At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years, our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection.
Your role in the team
For this opportunity, the business is flexible to hire at Sr Consultant II, Lead Consultant, and Expert level depending on experience & interview evaluation.
Product Security Engineering designs, builds, and operates enterprise security capabilities that integrate directly into cloud platforms, software development lifecycles, and enterprise engineering practices. The organisation applies modern engineering approaches to embed security early in the development process, enabling teams to deliver secure, resilient, and scalable technology solutions.
The Threat Modeling - Platform Consultant is a senior security consultant responsible for driving the adoption of secure-by-design principles across enterprise technology platforms through the application of advanced threat modeling practices.
The role focuses on embedding threat modeling into both new and existing applications, influencing architectural decisions, improving security posture, and guiding engineering organizations through complex security challenges. Working across Product Security, Engineering, Security Operations, and Architecture teams, the consultant helps ensure security is treated as a foundational element of platform design rather than a downstream activity.
Key responsibilities:
-
Serve as a trusted security consultant to engineering teams, providing guidance on secure architecture, platform design, and threat modeling practices
-
Lead and facilitate threat modeling engagements across multiple applications, platforms, and business domains to identify and mitigate security risks early in the development lifecycle
-
Embed secure-by-design principles into software delivery processes, ensuring security considerations are incorporated from discovery through production deployment
-
Define, communicate, and influence platform security strategies and architectural decisions with both technical and non-technical stakeholders
-
Partner with engineering, architecture, and security teams to develop risk-based security recommendations that balance security, business objectives, and developer experience
-
Collaborate with Security Operations and Product Security teams to improve threat detection capabilities, breach modeling initiatives, and security resilience
-
Facilitate architectural reviews, discovery workshops, and threat modeling sessions that enable teams to make informed security decisions
-
Champion emerging security capabilities including AI Security, API Security, SaaS Security, and threat modeling automation initiatives
Essential Skills:
-
All applicants must demonstrate they have a legal right to work in the UK for employment at Allstate. Allstate is not providing sponsorship for this vacancy.
-
Minimum of 3 years' experience in software engineering, security engineering, solutions architecture, technical project management, solution design, or platform engineering roles within complex enterprise environments.
-
Experience acting as a technical advisor, consultant, architect, or security partner supporting engineering teams during design and implementation activities
-
Deep understanding of threat modeling methodologies such as STRIDE, Attack Trees, Kill Chains, or equivalent risk assessment frameworks
-
Demonstrated experience identifying, documenting, and mitigating security threats within cloud-native, distributed, API-driven, or enterprise applications
-
Practical experience with modern software development practices including CI/CD, source control, automated testing, and Agile delivery methodologies
Desirable Skills:
-
Working knowledge of industry security frameworks and standards including OWASP Top 10, MITRE ATT&CK, NIST Cybersecurity Framework, OAuth 2.0, OpenID Connect, and SAML
-
Experience supporting Security Operations, Incident Response, SOC, or breach modeling activities
-
Strong software engineering background with experience in Java, JavaScript, Python, Go, Rust, or other modern programming languages
-
Experience designing and reviewing RESTful APIs and API-first architectures using specifications such as OpenAPI or Swagger
-
Experience integrating security controls and automated security testing into CI/CD pipelines
-
Experience applying AI, automation, and modern engineering tools to enhance security effectiveness and productivity, with exposure to AI, SaaS, and API security.
-
Working knowledge of cloud platforms such as AWS, Azure, or GCP and associated security considerations
Supervisory Responsibilities:
This role does not have direct people management responsibilities but is expected to provide technical leadership, mentorship, and strategic guidance across engineering and security teams.
Posting End Date: Sunday 19th July 2026 {11.59pm}
Skills
Agile Methodology, Automated Testing, CI/CD, Compliance, People Management, Technology Platforms
Why join us?
Allstate NI is proud to be Allstate’s European Digital Centre of Excellence, a hub for innovation and engineering excellence. We’re recent winners of Best Place to Work in IT (100+ employees) and Best Use of Cloud Services at the Belfast Telegraph IT Awards, and we’ve been recognised for our community and sustainability impact with Platinum in the Northern Ireland Environmental Benchmarking Survey.
We’re a product-driven, cloud-first organisation delivering real outcomes through modern technology, a digital product-centric talent model, and a culture rooted in engineering excellence. Our teams work in cross-functional structures, guided by an outcome-based delivery approach that accelerates speed, agility, and value.
We also invest in you. At Allstate NI, your career growth matters. You’ll have access to our Continuous Learning Hub, designed to support skills development and professional advancement through tailored learning paths, certifications, and mentoring opportunities. Whether you’re deepening technical expertise or exploring leadership roles, we provide the tools and support to help you thrive.
As well as receiving a competitive annual salary, our reward package includes:
-
Corporate bonus scheme
-
Pension scheme
-
Annual performance-related pay reviews
-
Life assurance and income protection
-
Flexible working options
-
Hybrid working
-
Private medical and dental insurance
-
Access to an employee assistance programme
-
Discounted gym membership
-
Two paid volunteering days each year
-
Cycle to work scheme
Be part of a high-performing, socially responsible organisation where your work has purpose, and your growth is supported every step of the way.