Level 3 Incident Response Analyst - National General

National General is a part of The Allstate Corporation, which means we have the same innovative drive that keeps us a step ahead of our customers' evolving needs. We offer home, auto and accident and health insurance, as well as other specialty niche insurance products, through a large network of independent insurance agents, as well as directly to consumers.

We’re seeking an experienced and adaptable Cybersecurity professional with a strong background in incident response to join our team. The Level 3 Incident Response Analyst role is designed for someone who thrives in complex investigations, leads containment and remediation efforts, and enjoys mentoring junior analysts as they advance their technical capabilities. You will play a key role in shaping detection strategies, identifying root causes, and translating findings into actionable improvements.

This is a high‑impact, hands‑on role well suited for someone deeply passionate about incident response and continuous improvement.

• Lead end‑to‑end incident response activities from triage through closure.
• Manage high‑severity threats from start to finish, ensuring all actions are thoroughly completed.
• Partner with engineering teams to improve detection rules and integrate tooling that enhances security capabilities.
• Facilitate incident response retrospectives and surface operational gaps and improvement opportunities.
• Mentor SOC analysts and serve as a subject‑matter expert for complex security challenges.
• Help refine and maintain SOC workflows to ensure clarity, efficiency, and ongoing maturation.
• Analyze large volumes of security telemetry to identify patterns, build custom queries, and uncover hidden threats.
• Develop application‑specific detection rules and response procedures with system and application owners.
• Coordinate evidence collection and produce documentation for both technical and non‑technical audiences.
• Contribute to the development of operational and executive reporting.
• Create and prioritize backlogs that drive desired business outcomes by incorporating insights and improvement actions identified during incident response retrospectives.
• Maintain active communication with teammates and cross‑functional partners to strengthen overall response capability.

• 7+ years of hands‑on Cybersecurity experience, including 5+ years in Incident Response and/or Digital Forensics.
• Strong background in Incident Response, Incident Handling, and Security Operations.
• Extensive knowledge of the Windows and Linux operating systems and associated applications (IIS, SQL, Apache, etc).
• Strong knowledge of cloud computing services including Azure, GCP, & AWS.
• Proficiency with EDR/XDR platforms (Crowd Strike, Sentinel One, Microsoft XDR).
• Experience using SIEM platforms (Splunk, Microsoft Sentinel, Elastic, Chronicle).
• Experience administering Next‑Generation firewalls (Cisco ASA, Palo Alto).
• Practical knowledge of MITRE ATT&CK and common threat‑actor TTPs.
• PCAP and network‑traffic analysis skills using Wireshark or Zeek.
• Scripting familiarity (Python, Power Shell, Bash).
• Excellent written and verbal communication skills.

• Experience with cloud‑native security monitoring and incident response (AWS, Azure, GCP).
• SIEM detection rule development or tuning experience.
• Experience in large enterprise or multicloud environments.
• Certifications such as GCFA, GCIH, CISSP, SC200, AZ500, SC‑100, or equivalent.
• Familiarity with NIST 800‑61, MITRE D3
  
  FEND, ISO 27001, HIPAA, PCI‑DSS.
• Experience with Outcome‑Based Delivery and Agile methodologies.
• Experience with generative and agentic AI.

Analytical Thinking, Cybersecurity, Digital Forensics, Endpoint Detection and Response (EDR), Information Technology (IT) Risk Management, Log Analysis, Risk Mitigation Strategies, Risk Reporting, Scripting, Security Incident Response, Security Information and Event Management (SIEM), Security Operations, Technical Reporting, Threat and Vulnerability Management, Threat Detection

Compensation offered for this role is $100, annually and is based on experience and qualifications.

Joining our team isn’t just a job -…