Senior Security Engineer

At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.

• We provide ongoing assessment and monitoring of security controls for an assigned portfolio of applications maintaining compliance with policies, standards, and regulations to maintain a secure state in the production environment
• Provide domain expertise for the information risk management program including evaluating vendor security, cloud platform security, application security (i.e. SAST, DAST), cybersecurity regulations, advising on purchase recommendations and consulting on risk treatment options to ensure effective risk management within organizational risk tolerance
• Partner with business and engineering teams to understand business priorities, articulate risk and treatment options, complete threat models, coordinate penetration tests, facilitate the remediation of security findings and integrate security into the systems development lifecycle
• Monitor and consult on treatment of higher-risk application vulnerabilities ensuring an ongoing strong security posture
• Operate and improve processes, metrics and reporting leveraging experience with automation tools or coding/scripting (e.g. Ansible, Terraform, Python, Java/JavaScript, Powershell, PowerBI)
• Establish a continual learning plan to stay ahead of technology, the latest security threats, vulnerabilities and secure coding practices
• Bring strong familiarity with NIST, OWASP and security maturity frameworks (i.e. OpenSAMM, BSIMM) secure software development lifecycle, cybersecurity regulations and GRC tools
• Provide monitoring and response to key performance metrics and reporting to effectively address changes in security priorities

• Amazon Web Services (AWS) Cloud
• Microservice / Micro-architectures
• Automation tools or coding/scripting (i.e. Ansible, Terraform, Python, Java/JavaScript, PowerShell)
• Architecture Diagrams / Data Flow Diagrams / Threat Models
• Application Security - SAST, DAST, Continuous Delivery / Continuous Integrations
• Risk Management (Identity and Access, Data Encryption, Incident Response, Logging and Monitoring, Vulnerability Management)
• NIST, OWASP, security maturity frameworks (i.e. OpenSAMM, BSIMM), secure software development lifecycle, cybersecurity regulations, GRC tools

• Bachelor's degree with an emphasis in Computer Science, Computer Engineering, Software Engineering, MIS, Cybersecurity or related field
• 5-7 years of professional experience in information technology, specifically software development, risk and security controls assessments or audit with demonstrated knowledge in technology and software engineering
• Experience with coding/scripting with Java/JavaScript, PowerShell, Python, Ansible, Terraform
• Flexibility to adjust to changing business needs by effectively managing and prioritizing concurrent assignments through effective time management, prioritization, and follow-through
• Ability to identify and independently resolve critical issues
• Ability to develop and use relationships to effectively influence and negotiate with internal and external partners
• Excellent written and verbal communication skills focused on articulating risk and security concepts in both technical and business terms
• One or more advanced risk or security certifications (e.g. CISSP, CCSP, CEH, CRISC, CISA, CISM) or willingness to achieve within first year

• Whip-smart team that is very friendly and always willing to lend a hand
• Tons of room for career growth, learning and development
• Highly competitive salary
• Amazing Benefits