Platform Consultant - Threat Modeling

Allstate Insurance Company

$90K — $195K *
US-AnywhereRemote in United States
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 3+ years of experience in software engineering, security engineering, solution architecture, or related roles in complex environments.
  • Experience as a technical advisor or consultant for engineering teams during design and implementation activities.
  • Strong understanding of threat modeling methodologies and risk assessment frameworks.
  • Proven ability to identify and mitigate security threats in cloud-native and enterprise applications.
  • Familiar with cloud platforms like AWS, Azure, or GCP, with regards to security considerations.

Responsibilities

  • Guide engineering teams on secure architecture and platform design.
  • Lead threat modeling engagements to find and address security risks early in development.
  • Incorporate secure-by-design principles in the software delivery process.
  • Communicate security strategies and influence architectural decisions for various stakeholders.
  • Collaborate with teams to develop risk-based security recommendations balancing security and business needs.
  • Encourage modern engineering practices, including reusable security patterns and secure development frameworks.
  • Enhance threat detection and security resilience through collaboration with security teams.

Benefits

  • Comprehensive technology setup including laptop, monitors, and accessories.
  • Monthly reimbursement for home internet costs for remote workers.
  • Flexible work arrangements allowed, supporting remote work.
  • Opportunities for professional growth through mentoring and technical leadership.
Full Job Description
Job Description
**For this opportunity, the business is flexible to hire at Sr Consultant, Lead Consultant, and Expert level depending on qualifications & interview evaluation.**

Product Security Engineering designs, builds, and operates enterprise security capabilities that integrate directly into cloud platforms, software development lifecycles, and enterprise engineering practices. The organization applies modern engineering approaches to embed security early in the development process, enabling teams to deliver secure, resilient, and scalable technology solutions.

The Platform Consultant - Threat Modeling is a senior security consultant responsible for driving the adoption of secure-by-design principles across enterprise technology platforms through the application of advanced threat modeling practices.

The role focuses on embedding threat modeling into both new and existing applications, influencing architectural decisions, improving security posture, and guiding engineering organizations through complex security challenges. Working across Product Security, Engineering, Security Operations, and Architecture teams, the consultant helps ensure security is treated as a foundational element of platform design rather than a downstream activity.

Key Responsibilities

  • Serve as a trusted security consultant to engineering teams, providing guidance on secure architecture, platform design, and threat modeling practices
  • Lead and facilitate threat modeling engagements across multiple applications, platforms, and business domains to identify and mitigate security risks early in the development lifecycle
  • Embed secure-by-design principles into software delivery processes, ensuring security considerations are incorporated from discovery through production deployment
  • Define, communicate, and influence platform security strategies and architectural decisions with both technical and non-technical stakeholders
  • Partner with engineering, architecture, and security teams to develop risk-based security recommendations that balance security, business objectives, and developer experience
  • Drive the adoption of modern engineering and security practices, including reusable security patterns, architectural standards, and secure development frameworks
  • Collaborate with Security Operations and Product Security teams to improve threat detection capabilities, breach modeling initiatives, and security resilience
  • Facilitate architectural reviews, discovery workshops, and threat modeling sessions that enable teams to make informed security decisions
  • Mentor engineers and technical leaders on systems thinking, threat identification, security architecture principles, and secure design methodologies
  • Champion emerging security capabilities including AI Security, API Security, SaaS Security, and threat modeling automation initiatives


Essential Skills

  • 3+years' experience in software engineering, security engineering, solution architecture, technical project management, or platform engineering roles within complex enterprise environments
  • Experience acting as a technical advisor, consultant, architect, or security partner supporting engineering teams during design and implementation activities
  • Deep understanding of threat modeling methodologies such as STRIDE, Attack Trees, Kill Chains, or equivalent risk assessment frameworks
  • Demonstrated experience identifying, documenting, and mitigating security threats within cloud-native, distributed, API-driven, or enterprise applications
  • Practical experience with modern software development practices including CI/CD, source control, automated testing, and Agile delivery methodologies
  • Working knowledge of cloud platforms such as AWS, Azure, or GCP and associated security considerations


Desirable Skills

  • Working knowledge of industry security frameworks and standards including OWASP Top 10, MITRE ATT&CK, NIST Cybersecurity Framework, OAuth 2.0, OpenID Connect, and SAML
  • Experience supporting Security Operations, Incident Response, SOC, or breach modeling activities
  • Strong software engineering background with experience in Java, JavaScript, Python, Go, Rust, or other modern programming languages
  • Experience designing and reviewing RESTful APIs and API-first architectures using specifications such as OpenAPI or Swagger
  • Knowledge of Zero Trust architectures, Identity and Access Management (IAM), authentication, authorization, and privileged access management concepts
  • Experience integrating security controls and automated security testing into CI/CD pipelines
  • Practical understanding of modern cryptographic principles and secure data protection strategies
  • Experience applying AI, automation, and modern engineering tools to enhance security effectiveness and productivity, with exposure to AI, SaaS, and API security
  • Demonstrated interest in mentoring engineers, driving innovation, and improving engineering outcomes through secure-by-design practices


Supervisory Responsibilities

  • This role does not have direct people management responsibilities but is expected to provide technical leadership, mentorship, and strategic guidance across engineering and security teams.


#LI-JJ1

Skills
Agile Methodology, Application Programming Interface (API) Security, CI/CD, Cloud Platform, Cybersecurity Risk Assessment, Platform Management, Platform Security, Security Engineering, Software Engineering, Solution Architecture, Technical Consulting, Technical Project Management, Threat Modeling

Compensation
Compensation offered for this role ranges from $90,700 - 195,700 annually and is based on experience and qualifications.

Allstate provides a comprehensive technology setup, including a laptop, monitors, headset, keyboard, and mouse. Employees eligible to work from home also receive a monthly connectivity reimbursement to help offset internet costs.

When working from home, you must have a dedicated, private workspace free from distractions, along with appropriate desk and seating. Reliable internet is required, with minimum speeds of 50 MB download and 5 MB upload.

Similar Jobs

More Jobs at Allstate Insurance Company

More Information Technology Jobs

Find similar Platform Consultant - Threat Modeling jobs: