Principal Financial Group
Sr Information Security Engineer
Principal Financial Group, Des Moines, Iowa, United States, 50319
What You'll Do
We're looking for a Senior Info Security Engineer to join our Information Security and Risk team. In this role, you'll serve as a liaison between Principal's Retirement and Income Solutions (RIS) business and the Corporate Information Security team.
RIS has many distinct business units each with unique products, services, vendors, customers and regulators. This is a fast-paced team combating real-world problems including exposure to all aspects of security (ex. incident management, customer security inquiries, regulations, audit, access control, data loss prevention, secure software, and more).
You'll have the opportunity to:Focus on the DevOps Secure team to influence and implement upon information security related strategiesProvide research and analysis related to application vulnerability resolution, resolving OWASP top 10 static analysis findingsPartner on architecture risk assessments, acceptations to security policy and work with engineering teams to remediate acceptations, build remediation plansParticipate in pair programming and/or be able to handle complex tasks with limited directionLearn or bolster existing information security knowledge. Opportunities for pursuing information security certifications are available and recommendedParticipate and collaborate in various forums (like daily huddle and architecture risk assessments) identifying concerns (risks) and/or insightsPerform research gathering, collaboration, and/or support efforts for security events/incidentsOperating at the intersection of financial services and technology, Principal builds financial tools that help our customers live better lives. We take pride in being a purpose-led firm, motivated by our mission to make financial security accessible to all. Our mission, integrity, and customer focus have made us a trusted leader for more than 140 years.
Who You Are
Bachelor's degree (preference in a computer science, technology, engineering or math-related field) or equivalent experience6+ years of information security engineering experienceCloud security experienceSecurity tooling experience including SAST, SCA, CASBExperience providing application consulting related to security vulnerability remediationProficiency in one or more of the following: Fortify, Bitbucket, Service-Now, Jira, Git-Hub, Archer (GRC Tool), SharePoint, Confluence, Java, .NET, Docker, Python, Go, NodeJs, Infrastructure as codeAbility to lead design and implementation of security automationGood communication and organization skills, including the ability to collaborate with internal and external partners, customers, regulators, suppliers, and leadershipSkills That Will Help You Stand Out
Experience working in the financial services and/or insurance industry preferredCISSP, CRISC certificationsFamiliarity with NIST 800-53 FrameworkAbility to make decisions in ambiguity
Salary Range Information
Salary ranges below reflect targeted base salaries. Non-sales positions have the opportunity to participate in a bonus program. Sales positions are eligible for sales incentives, and in some instances a bonus plan, whereby total compensation may far exceed base salary depending on individual performance. Actual compensation for all roles will be based upon geographic location, work experience, education, licensure requirements and/or skill level and will be finalized at the time of offer.Salary Range (Non-Exempt expressed as hourly; Exempt expressed as yearly)
$123000 - $167000 / yearTime Off Program
Flexible Time Off (FTO) is provided to salaried (exempt) employees and provides the opportunity to take time away from the office with pay for vacation, personal or short-term illness. Employees don't accrue a bank of time off under FTO and there is no set number of days provided.Pension Eligible
YesAdditional Information
Work Environments
This role offers in-office, hybrid (blending at least three office days in a typical workweek), and remote work arrangements (only if residing more than 30 miles from Des Moines, IA, or Charlotte, NC). You'll work with your leader to figure out which option may align best based on several factors.
Work Authorization/Sponsorship
At this time, we're not considering applicants that need any type of immigration sponsorship (additional work authorization or permanent work authorization) now or in the future to work in the United States. This includes, but IS NOT LIMITED TO: F1-OPT, F1-CPT, H-1B, TN, L-1, J-1, etc. For additional information around work authorization needs please use the following links.
Nonimmigrant Workers and Green Card for Employment-Based Immigrants
Investment Code of Ethics
For Principal Asset Management positions, you'll need to follow an Investment Code of Ethics related to personal and business conduct as well as personal trading activities for you and members of your household. These same requirements may also apply to other positions across the organization.
Experience Principal
At Principal, we value connecting on both a personal and professional level. Together, we're imagining a more purpose-led future for financial services - and that starts with you. Our success depends on the unique experiences, backgrounds, and talents of our employees. And we support our employees the same way we support our customers: with comprehensive, competitive benefit offerings crafted to protect their physical, financial, and social well-being. Check out our careers site to learn more about our purpose, values and benefits.
Principal is an Equal Opportunity Employer
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Posting Window
We will accept applications for 3 full days following the Original Posting Date, after which the posting may remain open or be removed based upon applications received. If we choose to post the job again, we will accept additional applications for at least 1 full day following the Most Recently Posted Date. Please submit applications in a timely manner as there is no guarantee the posting will be available beyond the applicable deadline.Original Posting Date
7/10/2024Most Recently Posted Date
10/16/2024
LinkedIn Remote Hashtag
#LI-Remote
LinkedIn Hashtag
#LI-EW1
We're looking for a Senior Info Security Engineer to join our Information Security and Risk team. In this role, you'll serve as a liaison between Principal's Retirement and Income Solutions (RIS) business and the Corporate Information Security team.
RIS has many distinct business units each with unique products, services, vendors, customers and regulators. This is a fast-paced team combating real-world problems including exposure to all aspects of security (ex. incident management, customer security inquiries, regulations, audit, access control, data loss prevention, secure software, and more).
You'll have the opportunity to:Focus on the DevOps Secure team to influence and implement upon information security related strategiesProvide research and analysis related to application vulnerability resolution, resolving OWASP top 10 static analysis findingsPartner on architecture risk assessments, acceptations to security policy and work with engineering teams to remediate acceptations, build remediation plansParticipate in pair programming and/or be able to handle complex tasks with limited directionLearn or bolster existing information security knowledge. Opportunities for pursuing information security certifications are available and recommendedParticipate and collaborate in various forums (like daily huddle and architecture risk assessments) identifying concerns (risks) and/or insightsPerform research gathering, collaboration, and/or support efforts for security events/incidentsOperating at the intersection of financial services and technology, Principal builds financial tools that help our customers live better lives. We take pride in being a purpose-led firm, motivated by our mission to make financial security accessible to all. Our mission, integrity, and customer focus have made us a trusted leader for more than 140 years.
Who You Are
Bachelor's degree (preference in a computer science, technology, engineering or math-related field) or equivalent experience6+ years of information security engineering experienceCloud security experienceSecurity tooling experience including SAST, SCA, CASBExperience providing application consulting related to security vulnerability remediationProficiency in one or more of the following: Fortify, Bitbucket, Service-Now, Jira, Git-Hub, Archer (GRC Tool), SharePoint, Confluence, Java, .NET, Docker, Python, Go, NodeJs, Infrastructure as codeAbility to lead design and implementation of security automationGood communication and organization skills, including the ability to collaborate with internal and external partners, customers, regulators, suppliers, and leadershipSkills That Will Help You Stand Out
Experience working in the financial services and/or insurance industry preferredCISSP, CRISC certificationsFamiliarity with NIST 800-53 FrameworkAbility to make decisions in ambiguity
Salary Range Information
Salary ranges below reflect targeted base salaries. Non-sales positions have the opportunity to participate in a bonus program. Sales positions are eligible for sales incentives, and in some instances a bonus plan, whereby total compensation may far exceed base salary depending on individual performance. Actual compensation for all roles will be based upon geographic location, work experience, education, licensure requirements and/or skill level and will be finalized at the time of offer.Salary Range (Non-Exempt expressed as hourly; Exempt expressed as yearly)
$123000 - $167000 / yearTime Off Program
Flexible Time Off (FTO) is provided to salaried (exempt) employees and provides the opportunity to take time away from the office with pay for vacation, personal or short-term illness. Employees don't accrue a bank of time off under FTO and there is no set number of days provided.Pension Eligible
YesAdditional Information
Work Environments
This role offers in-office, hybrid (blending at least three office days in a typical workweek), and remote work arrangements (only if residing more than 30 miles from Des Moines, IA, or Charlotte, NC). You'll work with your leader to figure out which option may align best based on several factors.
Work Authorization/Sponsorship
At this time, we're not considering applicants that need any type of immigration sponsorship (additional work authorization or permanent work authorization) now or in the future to work in the United States. This includes, but IS NOT LIMITED TO: F1-OPT, F1-CPT, H-1B, TN, L-1, J-1, etc. For additional information around work authorization needs please use the following links.
Nonimmigrant Workers and Green Card for Employment-Based Immigrants
Investment Code of Ethics
For Principal Asset Management positions, you'll need to follow an Investment Code of Ethics related to personal and business conduct as well as personal trading activities for you and members of your household. These same requirements may also apply to other positions across the organization.
Experience Principal
At Principal, we value connecting on both a personal and professional level. Together, we're imagining a more purpose-led future for financial services - and that starts with you. Our success depends on the unique experiences, backgrounds, and talents of our employees. And we support our employees the same way we support our customers: with comprehensive, competitive benefit offerings crafted to protect their physical, financial, and social well-being. Check out our careers site to learn more about our purpose, values and benefits.
Principal is an Equal Opportunity Employer
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Posting Window
We will accept applications for 3 full days following the Original Posting Date, after which the posting may remain open or be removed based upon applications received. If we choose to post the job again, we will accept additional applications for at least 1 full day following the Most Recently Posted Date. Please submit applications in a timely manner as there is no guarantee the posting will be available beyond the applicable deadline.Original Posting Date
7/10/2024Most Recently Posted Date
10/16/2024
LinkedIn Remote Hashtag
#LI-Remote
LinkedIn Hashtag
#LI-EW1