Role Description This role offers the chance to shape and protect the security posture of a fast-moving, technology-driven organization. You will lead initiatives to secure software, infrastructure, and systems while collaborating closely with engineering, product, and IT teams. Your work will directly influence how teams build and deploy software safely, ensuring both compliance and resilience against emerging threats. This position balances hands-on technical work with strategic planning, including threat detection, vulnerability management, and automation of security processes. You will help cultivate a culture of security-minded developers while contributing to the design and implementation of scalable security solutions. The role is fully remote but includes opportunities for collaboration through in-person gatherings and cross-functional projects. - Establish secure software development standards and integrate security best practices into the engineering workflow - Build frictionless processes for teams to safely develop, deploy, and maintain software - Conduct security assessments of systems, applications, and services to identify risks and ensure compliance - Triage threats and vulnerabilities, driving timely remediation and resolution - Collaborate with stakeholders to promote a culture of security-conscious engineering - Assess third-party vendors to verify their security posture and compliance - Develop automation and tooling to detect, prevent, and mitigate active security threats - Document and conduct post-incident reviews, implementing lessons learned to enhance defenses Qualifications - 5+ years of experience in security engineering, software engineering, or related fields - Proficiency in multiple programming languages such as Go, Python, Clojure, or JavaScript - Strong understanding of application and cloud security best practices - Experience scaling cloud infrastructure security and working with high-performing software engineering teams - Ability to quickly understand complex systems and architectures - Skilled in prioritizing security initiatives using a risk-based approach - Excellent collaboration, communication, and stakeholder management abilities - Experience working cross-functionally to implement impactful security improvements Benefits - Competitive base salary range: $189,200–$240,000, depending on location and experience, plus equity opportunities - Full health coverage including medical, dental, and vision - Remote-first work environment with support for necessary home office tools - Opportunities for professional growth and innovation in a fast-paced technology environment - Flexible work arrangements and regular in-person team gatherings for collaboration and team building - Wellness stipends and additional perks to support work-life balance

• Implement and Manage Cloud Security Controls: Apply cloud security best practices across corporate and cloud environments (preferably Microsoft Azure) to monitor, maintain, and continuously improve enterprise security posture. • Framework Alignment & Compliance: Ensure alignment with industry-standard security frameworks and regulatory requirements (e.g., ISO/IEC 27001, NIST, HIPAA, SOC 2, AICPA Trust Services Criteria). • Data Governance & Compliance Tools: Design, deploy, and maintain Microsoft Purview features including data cataloging, classification, lineage, and compliance policies. • Identity and Access Management: Administer and optimize identity management and access control systems, including Microsoft Entra ID (Azure AD), to ensure secure authentication and authorization. • Incident Response: Support the development, execution, and continuous improvement of incident response procedures, including active participation during security incidents. • Policy/Standard/Procedure Development: Create, update, and enforce security policies, standards, and procedures aligned with organizational goals and compliance requirements. • Security Architecture Collaboration: Work closely with IT and architecture teams to embed security controls into system and application design. • Security Tooling & Technology Evaluation: Research, recommend, and assist in the implementation of modern security technologies and solutions to enhance defenses. • Network and Protocol Security: Leverage knowledge of networking fundamentals and security protocols to ensure proper segmentation, encryption, and protection of corporate assets. • Application Security Participation: Support application security initiatives including secure development practices, vulnerability management, and remediation workflows. • Cloud Defense Platforms: Administer Microsoft Defender for Cloud and other cloud-native security tools to detect and respond to threats. • Additional Responsibilities: Perform other security-related tasks and initiatives as required in support of evolving organizational needs and technology initiatives.

