Skip to content

Lead Cybersecurity Engineer – Incident Command - Threat Detection and Response

At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.

At Northwestern Mutual, we believe relationships are built on trust. That our lives and our work matter. These beliefs launched our company nearly 160 years ago. Today, they're just a few of the reasons why people choose to build careers at Northwestern Mutual!

We're strong and growing. In a company with such a long and storied history, this may be the most exciting and important time to be a part of Northwestern Mutual. We're strong, innovative, and growing.

We invest in our people. We provide opportunities for employees to grow themselves, their careers, and in turn, our business.

This is a hybrid position. Will require 3 days (M, T, and W) onsite at our downtown MKE location.

What's the job?

Primary Duties & Responsibilities:

  • Operate in an incident command role for all major cybersecurity incidents across teams, including cyber-threats, insider risk, and third party. 

  • Planning and executing regular incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress. 

  • Be responsible for tracking the execution of playbooks, remediation actions, and lessons learned stemming from cybersecurity incidents. 

  • Understand the portfolio of technologies used in threat detection and response, with an eye toward identifying automation opportunities so staff can focus on more advanced tasks. 

  • Maintain the documentation and governance processes for multiple teams, ensuring all teams work meets quality standards. 

  • Develop and maintain KPIs and scorecards for operational effectiveness. 

  • Work with SIEM/SOAR teams to implement automation and detections to improve the organizations’ cyber-defense posture. 

  • Work within the cross-functional purple team to help plan and coordinate purple team activities. 

  • Product/Team Lead: Accountable for independently, and/or in coordination with team management, setting the vision and direction for the team’s work – and influencing work at the department level – as well as assisting in the management of team member’s work allocation and time.


Hands-on experience: 

  • Coordinating large-scale, long-duration incidents with multiple business, regulatory, third-party, and technical stakeholders. 

  • Skilled communicator, able to brief executive leadership and adapt materials quickly to answer new questions or provide information to a new audience. 

  • Preparing reports, slide decks, and other communications materials. 

  • Working within a defined GRC system, ensuring controls are documented and successfully tested. 

  • Working with BI, SIEM, and ticketing systems. 

General knowledge: 

  • Familiarity with MITRE ATT&CK framework, understanding various techniques & tactics used by threat actors, and how those activities are detected. 

  • Familiarity with regulatory frameworks in cybersecurity and privacy. 

  • Relationship building 

  • SOC / Incident Response investigative skills, such as digital forensics, memory analysis, malware reverse engineering or threat hunting.   

  • Experience in scripted IT operations by way of Systems Administration, Software Development, DevOps, or Site Reliability Engineering.   

  • Strong problem-solving, ability to analyze, design, develop, deploy, and support solutions. 

Preferred Qualifications:

  • 5-7 years working in security operations roles. 

  • Experience operating in a 24x7 environment. 

  • Degree with an emphasis in Cybersecurity, Computer Science, Computer Engineering, Software Engineering, MIS, or a related field 

  • Background in information technology with an emphasis on network or systems administration.  

  • Hold or willingness to obtain certifications such as GCIH, GCFE, GCFA, GDAT, CISSP, or other relevant security certifications.   

Our Benefits!

  • Tons of room for career growth.

  • We offer highly competitive compensation, including annual bonus opportunities

  • Medical/Dental/Vision plans, 401(k), pension program

  • We provide tuition reimbursement, PTO, and Holiday Pay

  • We provide extensive Professional Training Opportunities

  • We offer an excellent Work/Life Balance


Compensation Range:

Pay Range - Start:


Pay Range - End:


Northwestern Mutual pays on a geographic-specific salary structure and placement in the salary range for this position will be determined by a number of factors including the skills, education, training, credentials and experience of the candidate; the scope, complexity as well as the cost of labor in the market; and other conditions of employment. At Northwestern Mutual, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. Please note that the salary range listed in the posting is the standard pay structure. Positions in certain locations (such as California) may provide an increase on the standard pay structure based on the location. Please click here for additiona l information relating to location-based pay structures.

Grow your career with a best-in-class company that puts our client’s interests at the center of all we do. Get started now!

We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.

If you work or would be working in California, Colorado, New York City, Washington or outside of a Corporate location, please click here for information pertaining to compensation and benefits.


We’re excited about the potential people bring to Northwestern Mutual. You can grow your career here while enjoying first-class perks, benefits, and commitment to diversity and inclusion.