Northwestern Mutual Investment Services, LLC
Product Security Engineer
Northwestern Mutual Investment Services, LLC, Denver, Colorado, United States,
At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.
Northwestern Mutual is looking for enthusiastic technologists who want to grow their career in product security. In this position, you will work with cross-functional teams while leveraging a set of diverse technologies and an automation first approach resulting in the deployment, testing, and documentation of secure patterns to ensure our NM engineering practices are Secure by Default.This role requires a DevOps mindset with experience in Python, SQL/DBs (Postgress\MySQL\etc), AWS, Configuration as Code and an exceptional level of enthusiasm for technology and engineering. Must have a proven track record of self-motivated accomplishment. This is an exciting opportunity to build upon technical experience with a strong security mindset.Primary Duties & Responsibilities:Engineer solutions with a focus on automation to reduce manual/repetitive tasks in alignment with NM's Target State Architecture and predominant PlatformsGuide and advise application and engineering teams in product securityManage technical support of product security capabilitiesDesign, implement, and maintain procedures, processes, and methodologies that support product security capabilitiesActively monitor, assess, and recommend tactical and strategic initiatives based on new and emerging threats posing risk to our companyIdentify requirements for existing and newly proposed processes and engineer automation-solutions that reduce or eliminate repetitive or manual workStay apprised of current and proposed security changes impacting regulatory, privacy and security industry best practicesManage remediation efforts after security assessment findings outline weaknesses requiring attentionMentor other staff members to ensure consistency, quality, and productivity of deliverablesParticipate in a multi-org group identifying, deploying, testing, and documenting opinionated ways to achieve our Security Standards in secure application / infrastructure patternsAssist with technical support of defined secure application / infrastructure patternsPartner with other teams on emerging best practices, patterns, and technologyProactively learn emerging platforms and related technologyQualifications:Bachelor's or equivalent experience with an emphasis in Cybersecurity, Computer science, Computer engineering, Software engineering, Cloud Engineering, MIS related field5+ years' experience in development, infrastructure, and/or cybersecurityExperience with CICD pipelines to automate application and infrastructure code deploymentsExperience with workload orchestration platforms such as KubernetesExperience with Infrastructure as code concepts and tooling including Terraform or CloudFormation.One or more advanced security certifications (e.g., CISSP, CCSP, GIAC, ISC[2] and other recognized cybersecurity industry organizations)Understanding of applicable risk management frameworks such as NIST, Cloud Security Alliance, and OWASPKnowledgeable about secure architecture, engineering, and design principlesCompetency with one or more scripting/programming languages such as Python, JavaScript, Java, Ruby, Go, PowerShell, Bash, C#, C/C++, etcStrong written and verbal communication skills with proven interpersonal savvy with demonstrated tact and diplomacyPreferred Qualifications:Experience with Amazon Web Services (AWS) and/or Microsoft Azure, preferably within an Agile/DevOps operating modelExperience with SAST, DAST, RASP and/or SCA toolsUnderstanding of a wide range of cybersecurity capabilities including application security, security engineering, identity & access management, incident response, logging & monitoring, cloud and penetration testingThe ideal candidate is:Passionate about security!A team player who enjoys collaborating with cross-functional teamsA great communicator (written and verbal) with an ability to articulate complex topics in a clear and concise mannerA problem solver that employs a flexible and constructive approachProficient with multiple development tools and is continuously looking for opportunities to improve processes and capabilities through automationA self-directed individual contributor who is experienced working with application and engineering teamsAn engineer who enables productivity in support of business objectivesFamiliar with traditional or cloud computing, including networking, compute, storage, app development, data, operations, or securityComfortable reviewing code and speaking openly to provide remediation guidanceA self-directed individual contributor with the ability to independently identify and resolve issuesSomeone who has a track record of acting with integrity, taking pride in work, seeking to excel, being curious, and is adaptableAble to maintain and strengthen relationships with the ability to effectively influence and negotiate with internal and external partnersAble to solve complex technical issues and enable/teach peers to be self-sufficient and provide thought leadership throughout the local work divisionCompensation Range:Pay Range - Start: $100,030.00Pay Range - End: $185,770.00Northwestern Mutual pays on a geographic-specific salary structure and placement in the salary range for this position will be determined by a number of factors including the skills, education, training, credentials and experience of the candidate; the scope, complexity as well as the cost of labor in the market; and other conditions of employment. At Northwestern Mutual, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. Please note that the salary range listed in the posting is the standard pay structure. Positions in certain locations (such as California) may provide an increase on the standard pay structure based on the location.We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.If you work or would be working in California, Colorado, New York City, Washington or outside of a Corporate location, please click
here
