Digital Forensics and Incident Response Analyst

Job Category: Technology and IT
Job Type: Remote
Job Location: United States
Salary: $112K/yr - $196.8K/yr
Company Name: Allstate

About the Job
At Allstate, protecting families and their belongings has been our mission for over 90 years. From pioneering seat belt advocacy to leading in telematics and identity protection, we’ve stayed ahead of evolving risks. Now, we’re looking for a Level 3 Digital Forensics & Incident Response Analyst to join our Global Security Fusion Center (GSFC). This high-impact role is ideal for an adaptable cybersecurity professional with deep digital forensics expertise and a passion for incident response.

Key Responsibilities

  • Lead complex investigations into security incidents, ensuring thorough analysis and containment
  • Perform live-box and on-demand artifact collection, disk acquisitions, and forensic analysis (network, disk, memory, logs)
  • Manage high-severity threats from escalation to resolution, collaborating with engineering to improve detection rules and tools
  • Mentor junior SOC analysts and refine SOC workflows for efficiency and clarity
  • Dive into security data to detect hidden threats, build custom tools, and enhance detection strategies
  • Produce detailed reports and executive-level briefings on findings and recommendations
  • Stay connected across threat intel, hunting, and engineering teams to drive strategic improvements

Required Qualifications

  • 7+ years in Cybersecurity, with 5+ years in Incident Response and/or Digital Forensics
  • Strong knowledge of Windows/Linux internals, registry, system logs, file systems, and memory structures
  • Proficiency with EDR/XDR tools (CrowdStrike, SentinelOne, Microsoft Defender, etc.)
  • Skilled in modern forensic tools (Magnet AXIOM, Velociraptor, F-Response, KAPE, Autopsy, Zimmerman tools)
  • Experience with SIEM platforms (Splunk, Sentinel, Elastic, Chronicle)
  • Knowledge of MITRE ATT&CK, PCAP/network traffic analysis, and scripting (Python, PowerShell, Bash)
  • Strong written and verbal communication with proven report-writing skills

Preferred Qualifications

  • Cloud security monitoring/IR experience (AWS, Azure, GCP)
  • Malware analysis or reverse engineering skills
  • Detection rule development/tuning (Sigma, YARA, Snort, Suricata)
  • Experience in large enterprise or multi-tenant environments
  • Certifications: GCFA, GCIH, GNFA, GREM, GCIA, CISSP, OSCP, or similar
  • Familiarity with frameworks like NIST 800-61, MITRE D3FEND, ISO 27001, HIPAA, PCI-DSS

Compensation & Benefits

  • Salary Range: $112,000 – $196,750 annually (based on experience/qualifications)
  • Comprehensive benefits, including health coverage, retirement plans, paid leave, and career growth opportunities
  • A culture that encourages innovation, professional development, and meaningful impact

Why Join Allstate?
This isn’t just a job—it’s a chance to challenge the status quo, protect what matters most, and grow your cybersecurity career in an environment that values your expertise.

Equal Opportunity Employer
Allstate is proud to provide equal employment opportunities and maintain a diverse, inclusive culture. We do not discriminate based on race, color, gender, sexual orientation, veteran status, disability, or any other legally protected status.

APPLY

Apply for this position

Allowed Type(s): .pdf, .doc, .docx