Skip to content

Senior Security Engineer

At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.

What’s the role?

As a Senior Security Engineer, under the mentorship of a Security Engineering Leader, you will partner with both the Business and Engineering organizations to assist them with information protection, cybersecurity, and privacy related risks. This includes helping them navigate through the various risk and cybersecurity assessment processes, prioritize and establish plans to address findings, generate threat models, mitigate security vulnerabilities and participate in risk treatment conversations in various stages of the development lifecycle.

Your general landmarks in this role:

  • Within the first two (2) weeks, jump head-first into getting to know the business and engineering teams with the goal of understanding what their business priorities are, how they work and function as a team to best integrate security tasks and identify the applications / systems they lead and support.
  • Within one (1) month, understand the highest risk applications in their space, status of the application’s Authorization to Operate, when the last penetration testing assessment was completed, and have a comprehensive list of outstanding findings, security vulnerabilities and other risk management concerns.
  • Within two (2) months, have a solid grasp of the various risk management processes, how to engage in them and what documentation is required to complete them. Be fully engaged in those processes and helping teams finish all vital activities.
  • Within four (4) months understand the entire space from an information protection and cybersecurity perspective and be a point person if the area has questions or concerns. Engage early in the process when new efforts (large development changes or vendor evaluations) are underway and lead efforts through completion and identify and solution opportunities for automation.
  • Within five (5) months, demonstrate sustainability of assessments, findings, vulnerabilities through various dashboards and metrics. Begin work on crafting control patterns to help other areas handle risks in a consistent and repeatable manner.
  • Within six (6) months, earn additional AWS or Security Equivalent certification if desired / needed. Growth opportunities exist in application security – getting hands-on in code reviews, fixing infrastructure, container and application related vulnerabilities and securing CI/CD pipelines. Additionally, growth in Penetration Testing – looking at the applications and continually performing static and dynamic application testing to identify weaknesses and broken controls.

Bring Your Best! What this role needs:

  • 5-7+ years of experience in cybersecurity and/or risk management preferred
  • Strong appreciation and skill in partnering with leaders as well as developers, ability to understand, follow risk management processes, practices and documentation needs
  • Ability to balance risk issues with business priorities to drive mutually agreeable timelines for remediation, and deep technical understanding of cloud, application security tools and application vulnerabilities
  • Shown results of delivering and process improvement
  • Automation mentality with an ability to identify manual processes that can be made more efficient and repeatable and by assisting development teams to apply automation patterns
  • Continuously improve by collecting and responding to feedback and metrics
  • Proactively learn emerging platforms and related technology
  • Tackle sophisticated technical and security issues and enable/teach others
  • Move quickly. Everyone here is uncommonly kind and very willing to share knowledge and a helping hand, but you have to be willing to take ownership of the outlined goals and make things happen
  • Certifications may include (CRISC, CCSP, CISSP, CEH, or equivalent)

Technical skills:

  • Amazon Web Services (AWS) Cloud
  • Microservice / Micro-architectures
  • Experience with automation tools or coding/scripting (i.e. Ansible, Terraform, Python, Java/JavaScript, PowerShell)
  • Architecture Diagrams / Data Flow Diagrams / Threat Models
  • Application Security – SAST, DAST, Continuous Delivery / Continuous Integrations assuring security and compliance
  • Risk Management (Identity and Access, Data Encryption, Incident Response, Logging and Monitoring, Vulnerability Management)
  • Familiarity with NIST, OWASP, security maturity frameworks (i.e. OpenSAMM, BSIMM), secure software development lifecycle, cybersecurity regulations, GRC tools

Benefits:

  • Whip-smart team that is very friendly and always willing to lend a hand
  • Tons of room for career growth, coaching and mentoring
  • Highly competitive salary
  • Outstanding Benefits
     

***This role is available for remote work.

#LI-POST

This job is not covered by the existing Collective Bargaining Agreement.

Required Certifications:

Grow your career with a best-in-class company that puts our client’s interests at the center of all we do. Get started now! 

We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.


FIND YOUR FUTURE

We’re excited about the potential people bring to Northwestern Mutual. You can grow your career here while enjoying first-class perks, benefits, and commitment to diversity and inclusion.