Level 3 Incident Response Analyst

Allstate•McCullom Lake, IL

11d•$100,000 - $160,000

About The Position

We’re seeking an experienced and adaptable Cybersecurity professional with a strong background in incident response to join our team. The Level 3 Incident Response Analyst role is designed for someone who thrives in complex investigations, leads containment and remediation efforts, and enjoys mentoring junior analysts as they advance their technical capabilities. You will play a key role in shaping detection strategies, identifying root causes, and translating findings into actionable improvements. This is a high impact, hands on role well suited for someone deeply passionate about incident response and continuous improvement.

Requirements

7+ years of hands‑on Cybersecurity experience, including 5+ years in Incident Response and/or Digital Forensics.
Strong background in Incident Response, Incident Handling, and Security Operations.
Extensive knowledge of the Windows and Linux operating systems and associated applications (IIS, SQL, Apache, etc)
Strong knowledge of cloud computing services including Azure, GCP, & AWS.
Proficiency with EDR/XDR platforms (CrowdStrike, SentinelOne, Microsoft XDR).
Experience using SIEM platforms (Splunk, Microsoft Sentinel, Elastic, Chronicle).
Experience administering Next Generation firewalls(Cisco ASA, Palo Alto,
Practical knowledge of MITRE ATT&CK and common threat‑actor TTPs.
PCAP and network‑traffic analysis skills using Wireshark or Zeek.
Scripting familiarity (Python, PowerShell, Bash).
Excellent written and verbal communication skills.

Nice To Haves

Experience with cloud‑native security monitoring and incident response (AWS, Azure, GCP).
SIEM detection rule development or tuning experience.
Experience in large enterprise or multi-cloud environments.
Certifications such as GCFA, GCIH, CISSP, SC‑200, AZ‑500, SC-100, or equivalent.
Familiarity with NIST 800‑61, MITRE D3FEND, ISO 27001, HIPAA, PCI‑DSS.
Experience with Outcome‑Based Delivery and Agile methodologies.
Experience with generative and agentic AI.

Responsibilities

Lead end‑to‑end incident response activities from triage through closure.
Manage high‑severity threats from start to finish, ensuring all actions are thoroughly completed.
Partner with engineering teams to improve detection rules and integrate tooling that enhances security capabilities.
Facilitate incident response retrospectives and surface operational gaps and improvement opportunities.
Mentor SOC analysts and serve as a subject‑matter expert for complex security challenges.
Help refine and maintain SOC workflows to ensure clarity, efficiency, and ongoing maturation.
Analyze large volumes of security telemetry to identify patterns, build custom queries, and uncover hidden threats.
Develop application‑specific detection rules and response procedures with system and application owners.
Coordinate evidence collection and produce documentation for both technical and non-technical audiences.
Contribute to the development of operational and executive reporting.
Create and prioritize backlogs that drive desired business outcomes by incorporating insights and improvement actions identified during incident response retrospectives.
Maintain active communication with teammates and cross‑functional partners to strengthen overall response capability.