Skip to content

At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.

What’s the role?
As a Senior Security Engineer, partner with both the Business and Software Engineering organizations to assist them with information protection, cybersecurity, and privacy related risks. Help them navigate through the various risk and cybersecurity assessment processes, prioritize and establish plans to address findings, generate threat models, mitigate security vulnerabilities and participate in risk treatment conversations in different stages of the development lifecycle.

  • We provide ongoing assessment and monitoring of security controls for an assigned portfolio of applications maintaining compliance with policies, standards, and regulations to maintain a secure state in the production environment
  • Provide domain expertise for the information risk management program including evaluating vendor security, cloud platform security, application security (i.e. SAST, DAST), cybersecurity regulations, advising on purchase recommendations and consulting on risk treatment options to ensure effective risk management within organizational risk tolerance
  • Partner with business and engineering teams to understand business priorities, articulate risk and treatment options, complete threat models, coordinate penetration tests, facilitate the remediation of security findings and integrate security into the systems development lifecycle
  • Monitor and consult on treatment of higher-risk application vulnerabilities ensuring an ongoing strong security posture
  • Operate and improve processes, metrics and reporting leveraging experience with automation tools or coding/scripting (e.g. Ansible, Terraform, Python, Java/JavaScript, Powershell, PowerBI)
  • Establish a continual learning plan to stay ahead of technology, the latest security threats, vulnerabilities and secure coding practices
  • Bring strong familiarity with NIST, OWASP and security maturity frameworks (i.e. OpenSAMM, BSIMM) secure software development lifecycle, cybersecurity regulations and GRC tools
  • Provide monitoring and response to key performance metrics and reporting to effectively address changes in security priorities

Our tech stack:

  • Amazon Web Services (AWS) Cloud
  • Microservice / Micro-architectures
  • Automation tools or coding/scripting (i.e. Ansible, Terraform, Python, Java/JavaScript, PowerShell)
  • Architecture Diagrams / Data Flow Diagrams / Threat Models
  • Application Security – SAST, DAST, Continuous Delivery / Continuous Integrations
  • Risk Management (Identity and Access, Data Encryption, Incident Response, Logging and Monitoring, Vulnerability Management)
  • NIST, OWASP, security maturity frameworks (i.e. OpenSAMM, BSIMM), secure software development lifecycle, cybersecurity regulations, GRC tools

Bring Your Best! What this role needs:

In this senior-level role, bring a strong appreciation and skill in partnering with leaders as well as developers, ability to understand, follow risk management processes, practices and documentation needs, ability to balance risk issues with business priorities to drive mutually agreeable timelines for remediation.

  • Bachelor’s degree with an emphasis in Computer Science, Computer Engineering, Software Engineering, MIS, Cybersecurity or related field
  • 5-7 years of professional experience in information technology, specifically software development , risk and security controls assessments or audit with demonstrated knowledge in technology and software engineering
  • Experience with coding/scripting with Java/JavaScript, PowerShell, Python, Ansible, Terraform
  • Flexibility to adjust to changing business needs by effectively managing and prioritizing concurrent assignments through effective time management, prioritization, and follow-through
  • Ability to identify and independently resolve critical issues
  • Ability to develop and use relationships to effectively influence and negotiate with internal and external partners
  • Excellent written and verbal communication skills focused on articulating risk and security concepts in both technical and business terms
  • One or more advanced risk or security certifications (e.g. CISSP, CCSP, CEH, CRISC, CISA, CISM) or willingness to achieve within first year

Benefits:

  • Whip-smart team that is very friendly and always willing to lend a hand
  • Tons of room for career growth, learning and development
  • Highly competitive salary
  • Amazing Benefits

#LI-POST

Grow your career with a best-in-class company that puts our client’s interests at the center of all we do. Get started now!

W e are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.

If you work or would be working in Colorado or outside of a Corporate location, please click here for information pertaining to compensation and benefits.


FIND YOUR FUTURE

We’re excited about the potential people bring to Northwestern Mutual. You can grow your career here while enjoying first-class perks, benefits, and commitment to diversity and inclusion.