Skip to content

At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.

Remote role available.

At Northwestern Mutual, we believe relationships are built on trust. That our lives and our work matter. These beliefs launched our company over 160 years ago. Today, they're just a few of the reasons why people choose to build careers at Northwestern Mutual.

We're strong and growing. In a company with such a long and storied history, this may be the most exciting and important time to be a part of Northwestern Mutual. We're strong, innovative and growing.

We invest in our people. We provide opportunities for employees to grow themselves, their career and in turn, our business.

We care. We make a positive difference in our communities. Nationally, thousands have benefited from our support of research and programs to fight childhood cancer. Each year, our Foundation, employees and financial representatives donate time, talent and financial support to causes they're passionate about.

What’s the role?

As a Lead Security Engineer, your job is to partner with the both the business and engineering organizations to assist them with information protection, cybersecurity, and privacy related risks. This includes helping them navigate through the various risk and cyber security assessment processes, prioritization and establishment of plans to address findings, generating threat models, and hands-on coaching and/or treatment of risks in different stages of the development lifecycle.

As a Lead Security Engineer, you will report into the Security Engineering function and act as a liaison for the Enterprise Information Security and Cybersecurity (EIRC) department. Your role will be that of an embedded team member of a set portfolio of applications. You will be on a team with other risk engineers and will have the accountability to lead and direct others and deliver strategic efforts to improve the overall effectiveness of the team.

Must Haves:

Candidate will have a strong appreciation and skill in partnering with leaders as well as developers, ability to understand, follow risk management processes, practices and documentation needs, ability to balance risk issues with business priorities to drive mutually agreeable timelines for remediation, and strong technical understanding of cloud and application vulnerabilities.

Proven ability to deliver strategic priorities, lead others and identify and improve processes to maintain a high-level of competency, efficiency and effectiveness. Certifications may include (CRISC, CCSP, CISSP, CEH, or equivalent). 7 or more years of experience preferred.

Technical skills:

  • Amazon Web Services (AWS) Cloud

  • Microservice / Micro-architectures

  • Experience with automation tools or coding/scripting (i.e. Ansible, Terraform, Python, Java/JavaScript, PowerShell)

  • Architecture Diagrams / Data Flow Diagrams / Threat Models

  • Application Security – SAST, DAST, Continuous Delivery / Continuous Integrations assuring security and compliance

  • Risk Management (Identity and Access, Data Encryption, Incident Response, Logging and Monitoring, Vulnerability Management)

  • NIST, OWASP, security maturity frameworks (i.e. OpenSAMM, BSIMM), secure software development lifecycle, cyber security regulations, GRC tools

Bring Your Best! What this role needs:

  • Strong leadership skills enabling open communication, trust, transparency and collaboration

  • Proven results of delivering and process improvement

  • Automation mindset with an ability to identify manual processes that can be made more efficient and repeatable and by assisting development teams to apply automation patterns

  • Continuously improve by collecting and responding to feedback and metrics

  • Proactively learn emerging platforms and related technology

  • Ability to independently solve complex technical and security issues and enable/teach others

  • Can move quickly. Everyone here is incredibly kind and extremely willing to share knowledge and a helping hand, but you have to be willing to take ownership of the outlined goals and make things happen

Your general milestones are the following:

  • Within the first two (2) weeks, be able to jump head-first into getting to know the business and engineering teams with the goal of understanding what their business priorities are, how they work and function as a team to best integrate security tasks and what applications / systems they manage and support.

  • Within one (1) month, be able to independently understand the highest risk applications in their space, status of the applications Authorization to Operate, when the last penetration testing assessment was completed, and have a comprehensive list of outstanding findings, process improvements and other risk management concerns.

  • Within two (2) months, have a solid understanding of the various risk management processes, how to engage in them and what documentation is required to complete them. At this time, the individual will be fully engaged in those processes and helping teams complete all necessary activities. Develop a partnership with technical resources and developers.

  • Within four (4) months understand the entire space from an information protection and cyber security perspective and be a point person if the area has questions or concerns, is engaged early in the process when new efforts (large or complex development changes or vendors) are underway, and lead information protection and cyber security efforts through completion.

  • Within five (5) months, demonstrate sustainability of assessments, findings, vulnerabilities through various dashboards and metrics. Lead the creation or modification of control patterns to help other areas manage risks in a consistent and repeatable manner.

  • Within six months, earn additional AWS or Security Equivalent certification if desired / needed. Growth opportunities exist in application security – getting hands-on in code reviews, fixing infrastructure, container and application related vulnerabilities. Additionally, growth in Penetration Testing – looking at the areas applications and continually performing dynamic application testing to identify weaknesses and insufficient controls.

Benefits:

  • Whip-smart team that is very friendly and always willing to lend a hand.

  • Tons of room for career growth. Risk Engineering team is growing rapidly.

  • Highly competitive salary

  • Amazing Benefits

#LI-post

This job is not covered by the existing Collective Bargaining Agreement.

Required Certifications:

Grow your career with a best-in-class company that puts our client’s interests at the center of all we do. Get started now! 

We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.


FIND YOUR FUTURE

We’re excited about the potential people bring to Northwestern Mutual. You can grow your career here while enjoying first-class perks, benefits, and commitment to diversity and inclusion.