Level 3 Incident Response Analyst

National General is a part of The Allstate Corporation, which means we have the same innovative drive that keeps us a step ahead of our customers’ evolving needs. We offer home, auto and accident and health insurance, as well as other specialty niche insurance products, through a large network of independent insurance agents, as well as directly to consumers. 

Job Description

We’re seeking an experienced and adaptable Cybersecurity professional with a strong background in incident response to join our team. The Level 3 Incident Response Analyst role is designed for someone who thrives in complex investigations, leads containment and remediation efforts, and enjoys mentoring junior analysts as they advance their technical capabilities.
You will play a key role in shaping detection strategies, identifying root causes, and translating findings into actionable improvements. This is a high impact, hands on role well suited for someone deeply passionate about incident response and continuous improvement.

Key Responsibilities

• Lead end‑to‑end incident response activities from triage through closure.

• Manage high‑severity threats from start to finish, ensuring all actions are thoroughly completed.

• Partner with engineering teams to improve detection rules and integrate tooling that enhances security capabilities.

• Facilitate incident response retrospectives and surface operational gaps and improvement opportunities.

• Mentor SOC analysts and serve as a subject‑matter expert for complex security challenges.

• Help refine and maintain SOC workflows to ensure clarity, efficiency, and ongoing maturation.

• Analyze large volumes of security telemetry to identify patterns, build custom queries, and uncover hidden threats.

• Develop application‑specific detection rules and response procedures with system and application owners.

• Coordinate evidence collection and produce documentation for both technical and non‑technical audiences.

• Contribute to the development of operational and executive reporting.

• Create and prioritize backlogs that drive desired business outcomes by incorporating insights and improvement actions identified during incident response retrospectives.

• Maintain active communication with teammates and cross‑functional partners to strengthen overall response capability.

Required Qualifications

• 7+ years of hands‑on Cybersecurity experience, including 5+ years in Incident Response and/or Digital Forensics.

• Strong background in Incident Response, Incident Handling, and Security Operations.

• Extensive knowledge of the Windows and Linux operating systems and associated applications (IIS, SQL, Apache, etc)

• Strong knowledge of cloud computing services including Azure, GCP, & AWS.

• Proficiency with EDR/XDR platforms (CrowdStrike, SentinelOne, Microsoft XDR).

• Experience using SIEM platforms (Splunk, Microsoft Sentinel, Elastic, Chronicle).

• Experience administering Next Generation firewalls(Cisco ASA, Palo Alto,

• Practical knowledge of MITRE ATT&CK and common threat‑actor TTPs.

• PCAP and network‑traffic analysis skills using Wireshark or Zeek.

• Scripting familiarity (Python, PowerShell, Bash).

• Excellent written and verbal communication skills.

Preferred Qualifications

• Experience with cloud‑native security monitoring and incident response (AWS, Azure, GCP).

• SIEM detection rule development or tuning experience.

• Experience in large enterprise or multi‑cloud environments.

• Certifications such as GCFA, GCIH, CISSP, SC‑200, AZ‑500, SC-100,  or equivalent.

• Familiarity with NIST 800‑61, MITRE D3FEND, ISO 27001, HIPAA, PCI‑DSS.

• Experience with Outcome‑Based Delivery and Agile methodologies.

• Experience with generative and agentic AI.

#LI-JJ1

 

Skills

Analytical Thinking, Cybersecurity, Digital Forensics, Endpoint Detection and Response (EDR), Information Technology (IT) Risk Management, Log Analysis, Risk Mitigation Strategies, Risk Reporting, Scripting, Security Incident Response, Security Information and Event Management (SIEM), Security Operations, Technical Reporting, Threat and Vulnerability Management, Threat Detection

Compensation

Compensation offered for this role is $100,000 – 160,000 annually and is based on experience and qualifications.
 

Joining our team isn’t just a job — it’s an opportunity. One that takes your skills and pushes them to the next level. One that encourages you to challenge the status quo. One where you can shape the future of protection while supporting causes that mean the most to you. Joining our team means being part of something bigger – a winning team making a meaningful impact.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please click “here” for information regarding the San Francisco Fair Chance Ordinance.

For jobs in Los Angeles, please click “here” for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.

To view the “EEO Know Your Rights” poster click “here”. This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs.

To view the FMLA poster, click “here”. This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint.

It is the Company’s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee’s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.

National General Holdings Corp., a member of the Allstate family of companies, is headquartered in New York City. National General traces its roots to 1939, has a financial strength rating of A– (excellent) from A.M. Best, and provides personal and commercial automobile, homeowners, umbrella, recreational vehicle, motorcycle, supplemental health, and other niche insurance products. We are a specialty personal lines insurance holding company. Through our subsidiaries, we provide a variety of insurance products, including personal and commercial automobile, homeowners, umbrella, recreational vehicle, supplemental health, lender-placed and other niche insurance products.

Companies & Partners

Direct General Auto & Life, Personal Express Insurance, Century-National Insurance, ABC Insurance Agencies, NatGen Preferred, NatGen Premier, Seattle Specialty, National General Lender Services, ARS, RAC Insurance Partners, Mountain Valley Indemnity, New Jersey Skylands, Adirondack Insurance Exchange, VelaPoint, Quotit, HealthCompare, AHCP, NHIC, Healthcare Solutions Team, North Star Marketing, Euro Accident.

Benefits

National General Holdings Corp. is an Equal Opportunity (EO) employer – Veterans/Disabled and other protected categories. All qualified applicants will receive consideration for employment regardless of any characteristic protected by law. Candidates must possess authorization to work in the United States, as it is not our practice to sponsor individuals for work visas. In the event you need assistance or accommodation in completing your online application, please contact NGIC main office by phone at (336) 435-2000.