Platform Consultant - Threat Modeling
Listed on 2026-07-16
-
IT/Tech
Cybersecurity, IT Consultant, Systems Engineer
At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years, our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection.
For this opportunity, the business is flexible to hire at Sr Consultant, Lead Consultant, and Expert level depending on qualifications & interview evaluation.
Product Security Engineering designs, builds, and operates enterprise security capabilities that integrate directly into cloud platforms, software development life cycles, and enterprise engineering practices. The organization applies modern engineering approaches to embed security early in the development process, enabling teams to deliver secure, resilient, and scalable technology solutions.
The Platform Consultant – Threat Modeling is a senior security consultant responsible for driving the adoption of secure-by-design principles across enterprise technology platforms through the application of advanced threat modeling practices.
The role focuses on embedding threat modeling into both new and existing applications, influencing architectural decisions, improving security posture, and guiding engineering organizations through complex security challenges. Working across Product Security, Engineering, Security Operations, and Architecture teams, the consultant helps ensure security is treated as a foundational element of platform design rather than a downstream activity.
Key Responsibilities- Serve as a trusted security consultant to engineering teams, providing guidance on secure architecture, platform design, and threat modeling practices
- Lead and facilitate threat modeling engagements across multiple applications, platforms, and business domains to identify and mitigate security risks early in the development lifecycle
- Embed secure‑by‑design principles into software delivery processes, ensuring security considerations are incorporated from discovery through production deployment
- Define, communicate, and influence platform security strategies and architectural decisions with both technical and non‑technical stakeholders
- Partner with engineering, architecture, and security teams to develop risk‑based security recommendations that balance security, business objectives, and developer experience
- Drive the adoption of modern engineering and security practices, including reusable security patterns, architectural standards, and secure development frameworks
- Collaborate with Security Operations and Product Security teams to improve threat detection capabilities, breach modeling initiatives, and security resilience
- Facilitate architectural reviews, discovery workshops, and threat modeling sessions that enable teams to make informed security decisions
- Mentor engineers and technical leaders on systems thinking, threat identification, security architecture principles, and secure design methodologies
- Champion emerging security capabilities including AI Security, API Security, SaaS Security, and threat modeling automation initiatives
- 3+ years’ experience in software engineering, security engineering, solution architecture, technical project management, or platform engineering roles within complex enterprise environments
- Experience acting as a technical advisor, consultant, architect, or security partner supporting engineering teams during design and implementation activities
- Deep understanding of threat modeling methodologies such as STRIDE, Attack Trees, Kill Chains, or equivalent risk assessment frameworks
- Demonstrated experience identifying, documenting, and mitigating security threats within cloud‑native, distributed, API‑driven, or enterprise applications
- Practical experience with modern software development practices including CI/CD, source control, automated testing, and Agile delivery methodologies
- Working knowledge of cloud platforms such as AWS, Azure, or GCP and associated security considerations
- Working…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).