Note: The job is a remote job and is open to candidates in USA. Allstate Insurance Co. is an industry leader in pricing sophistication and security solutions. They are seeking a Platform Consultant – Threat Modeling who will drive the adoption of secure-by-design principles and embed threat modeling practices across enterprise technology platforms.
Responsibilities
- Serve as a trusted security consultant to engineering teams, providing guidance on secure architecture, platform design, and threat modeling practices
- Lead and facilitate threat modeling engagements across multiple applications, platforms, and business domains to identify and mitigate security risks early in the development lifecycle
- Embed secure-by-design principles into software delivery processes, ensuring security considerations are incorporated from discovery through production deployment
- Define, communicate, and influence platform security strategies and architectural decisions with both technical and non-technical stakeholders
- Partner with engineering, architecture, and security teams to develop risk-based security recommendations that balance security, business objectives, and developer experience
- Drive the adoption of modern engineering and security practices, including reusable security patterns, architectural standards, and secure development frameworks
- Collaborate with Security Operations and Product Security teams to improve threat detection capabilities, breach modeling initiatives, and security resilience
- Facilitate architectural reviews, discovery workshops, and threat modeling sessions that enable teams to make informed security decisions
- Mentor engineers and technical leaders on systems thinking, threat identification, security architecture principles, and secure design methodologies
- Champion emerging security capabilities including AI Security, API Security, SaaS Security, and threat modeling automation initiatives
Skills
- 3+ years' experience in software engineering, security engineering, solution architecture, technical project management, or platform engineering roles within complex enterprise environments
- Experience acting as a technical advisor, consultant, architect, or security partner supporting engineering teams during design and implementation activities
- Deep understanding of threat modeling methodologies such as STRIDE, Attack Trees, Kill Chains, or equivalent risk assessment frameworks
- Demonstrated experience identifying, documenting, and mitigating security threats within cloud-native, distributed, API-driven, or enterprise applications
- Practical experience with modern software development practices including CI/CD, source control, automated testing, and Agile delivery methodologies
- Working knowledge of cloud platforms such as AWS, Azure, or GCP and associated security considerations
- Working knowledge of industry security frameworks and standards including OWASP Top 10, MITRE ATT&CK, NIST Cybersecurity Framework, OAuth 2.0, OpenID Connect, and SAML
- Experience supporting Security Operations, Incident Response, SOC, or breach modeling activities
- Strong software engineering background with experience in Java, JavaScript, Python, Go, Rust, or other modern programming languages
- Experience designing and reviewing RESTful APIs and API-first architectures using specifications such as OpenAPI or Swagger
- Knowledge of Zero Trust architectures, Identity and Access Management (IAM), authentication, authorization, and privileged access management concepts
- Experience integrating security controls and automated security testing into CI/CD pipelines
- Practical understanding of modern cryptographic principles and secure data protection strategies
- Experience applying AI, automation, and modern engineering tools to enhance security effectiveness and productivity, with exposure to AI, SaaS, and API security
- Demonstrated interest in mentoring engineers, driving innovation, and improving engineering outcomes through secure-by-design practices
Benefits
- Allstate provides a comprehensive technology setup, including a laptop, monitors, headset, keyboard, and mouse.
- Employees eligible to work from home also receive a monthly connectivity reimbursement to help offset internet costs.
Company Overview