Skip to content

Senior DevSecOps Engineer - Vulnerability Management

At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.

Summary:

Northwestern Mutual is looking for an enthusiastic DevSecOps - Vulnerability Management who is looking to grow their career with our Supervisory Organization Enterprise Information Risk & Cybersecurity team! In this position, you will be an integral part of the DevSecOps team, partnering with teams across cybersecurity, infrastructure & cloud services, and application teams. We play a meaningful role maturing Northwestern Mutual's Vulnerability Management program.

Responsibilities:

  • Engineer solutions with a focus on automation to reduce manual/repetitive tasks

  • Design, implement, and maintain procedures, processes, and methodologies that support DevSecOps capabilities

  • Lead day-to-day support of DevSecOps capabilities integrated into our software development lifecycle including SAST, DAST, SCA, RASP, CSPM, and infrastructure vulnerability scanners

  • Actively supervise, assess and recommend tactical and critical initiatives based on new and emerging threats posing risk to our company

  • Stay apprised of current and proposed security changes impacting regulatory, privacy and security industry standard methodologies

  • Lead remediation efforts after security assessment findings outline weaknesses requiring attention

  • Mentor other staff members to ensure consistency, quality and efficiency of work you're doing

Required Skills:

  • Proficiency with development and scripting languages (Python, JavaScript)

  • Knowledgeable about secure architecture, engineering and design principles

  • Excellent analytical, critical thinking, and troubleshooting skills

  • Self-directed individual contributor

  • Knowledgeable of vulnerability management catalogs and scoring systems (CVE, CISA Known Exploited Vulnerabilities, CVSS)

Preferred Skills and Experience:

  • Bachelor’s or equivalent experience

  • 2-5+ years experience in development, infrastructure, and/or cybersecurity

  • Understanding of applicable risk management frameworks from NIST (Cyber Security Framework)

  • Experience in development of applications through automated deployment and orchestration services, such as GitLab, Ansible or Kubernetes

  • Understanding of a wide-range of cybersecurity capabilities including application security, security engineering, identify & access management, incident response, logging & monitoring, and penetration testing

  • Relevant certifications from GIAC, ISC(2) and associated technology partners

#LI-Post

Grow your career with a best-in-class company that puts our client’s interests at the center of all we do. Get started now!

W e are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.

If you work or would be working in Colorado or outside of a Corporate location, please click here for information pertaining to compensation and benefits.


FIND YOUR FUTURE

We’re excited about the potential people bring to Northwestern Mutual. You can grow your career here while enjoying first-class perks, benefits, and commitment to diversity and inclusion.