At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years, our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection.
Job Description
**For this opportunity, the business is flexible to hire at Sr Consultant, Lead Consultant, and Expert level depending on qualifications & interview evaluation.**Product Security Engineering designs, builds, and operates enterprise security capabilities that integrate directly into cloud platforms, software development lifecycles, and enterprise engineering practices. The organization applies modern engineering approaches to embed security early in the development process, enabling teams to deliver secure, resilient, and scalable technology solutions.
The Platform Consultant – Threat Modeling is a senior security consultant responsible for driving the adoption of secure-by-design principles across enterprise technology platforms through the application of advanced threat modeling practices.
The role focuses on embedding threat modeling into both new and existing applications, influencing architectural decisions, improving security posture, and guiding engineering organizations through complex security challenges. Working across Product Security, Engineering, Security Operations, and Architecture teams, the consultant helps ensure security is treated as a foundational element of platform design rather than a downstream activity.
Key Responsibilities
Serve as a trusted security consultant to engineering teams, providing guidance on secure architecture, platform design, and threat modeling practices
Lead and facilitate threat modeling engagements across multiple applications, platforms, and business domains to identify and mitigate security risks early in the development lifecycle
Embed secure-by-design principles into software delivery processes, ensuring security considerations are incorporated from discovery through production deployment
Define, communicate, and influence platform security strategies and architectural decisions with both technical and non-technical stakeholders
Partner with engineering, architecture, and security teams to develop risk-based security recommendations that balance security, business objectives, and developer experience
Drive the adoption of modern engineering and security practices, including reusable security patterns, architectural standards, and secure development frameworks
Collaborate with Security Operations and Product Security teams to improve threat detection capabilities, breach modeling initiatives, and security resilience
Facilitate architectural reviews, discovery workshops, and threat modeling sessions that enable teams to make informed security decisions
Mentor engineers and technical leaders on systems thinking, threat identification, security architecture principles, and secure design methodologies
Champion emerging security capabilities including AI Security, API Security, SaaS Security, and threat modeling automation initiatives
Essential Skills
3+ years' experience in software engineering, security engineering, solution architecture, technical project management, or platform engineering roles within complex enterprise environments
Experience acting as a technical advisor, consultant, architect, or security partner supporting engineering teams during design and implementation activities
Deep understanding of threat modeling methodologies such as STRIDE, Attack Trees, Kill Chains, or equivalent risk assessment frameworks
Demonstrated experience identifying, documenting, and mitigating security threats within cloud-native, distributed, API-driven, or enterprise applications
Practical experience with modern software development practices including CI/CD, source control, automated testing, and Agile delivery methodologies
Working knowledge of cloud platforms such as AWS, Azure, or GCP and associated security considerations
Desirable Skills
Working knowledge of industry security frameworks and standards including OWASP Top 10, MITRE ATT&CK, NIST Cybersecurity Framework, OAuth 2.0, OpenID Connect, and SAML
Experience supporting Security Operations, Incident Response, SOC, or breach modeling activities
Strong software engineering background with experience in Java, JavaScript, Python, Go, Rust, or other modern programming languages
Experience designing and reviewing RESTful APIs and API-first architectures using specifications such as OpenAPI or Swagger
Knowledge of Zero Trust architectures, Identity and Access Management (IAM), authentication, authorization, and privileged access management concepts
Experience integrating security controls and automated security testing into CI/CD pipelines
Practical understanding of modern cryptographic principles and secure data protection strategies
Experience applying AI, automation, and modern engineering tools to enhance security effectiveness and productivity, with exposure to AI, SaaS, and API security
Demonstrated interest in mentoring engineers, driving innovation, and improving engineering outcomes through secure-by-design practices
Supervisory Responsibilities
This role does not have direct people management responsibilities but is expected to provide technical leadership, mentorship, and strategic guidance across engineering and security teams.
#LI-JJ1
Skills
Agile Methodology, Application Programming Interface (API) Security, CI/CD, Cloud Platform, Cybersecurity Risk Assessment, Platform Management, Platform Security, Security Engineering, Software Engineering, Solution Architecture, Technical Consulting, Technical Project Management, Threat ModelingCompensation
Compensation offered for this role ranges from $90,700 – 195,700 annually and is based on experience and qualifications.The candidate(s) offered this position will be required to submit to a background investigation.
Joining our team isn’t just a job — it’s an opportunity. One that takes your skills and pushes them to the next level. One that encourages you to challenge the status quo. One where you can shape the future of protection while supporting causes that mean the most to you. Joining our team means being part of something bigger – a winning team making a meaningful impact.
Allstate generally does not sponsor individuals for employment-based visas for this position.
Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.
For jobs in San Francisco, please click “here” for information regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click “here” for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.
To view the “EEO Know Your Rights” poster click “here”. This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs.
To view the FMLA poster, click “here”. This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint.
It is the Company’s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee’s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.
Allstate provides a comprehensive technology setup, including a laptop, monitors, headset, keyboard, and mouse. Employees eligible to work from home also receive a monthly connectivity reimbursement to help offset internet costs.
When working from home, you must have a dedicated, private workspace free from distractions, along with appropriate desk and seating. Reliable internet is required, with minimum speeds of 50 MB download and 5 MB upload.