At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years, our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection.
Job Description
Allstate Information Security (AIS) is advancing its embedded security product strategy by launching three new engineering teams dedicated to building security controls seamlessly integrated into Allstate’s technology ecosystem.
The Security Engineering Senior Manager will be the direct leader responsible for the day-to-day development, implementation, and support of security controls across multiple product security engineering teams, working with global stakeholders. This position requires a strong, well-rounded technical leader who can quickly learn the overall business and technology processes supported by the teams, and who is eager to grow skills within the security engineering landscape, including secure software development, cloud security, application security, and modern DevSecOps practices. The role demands hands-on expertise in security engineering, along with solid integration and compliance knowledge.
This senior leader will be expected to build relationships throughout the organization to ensure whole-company alignment and support for their goals, and vice-versa. This individual architects and designs secure digital products using modern tools, technologies, frameworks, and systems. This role applies a systematic application of scientific and technological knowledge, methods, and experience to the design, implementation, testing, and documentation of secure software. This leader owns and manages running their applications in production and is accountable for the success of their digital products through achieving KPIs, including security metrics.
Key Responsibilities
- Frequently advise others on complex security engineering matters.
- Build foundation to translate security strategy into challenging and meaningful goals.
- Manage teams responsible for strategic and critical security architecture or provide functions that are of key strategic value to the business.
- Act as an authority in secure software best practices and propagate these throughout the broader organization, beyond their individual team.
- Display expertise in viewing the organization as a whole, especially in terms of risk and security posture.
- Leverage and influence key stakeholders to drive adoption of security controls and practices.
Specific to Security Engineering Responsibilities:
- Designing, implementing, and productizing security controls to address complex business and technology challenges.
- Working directly with business and technical teams to assess and provide security technology support.
- Understanding multiple end-to-end business and technology processes, with a focus on security risks and mitigations.
- Displaying deep knowledge of technical details, integration, and functions of security tools and platforms (e.g., IAM, SIEM, vulnerability management, cloud security).
- Evaluating potential system enhancements and upgrades, influencing the security product roadmap.
- Identifying and implementing process improvements and product simplification opportunities, especially in security operations.
- Providing technical or functional leadership for team members in security engineering.
- Ensuring industry and technology best practices are followed for secure development and operations.
Job Qualifications
- 10+ years of experience preferred in security engineering, with at least 3 years in a technical leadership or managerial role.
- Deep understanding of secure software development, vulnerability management, cloud security, application security, and modern security engineering practices.
- Experience with secure software configuration and development, including secure APIs, authentication/authorization, encryption, and threat modeling.
- Experience working with modern security frameworks, tools, and methodologies (e.g., DevSecOps, CI/CD security, cloud-native security).
- Deep understanding of technology best practices in areas of secure development and compliance.
- Experience in Test Driven Development (TDD), Agile SCRUM methodologies, and secure SDLC.
- Excellent problem-solving skills and a passion for continuous learning in security.
- Strong team player with well-developed verbal, written, and interpersonal communication skills.
- Dedicated, self-directed, motivated, proactive, and inquisitive.
#LI-JJ1
Skills
Application Security, CI/CD, Cloud Native Security, DevSecOps, Secure Software Development, Security Engineering, Team Leadership, Technical Leadership, Technical Problem-Solving, Test Driven Development (TDD)
Compensation
Compensation offered for this role is $151,700 – 206,000 annually and is based on experience and qualifications.
The candidate(s) offered this position will be required to submit to a background investigation.
Joining our team isn’t just a job — it’s an opportunity. One that takes your skills and pushes them to the next level. One that encourages you to challenge the status quo. One where you can shape the future of protection while supporting causes that mean the most to you. Joining our team means being part of something bigger – a winning team making a meaningful impact.
Allstate generally does not sponsor individuals for employment-based visas for this position.
Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.
For jobs in San Francisco, please click “here” for information regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click “here” for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.
To view the “EEO Know Your Rights” poster click “here”. This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs.
To view the FMLA poster, click “here”. This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint.
It is the Company’s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee’s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.