Cybersecurity Architect

At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection. 

Job Description

Allstate’s Enterprise Cybersecurity Platform Consulting Team evaluates solutions relative to the broader enterprise security architecture and strategic direction. We thoughtfully craft and iterate paths towards strategic solutions that emphasize simplification and reuse while driving enterprise level informed decision-making to create optimal paths to value. Engineering excellence, outcome based iterative delivery, strategic design / systems thinking, along with impact and influence are key success factors in our toolkits to be both efficient and effective as we mature our practice.
As a Cybersecurity Architect (specialization Zero Trust Security Architecture) you will:
1. Drive outcome-based delivery leadership to mature our cybersecurity platforms and services.
2. Develop formal enterprise-level strategies and authoritative documentation.
3. Drive decision clarity when addressing complex cross-functional challenges (for key design decisions, cyber risk and return decisions, and GRC issues).
This new role on our team will be responsible for helping to design a comprehensive enterprise security architecture based on "Zero Trust" principles, which means never implicitly trusting any device, user, or network, requiring continuous verification before granting access to critical systems and data. Key responsibilities include assessing existing roadmaps, identifying maturity gaps, helping to select appropriate Zero Trust technologies, and defining policies to enforce strict access controls across our entire IT environment.

Key Responsibilities

Architecture Design:

• Help refine and expand our Zero Trust security architecture blueprint, defining how to segment networks, implement granular access controls, and continuously monitor user activity across different platforms.

• Define security policies and standards aligned with Zero Trust principles, including least privilege access, multi-factor authentication, and strong identity management.

• Provide experience in architecting Zero Trust solutions, roadmaps, and capabilities in alignment with industry standards, including NIST SP 800-207 (ZTA), SP 1800-35 (Implementing ZTA), SP 800-63 (digital identity guidelines) along with Microsoft guidance for the CISA Zero Trust Maturity Model.

Influence Engineering team’s implementations and deployments:

• Consult with various technical SMEs as they deploy Zero Trust security controls across the IT infrastructure, including on-premises and our public cloud environments.

• Align with various stakeholders on their roadmaps of various security tools to enforce Zero Trust policies, such as granular access controls, real-time threat analysis, and continuous monitoring.

• Consult with network engineers that will implement network segmentation strategies to isolate critical systems and data.

Security Assessment and Cyber Risk Management:

• Provide thought leadership for our security assessments to identify vulnerabilities and potential threats within the Zero Trust architecture.

• Partner with response teams that analyze security incidents and breaches to refine Zero Trust policies and improve overall security posture.

• Provide thought leadership on how to monitor compliance with relevant security regulations and industry standards related to Zero Trust principles.

Collaboration and Communication:

• Collaborate with IT and Information Security teams across the organization to integrate Zero Trust security capabilities/controls into existing systems and applications.

• Communicate Zero Trust security strategies and policies to key stakeholders, including executive management, senior management, and technical teams.

• Champion Zero Trust concepts and best practices across our architecture domains of Identity, Endpoints, Data, Applications, Infrastructure, Networking, and Security Operations.

Key Skills & Qualifications

• 8+ years of experience desired in governance, risk management, compliance, designing, and/or engineering enterprise IT and cybersecurity solutions, and architecture design and solutions.

• BS in Computer Science, Engineering, Software Development, Information Technology, Cybersecurity, or related field. Additional years of experience and cyber certifications may be considered in lieu of degree.

• At least two or more of the following certifications:

  • Certified Information Systems Security Professional (CISSP)

  • Certified Cloud Security Professional (CCSP)

  • Certified Information Security Manager (CISM)

  • Certified Information Systems Auditor (CISA)

  • Information Systems Security Architecture Professional (ISSAP)

  • AWS Certified Solutions Architect Associate or Professional

  • AWS Certified Security - Specialty Certification

  • Microsoft Certified Cybersecurity Architect Expert

  • Microsoft Certified Azure Solutions Architect Expert

  • Microsoft Certified Identity and Access Administrator Associate

  • Zscaler Zero Trust Certified Associate (ZTCA)

  • Cloud Security Alliance Certificate of Competence in Zero Trust (CCZT)

  • GIAC Defensible Security Architecture (GDSA)

  • SABSA Chartered Security Architect

• Excellent analytical and problem-solving skills. Ability to communicate complex security concepts to non-technical stakeholders.

• Deep understanding of Zero Trust security principles and best practices

• Expertise in network security architectures, including segmentation and micro-segmentation.

• Strong knowledge of Identity and Access Management (IAM) systems, including single sign-on (SSO), multi-factor authentication (MFA), identity governance, and privileged access – specifically migrating from a CyberArk PAM (Privileged Access Management) to a Microsoft PIM (Privileged Identity Management) strategy for “Just In Time — Just Enough Access” (JIT-JEA) PoLP architecture to further reduce our attack surface on standing elevated privileges.

• Broad knowledge of cloud security concepts and technologies (especially AWS and Azure).

• Familiarity with DevSecOps practices and integrating security into CI/CD pipelines, microservices architecture and container security (e.g., Kubernetes, Docker), API security, application-level segmentation, and secure containerization techniques.

Skills

Cloud Security, Cybersecurity, DevSecOps, Identity Access Management (IAM), IT Governance Risk and Compliance (GRC), Network Security Architecture, Problem Solving, Security Architecture Design, Technical Leadership, Zero Trust Architecture

Compensation

Compensation offered for this role is $112,000.00 - 196,750.00 annually and is based on experience and qualifications.

The candidate(s) offered this position will be required to submit to a background investigation.

Joining our team isn’t just a job — it’s an opportunity. One that takes your skills and pushes them to the next level. One that encourages you to challenge the status quo. And one where you can impact the future for the greater good.  

You’ll do all this in a flexible environment that embraces connection and belonging. And with the recognition of several inclusivity and diversity awards, we’ve proven that Allstate empowers everyone to lead, drive change and give back where they work and live. 

Good Hands. Greater Together.

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please click “here” for information regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click “here” for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.

To view the “EEO is the Law” poster click “here”. This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs

To view the FMLA poster, click “here”. This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint.

It is the Company’s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee’s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.