Skip to content

DevSecOps Security Engineer

At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.

At Northwestern Mutual, we embrace cutting-edge technologies to enable our business to grow at an unprecedented rate and are looking for great people to help drive this transformation. We seek talented engineers with a desire to build Northwestern Mutual's future through modern software applications.

The purpose of this role is to (1) Serve as a security engineer with a high level of autonomy to design and deliver enterprise-grade security solutions to create a secure AWS cloud-based posture using AWS, Gitlab-CI, Kubernetes, Docker, Windows, Alpine, CentOS, NodeJS, and Typescript. (2) create an integrated partnership between risk management areas and project teams, (3) embed risk-driven culture and decision making within agile teams and (4) assure that NM is actively identifying and effectively responding to new and evolving risks encountered by the teams at agile speed and scale.

Essential Duties for Role:

  • Proficient in at least one programming language (NodeJS/Typescript/JavaScript preferred)

  • Ability to identify key strengths and weaknesses relating to Kubernetes, Containerization, Docker, Ansible/Terraform (Desired State Configuration)

  • Be able to perform security engineering reviews, regulatory reviews, and vendor engagement reviews

  • Be able to diagnose and communicate security short comings to developers and standard owners

  • Be willing and able to adapt to new security trends by learning and incorporating new security technology into existing systems

  • Educate team on risks that need to be addressed as part of design efforts

  • Ensure control effectiveness by monitoring risk profiles and implemented controls

  • Document changes to architecture and security implications

  • Maintain current asset inventory and product risk profile for products in their area

  • Act as a central point of contact to ensure requirements are implemented properly

Desired Skills and Experience:

  • Familiar with OWASP Top 10 and mitigation strategies

  • Familiar with common regulations (CCPA, HIPAA, NYDFS)

  • Proven technical ability with wide range of application development experience including Infrastructure, DevOps, Test, and Software Engineering (Full Stack)

  • Able to produce high level other diagrams for application security understanding

Additional Skills as a Plus:

  • Existing Certifications or willingness to obtain AWS Certified Developer/Architect

  • Existing Certifications or willingness to obtain Risk Certifications a plus (CCSP, CSSLP, CRISC, Security+)

Our Culture:

  • Empowered Engineers

  • Technical Curiosity

  • Casul, Challenging, and Collaborative Environment

  • Outstanding Products

  • Hackathons / Dedication to Innovation

  • Conferences and Meetups

  • Work-Life Balance

  • Free Lunch

Benefits:

  • Tuition reimbursement, commuter plans, and paid time off.

  • Highly competitive compensation that includes base salary plus bonus.

  • Medical/Dental/Vision plans, 401(k), pension program, and more!

#LI-POST

This job is not covered by the existing Collective Bargaining Agreement.

Required Certifications:

Grow your career with a best-in-class company that puts our client’s interests at the center of all we do. Get started now! 

We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.

If you work or would be working in Colorado or outside of a Corporate location, please click here for information pertaining to compensation and benefits.


FIND YOUR FUTURE

We’re excited about the potential people bring to Northwestern Mutual. You can grow your career here while enjoying first-class perks, benefits, and commitment to diversity and inclusion.