for information pertaining to compensation and benefits.Grow your career with a best-in-class company that puts our client’s interests at the center of all we do. Get started now!#J-18808-Ljbffr
Northwestern Mutual is looking for enthusiastic technologists who want to grow their career in product security. In this position, you will work with cross-functional teams while leveraging a set of diverse technologies and an automation first approach resulting in the deployment, testing, and documentation of secure patterns to ensure our NM engineering practices are Secure by Default.This role requires a DevOps mindset with experience in Python, SQL/DBs (Postgress\MySQL\etc), AWS, Configuration as Code and an exceptional level of enthusiasm for technology and engineering. Must have a proven track record of self-motivated accomplishment. This is an exciting opportunity to build upon technical experience with a strong security mindset.Primary Duties & Responsibilities:Engineer solutions with a focus on automation to reduce manual/repetitive tasks in alignment with NM's Target State Architecture and predominant PlatformsGuide and advise application and engineering teams in product securityManage technical support of product security capabilitiesDesign, implement, and maintain procedures, processes, and methodologies that support product security capabilitiesActively monitor, assess, and recommend tactical and strategic initiatives based on new and emerging threats posing risk to our companyIdentify requirements for existing and newly proposed processes and engineer automation-solutions that reduce or eliminate repetitive or manual workStay apprised of current and proposed security changes impacting regulatory, privacy and security industry best practicesManage remediation efforts after security assessment findings outline weaknesses requiring attentionMentor other staff members to ensure consistency, quality, and productivity of deliverablesParticipate in a multi-org group identifying, deploying, testing, and documenting opinionated ways to achieve our Security Standards in secure application / infrastructure patternsAssist with technical support of defined secure application / infrastructure patternsPartner with other teams on emerging best practices, patterns, and technologyProactively learn emerging platforms and related technologyQualifications:Bachelor's or equivalent experience with an emphasis in Cybersecurity, Computer science, Computer engineering, Software engineering, Cloud Engineering, MIS related field5+ years' experience in development, infrastructure, and/or cybersecurityExperience with CICD pipelines to automate application and infrastructure code deploymentsExperience with workload orchestration platforms such as KubernetesExperience with Infrastructure as code concepts and tooling including Terraform or CloudFormation.One or more advanced security certifications (e.g., CISSP, CCSP, GIAC, ISC[2] and other recognized cybersecurity industry organizations)Understanding of applicable risk management frameworks such as NIST, Cloud Security Alliance, and OWASPKnowledgeable about secure architecture, engineering, and design principlesCompetency with one or more scripting/programming languages such as Python, JavaScript, Java, Ruby, Go, PowerShell, Bash, C#, C/C++, etcStrong written and verbal communication skills with proven interpersonal savvy with demonstrated tact and diplomacyPreferred Qualifications:Experience with Amazon Web Services (AWS) and/or Microsoft Azure, preferably within an Agile/DevOps operating modelExperience with SAST, DAST, RASP and/or SCA toolsUnderstanding of a wide range of cybersecurity capabilities including application security, security engineering, identity & access management, incident response, logging & monitoring, cloud and penetration testingThe ideal candidate is:Passionate about security!A team player who enjoys collaborating with cross-functional teamsA great communicator (written and verbal) with an ability to articulate complex topics in a clear and concise mannerA problem solver that employs a flexible and constructive approachProficient with multiple development tools and is continuously looking for opportunities to improve processes and capabilities through automationA self-directed individual contributor who is experienced working with application and engineering teamsAn engineer who enables productivity in support of business objectivesFamiliar with traditional or cloud computing, including networking, compute, storage, app development, data, operations, or securityComfortable reviewing code and speaking openly to provide remediation guidanceA self-directed individual contributor with the ability to independently identify and resolve issuesSomeone who has a track record of acting with integrity, taking pride in work, seeking to excel, being curious, and is adaptableAble to maintain and strengthen relationships with the ability to effectively influence and negotiate with internal and external partnersAble to solve complex technical issues and enable/teach peers to be self-sufficient and provide thought leadership throughout the local work divisionCompensation Range:Pay Range - Start: $100,030.00Pay Range - End: $185,770.00Northwestern Mutual pays on a geographic-specific salary structure and placement in the salary range for this position will be determined by a number of factors including the skills, education, training, credentials and experience of the candidate; the scope, complexity as well as the cost of labor in the market; and other conditions of employment. At Northwestern Mutual, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. Please note that the salary range listed in the posting is the standard pay structure. Positions in certain locations (such as California) may provide an increase on the standard pay structure based on the location.We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.If you work or would be working in California, Colorado, New York City, Washington or outside of a Corporate location, please click
here
for information pertaining to compensation and benefits.Grow your career with a best-in-class company that puts our client’s interests at the center of all we do. Get started now!#J-18808-Ljbffr