Key skills
AWSAzureClojureCloudDistributed SystemsDockerElixirHaskellJavaJavaScriptKubernetesMicroservicesRustSpringSpring BootSpringBootGoCAIMLClaudeAnalyticsTDDBDDIAMOAuthSAMLSwaggerOpenAPIRESTfulGitGitHubSaaSAgileCI/CDLeadershipStrategic PlanningOWASPZero Trust
About this role
Role Overview
- Serve as a trusted consultant to engineering teams and organizations, guiding secure platform design and implementation across diverse product domains
- Communicate clearly and effectively ensuring business and engineering needs are met
- Foster effective collaborative sessions with teams from different disciplines and leadership levels
- Embed secure-by-design principles and deep threat modeling practices into the development lifecycle, ensuring security is foundational—not bolted on
- Define and communicate Allstate’s security posture clearly to technical and business leadership, enabling informed decision-making
- Lead the ideation and implementation of innovative security controls that challenge the status quo and elevate Allstate’s embedded security maturity
- Drive forward engineering practices that adapt to evolving technologies, enabling scalable, resilient, and efficient platforms
- Mentor engineers and platform consultants in systems thinking, reusable design, and outcome-based delivery
- Influence cross-functional teams through Discovery & Framing sessions, architectural reviews, and strategic planning
- Promote and enforce architectural standards, simplification, and reuse across the enterprise
- Actively participate in agile ceremonies and foster a culture of continuous learning and iterative delivery
Requirements
- A minimum of 5 years software engineering experience in at least 3 programming paradigms to include:
- Object-oriented (Java & Javascript required and at least one other language)
- Procedural / systems (e.g. Go, Rust, C)
- Functional (e.g. F#, Elixir, Clojure, Haskell) and experience using modern development tools (e.g., IntelliJ or VS Code, Git/GitHub, Spring Boot) and designing robust RESTful APIs
- A minimum of 3 years hands on expertise in architecting and delivering large scale distributed systems, such as cloud native microservices on Docker/Kubernetes, deployed on modern cloud platforms (AWS, Azure, or equivalent), ensuring scalability, high availability, and performance
- Demonstrated success as a high impact technical advisor to multiple engineering teams, with proven ability to influence architecture direction and mentor engineers in best practices with proven leadership responsibilities.
- Expert level knowledge of Agile/XP and DevOps methodologies, including paired programming, test driven development (TDD), and CI/CD automation, with a track record of using these practices to accelerate delivery and improve quality
- In-depth knowledge of industry security frameworks and web/API security standards e.g., OWASP Top 10, MITRE ATT&CK, OAuth 2.0, OpenID Connect, SAML – to guide secure design and development practices
- Deep expertise in security architecture and secure-by-design practices, including advanced threat modeling, robust identity and access management (IAM) strategies, and Zero Trust architectures with a proven ability to embed these controls at all stages of the development lifecycle
- Technical proficiency with AI tools such as running local models, developing MCP servers, using AI powered development tools like cursor/copilot/claude code/codex/etc to help drive your work more efficiently and test for effective model deployment strategies
- Demonstrated expertise in API-first design and specification-driven development (e.g., OpenAPI, Swagger), enabling scalable, discoverable, and reusable services. Proven ability to shape developer experience and accelerate delivery through contract-first approaches, while laying the foundation for AI-assisted development and automated API governance
- Deep understanding of modern cryptographic principles and protocols (e.g., AES, TLS, Argon2, elliptic curve cryptography), with the ability to evaluate, implement, and advise on secure data protection strategies.
- Skilled in applying cryptographic techniques to strengthen trust boundaries, safeguard sensitive data, and ensure compliance with enterprise and regulatory security standards
- Experience with advanced development and testing practices, such as behavior-driven development (BDD) and integrating automated security checks into CI/CD pipelines
- Familiarity with emerging technologies (e.g., AI/ML, knowledge graph solutions, advanced analytics) and their application to improve developer velocity, platform reliability, and security capabilities
- Exposure to specialized security domains like AI Security, SaaS Security, and API Security, with an understanding of the unique challenges and tools in these areas.
Tech Stack
- AWS
- Azure
- Clojure
- Cloud
- Distributed Systems
- Docker
- Elixir
- Haskell
- Java
- JavaScript
- Kubernetes
- Microservices
- Rust
- Spring
- Spring Boot
- SpringBoot
- Go
Benefits
- A generous, flexible benefits package including annual leave, healthcare and dental cover, pension, and lifestyle discounts
- Access to world-class learning platforms and award-winning L&D
- Clear career paths, internal mobility, and a strong focus on growth
- A people-first culture with flexible working options