industry.

Advanced understanding of expense and resource management processes as they relate to project resources and expenses, ability to make appropriate sourcing decisions based on project resource needs, demonstrate understanding of area's budget and its relationship to department level information and external customers, and assist in explaining impact of project expenses on the area's overall expense plan.

Possess a mastery level of thriving in change by setting an example, providing leadership, and coaching peers and team members, during changes that may disrupt productivity.

Handle ambiguity and uncertainty with maturity, adapt management style to current situations and people needs, and demonstrate the ability to make decisions under time pressures and with limited information.

Preferred

Bachelor’s Degree preferred, but not required. May also have advanced degree.

Certifications from the list below preferred, but not required: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Incident Handler (GCIH), Certified Intrusion Analyst (GIAC), Certified Ethical hacker (CEH), Certified Expert penetration tester (CEPT)