Cyber Threat Hunter

Date Opened: Mar 30, 2021

Location: Belfast, GB Strabane, GB Derry/ Londonderry, GB

Company: Allstate Insurance Company

About Us


At Allstate Northern Ireland, we believe it’s more than just a job.  We believe in allowing our people to choose the direction of their careers.  It’s about you, your future and where you want to get to.


Opportunity is the hallmark of the Allstate career experience.  We invest heavily in our employees, offering long term career development, personal growth and investment in new technologies.  Every day is different, with new ideas, challenges, and rewards — no matter which team you join.


We believe that inclusive diversity is crucial to creating a culture of mutual respect where the strengths and talents of each individual are recognised.  We like to leave things better than we found them and deliver results.  We do all of this while having fun and exploring personal passions.


Allstate operate a very flexible hybrid working model with a blend of remote and office working for NI based employees.  Employees based in GB will be employed on a permanent remote working contract.


Join our team and you’ll find challenge and reward in a culture of innovation, support and balance.





Belfast / Derry / Londonderry / Strabane



Your role in the team


The Allstate Information Security (AIS) department is responsible for managing cyber security at Allstate.  This includes Governance/Risk/Compliance, Access Management, Network Security, and Threat Response Services.  The department is responsible for ensuring confidentiality, integrity, and availability of Allstate systems.


We are seeking a number of experienced Threat Hunter to perform intelligence-driven network defense supporting the monitoring and incident response capabilities.  The role will involve analysis of large amounts of data from vendors and internal sources, including various indicator feeds, Splunk, and several threat intelligence tools, etc.  The successful candidate will perform the functions of threat hunting and serve as a liaison for Threat Services for the Security Operations Center (SOC), and mentor the incident handling and forensics teams.   


  • Design and run custom analysis models on security event information to discover active threats
  • Identify (hunting) security nuances and abnormalities in the environment
  • Develop use cases and actionable content to identify security variants that are currently not alerted within the environment
  • Custom tool design to assist in analysis and investigations
  • Perform as an Information Security Resource in two of the following areas:
    • Threat Intelligence
    • Incident Response
    • Log analysis (statistical modeling, correlation, pattern recognition, etc.)
    • Microsoft platform (Server, workstation, applications)
    • Open Systems platforms (Linux, UNIX, VM Ware ESX)
    • Web Application
    • Networking (firewalls, IDS/IPS, packet capture)
    • Databases (Oracle, SQL Server, DB2, IMS)
    • SIEM
    • Reverse Engineering / Malware analysis
  • Collaborate and support teammates with regard to threat hunting techniques
  • Communication/rapport with other divisions and various peers
  • Capable of identifying need & driving solutions, and providing guidance, in an autonomous manner



So, what are the essential criteria to apply?


  • All candidates must evidence an existing right to work in the UK
  • 4+ years overall technical experience in either threat hunting, threat intelligence, incident response, security operations, or related information security field
  • Bachelors or Master’s degree in Engineering, Computers Science, or related field; or equivalent experience
  • Strong understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, HTTP, etc.
  • Strong experience or knowledge of security operations tools within at least 2 of the following areas:
    • SIEM (e.g. Splunk, ArcSight)
    • Network analysis (e.g. NetWitness, PaloAlto)
    • Signature development/management (e.g. Splunk rules, Snort rules, Yara rules)
    • Endpoint detection and response (EDR) solutions (e.g. CrowdStrike, Tanium)
  • Broad experience with various common security infrastructure tools (NIDS, HIPS, EDR, etc.)



We also have some desirable criteria


  • Excellent analytical and problem-solving skills, a passion for research and puzzle-solving
  • Strong communication (oral, written, presentation), interpersonal and consultative skills
  • Deep understanding of large, complex corporate network environments
  • Knowledge or experience in penetration testing, ethical hacking, exploit writing, and/or vulnerability management
  • Knowledge or experience in application design/engineering, including but not limited to programming/scripting, Windows/Linux system administration, RDBMS/NoSQL database administration, etc.
  • Scripting experience related to system administration and security operations (Python, Bash, PowerShell, Perl, C/C++)
  • Recent experience with malware analysis and reverse engineering
  • Strong organization and documentation skills
  • Obtained certifications in several of the following: SANS GIAC courses, CEH, CISSP, OSCP, or tool-specific certifications



What we offer


As Digital DNA’s Workplace of the Year 2020 winners, we offer a generous benefits package that includes flexible annual leave entitlement, dental and healthcare insurance, an attractive pension package and discounts on gym memberships, public transport and parking.


Allstate invests heavily in your development, as an employee you will have access to multiple world-class learning platforms and courses from our award-winning in-house Learning & Development team.


We pride ourselves in providing clear career paths and opportunities for internal mobility allowing you to further develop within the organisation.


We encourage a better work life balance and you’ll have the opportunity to apply for various flexible working arrangements.



Closing Date:  Tuesday 13th April 2021



Statement on Fair Employment and Equal Opportunities


Allstate NI wishes to ensure equal opportunity is given to all job applicants.  This company will not discriminate on the grounds of race, gender (including gender reassignment status), sexual orientation, religious belief, political opinion, marital status, age or disability.


We are an equal opportunities employer.  We welcome applications from all suitably qualified persons. However, as women are currently under-represented in our workforce, we would particularly welcome applications from women.  All appointments will be made on merit.


Applicants should note Allstate NI complete AccessNI background checks on all candidates offered a position.