Job DescriptionExposure Intelligence - CTEM Service ConsultantBusiness Title: Lead Consultant- Threat & Incident Response
Overall Scope: Team and overall work scope - The team operates within a newly established Exposure Management function in the broader cybersecurity organization, focused on modernizing how the enterprise identifies, prioritizes, and mitigates security vulnerabilities shifting from traditional patch approaches to a more strategic focus on true business risk and exploitability
- Individual Contributor/ Lead Consultant roles are designed to bring in deep domain expertise (network, endpoint, cloud, identity, infrastructure, etc.) to bridge the gap between security insights and practical remediation strategies
- The CTEM Consultant of Platform & Exposure Operations is responsible for operating and scaling the Continuous Threat Exposure Management (CTEM) capability across the enterprise.
- This role owns the integrations, data pipelines, user experience, and reporting layer that enable exposure visibility and prioritization.
- The service consultant ensures exposure data is accurate, correlated, and actionable, enabling teams to reduce real-world risk through effective dashboards, workflows, and system integrations.
What's exciting about this role: Own and scale the CTEM platform that powers Exposure Management, managing configurations, data ingestion and integrations, and ensuring dashboards, RBAC, and workflows are accurate and actionable, while leveraging AI-enabled correlation to deliver high-confidence exposure intelligence at enterprise scale.
Ideal Candidate:- Experienced platform or security tooling engineer with a background in managing security platforms, integrations, and data pipelines.
- Has hands-on experience with ingestion, normalization, dashboards, RBAC, and automation and can translate raw data into accurate, actionable exposure intelligence at scale.
- Experience with Zafran or Nagomi or another CTEM Tool is a big plus.
Success Measures- High-quality data coverage and accuracy across CTEM inputs.
- Increased adoption and usability of CTEM dashboards across teams.
- Improved signal-to-noise ratio in exposure prioritization.
- Reduction in manual effort through automation and integration.
- Measurable improvement in risk visibility and reporting consistency.
Key Responsibilities- CTEM Platform Ownership- Own and manage CTEM platforms and supporting tooling (e.g., exposure management, vulnerability correlation, attack path tools).
- Maintain platform health, configuration, and access controls.
- Manage user onboarding, permissions, and adoption across security and engineering teams.
- Design, build, and maintain integrations across
- Vulnerability management tools
- EDR/XDR platforms
- Cloud/security platforms (AWS, Azure, Entra, etc.)
- Application and asset inventories
- Ensure data ingestion, normalization, and correlation across sources.
- Identify and resolve data quality gaps, duplication, and enrichment issues.
- Aggregate and correlate security findings into meaningful exposure insights.
- Maintain logic that supports exploitability-based prioritization.
- Continuously improve signal quality and reduce noise.
- Design and maintain CTEM dashboards and reporting views for different audiences:
- Executive (risk + trends)
- Engineering (actionable fixes)
- Security (coverage + effectiveness)
- Ensure reporting reflects:
- Real exposure (attack paths)
- Risk reduction progress
- SLA/MTTR performance
- Partner with leadership (CISO, service managers) to align reporting with KPIs.
- Build and optimize workflows that connect CTEM insights to remediation execution.
- Automate prioritization, ticket creation, and tracking where possible.
- Reduce manual effort in exposure triage and reporting.
- Serve as the bridge between CTEM data and execution teams (VM, AppSec, DFIR, Cloud Security).
- Enable teams to consume CTEM intelligence effectively through dashboards and integrations.
- Drive adoption and proper usage of CTEM capabilities.
Required Qualifications- 3+ years in security engineering, exposure management, vulnerability management, or platform engineering.
- Experience integrating security tools and working with APIs/data pipelines.
- Strong understanding of how security data translates into risk and prioritization.
Preferred Qualifications- Experience with CTEM platforms (e.g., Zafran, Nagomi, Pantera, etc.).
- Background in data engineering, automation, or scripting (Python, APIs).
- Familiarity with vulnerability management, asset inventory, and identity data.
- Experience building dashboards (Power BI, Tableau, or platform-native).
SkillsCyber Incident Response, Exposure Management, IT Security Operations, Python Automation, Root Cause Analysis (RCA), Threat Assessment, Threat Monitoring
CompensationCompensation offered for this role is 100,000.00 - 170,500.00 annually and is based on experience and qualifications.
Allstate provides a comprehensive technology setup, including a laptop, monitors, headset, keyboard, and mouse. Employees eligible to work from home also receive a monthly connectivity reimbursement to help offset internet costs.
When working from home, you must have a dedicated, private workspace free from distractions, along with appropriate desk and seating. Reliable internet is required, with minimum speeds of 50 MB download and 5 MB upload.