At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years, our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection. Job Description The Physical Security Consultant I is an intermediately experienced professional responsible for the support and administration of physical security systems and equipment across the Allstate enterprise, to include, but not limited to access control, CCTV/video recording systems, alarm and intelligence monitoring, and communication systems. Key Responsibilities - Provide guidance and deliver ongoing training and support to contract security badging staff, and site security and contacts - Develop, and maintain operational and compliance reports to support business objectives - Conduct regular audits of badging operations to ensure accuracy and compliance - Coordinate with local government agencies to meet permitting and regulatory requirements - Identify, clarify, and resolve complex issues within the physical security administration team - Influence and collaborate effectively with diverse stakeholders, recognizing varying needs and motivations - Communicate clearly and professionally across multiple internal levels - Demonstrate proficiency with Windows operating systems and Microsoft Office applications - Experience with data visualization tools such as Power BI and Tableau preferred - Experience with administration of Access Control, Network Video and Visitor Management systems - Ability to track progress across teams and positively influence adherence to timelines - Effective communicator with the ability to deliver concise briefings to management Knowledge/Skills/Abilities/Experience - 3-5 years of progressive experience in a physical security systems integration or security technology/administrator role - Strong technical, analytical and problem solving skills - Knowledge of and strong aptitude for physical security systems, applications and equipment/hardware - Knowledge of networking, database architecture, reporting, personal computers, Windows, MS Office, and internet - Strong written and oral communication skills - Ability to drive business and security solutioning discussions and influence outcomes - Influencer with ability to multi-task, problem solve and lead cross-functional team initiatives - Ability to travel is required Skills Badging, Business, Collaborating, Communication, Compliance, Data Visualization Tools, Government Agencies, Security System Integration, Security Technologies, Surveillance Systems Compensation Compensation offered for this role is 53,500.00 - 84,625.00 annually and is based on experience and qualifications. The candidate(s) offered this position will be required to submit to a background investigation. Joining our team isn’t just a job — it’s an opportunity. One that takes your skills and pushes them to the next level. One that encourages you to challenge the status quo. One where you can shape the future of protection while supporting causes that mean the most to you. Joining our team means being part of something bigger – a winning team making a meaningful impact. Allstate generally does not sponsor individuals for employment-based visas for this position. Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component. For jobs in San Francisco, please click “here” for information regarding the San Francisco Fair Chance Ordinance. For jobs in Los Angeles, please click “here” for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance. To view the “EEO Know Your Rights” poster click “here”. This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs. To view the FMLA poster, click “here”. This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint. It is the Company’s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee’s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.

Baker, Donelson, Bearman, Caldwell, & Berkowitz, PC is seeking a Security Engineer focused on Cloud and Application Security to join our Security team. This role partners closely with IT and Development teams to define, implement, and monitor application and cloud security standards. The ideal candidate will have a deep understanding of cloud infrastructure, application development pipelines, and security best practices. This position is fully remote (within our US office footprint) and reports directly to the Security team. Essential Responsibilities - Collaborate with IT, DevOps, and Business Development teams to establish and maintain application security standards, secure development lifecycles, and baseline security requirements. - Monitor cloud environments for security posture and recommend improvements. - Conduct security assessments and reviews of cloud architecture and application configurations to identify risks and recommend solutions. - Define and document security requirements for application deployments, CI/CD pipelines, and infrastructure-as-code templates. - Advise on secure design principles and help teams interpret security requirements within software delivery workflows. - Stay current with cloud security trends, vulnerabilities, and best practices and translate them into actionable guidance. - Support incident response investigations and remediation planning related to cloud and application security. - Participate in and contribute to strategic planning initiatives - Contribute to security operations functions Qualifications Required - 5+ years of experience in cloud security, application security, or cybersecurity engineering. - Deep knowledge of cloud platforms and cloud security technologies. - Working knowledge of common programming languages (e.g., C#, JavaScript/TypeScript, SQL) sufficient to review security‑relevant application logic and identify typical implementation weaknesses. - Hands‑on experience with DevSecOps tooling including SAST, SCA, or DAST solutions to enable lightweight security validation within CI/CD pipelines. - Familiarity with Azure application security capabilities, such as enforcing HTTPS‑only configurations, leveraging private endpoints, and applying identity‑based access patterns to support secure deployment practices - Experience collaborating with developers and infrastructure engineers. - Familiarity with threat modeling, risk assessment methodologies, and security controls. - Excellent communication skills and ability to explain security concepts to technical and non-technical audiences. Preferred - Security certifications (e.g., CISSP, CCSP, CSSLP, CKS). - Knowledge of compliance frameworks (e.g., SOC 2, ISO 27001). - Familiarity with cloud monitoring and security tooling (CSPM, SIEM, IAM tools, etc.). The salary range for this position is $120,000 - $150,000. Must provide minimum authorization to work in the United States. Resumes only accepted for job posted. Thank you for submitting your resume. After our hiring committee has had a chance to review all candidates for this position, we will reach out to only those that will be moving on to the next step in our recruiting process. We appreciate your interest in the position and will contact you if further action is necessary.