Principal Financial Group
Info Security Engineer III
Principal Financial Group, Des Moines, Iowa, United States, 50319
What You'll Do:
We are looking for an Information Security Engineer III to support the Application Security Team products across Principal Financial Group. The engineer role will work with development teams, enterprise SDLC teams and architects to design secure cloud and hybrid preventative secure software controls. Solutions such as scanning and monitoring tools automation as well as understanding the balance between business impact, cost and risk when implementing security controls. This role will also mentor others in developing secure solutions!Develop secure solutions working with new technology and assist in the development of security blueprints and patterns by applying best practice concepts.Represent security while engaging with other technical teams and leaders throughout the organization in design and implementation of secure solutions.Lead initiatives designed to share knowledge across security and technology teams.Research and maintain proficiency in tools, techniques, countermeasures, trends in vulnerabilities, and other security topics.Consult on Building Security In:
Preventative Pipeline Controls Design and implementation of security gates for application security.Code Standards Reviews Participate in code reviews offering security related feedback.Risk Based Security Tests Design test requirements and evaluate results with application owners.Abuse Cases Explain common attacks and attackers viewpoint.Operating at the intersection of financial services and technology, Principal builds financial tools that help our customers live better lives. We take pride in being a purpose-led firm, motivated by our mission to make financial security accessible to all. Our mission, integrity, and customer focus have made us a trusted leader for more than 140 years.As Principal continues to modernize its systems, this role will offer you an exciting opportunity to build solutions that will directly impact our long-term strategy and tech stack, all while ensuring that our products are robust, scalable, and secure!Who You Are:Associate's or bachelor's degree (preference in a computer science, technology, engineering or math-related field) or equivalent and 3+ years work experience.Cloud experienced preferred.Basic knowledge of insurance and financial services products preferred.Proficiency with database applications, knowledge of mainframe, distributed and/or web programming language.Basic leadership and presentation skills required.Excellent time management skills preferred.Must be able to maintain a high degree of accuracy and confidentiality.Must have the desire and ability to learn new technology and continuously grow.Ability to work on cross-functional teams and collaborate with both IT and non-IT partners.Some travel may be required, including overnight stays.May be required to provide on-call support.Excellent interpersonal and communication skills required to partner with other teams across Benefits and Protection to find opportunities, understand threats, develop and deliver solutions that support business strategies.Skills That Will Help You Stand Out
CISSP CertificationUnderstanding of cyber security concepts and the ability to design and implement appropriate solutions.Experience with the broad set of technologies that are incorporated into full stack security solutions including platforms, databases, web servers, applications, networks, etc.Hands on experience with Python or other scripting tools as well as AWS.Experience in identity federation and with multi-factor authentication technologies in a hybrid enterprise environment with SaaS, PaaS, IaaS and on-premises IT assets.Experience with identity and access management (IAM), account provisioning, virtual directory, role-based and attribute-based access control etc.Experience in applying policies and procedure in crafting security controls.Strong familiarity with NIST CSF, NIST 800-53, OWASP Top 10, and OWASP ASVS.
Salary Range Information:Salary ranges below reflect targeted base salaries. Non-sales positions have the opportunity to participate in a bonus program. Sales positions are eligible for sales incentives, and in some instances a bonus plan, whereby total compensation may far exceed base salary depending on individual performance. Actual compensation for all roles will be based upon geographic location, work experience, education, licensure requirements and/or skill level and will be finalized at the time of offer.
Salary Range:$95200 - $182400 / year
Time Off Program:Flexible Time Off (FTO) is provided to salaried (exempt) employees and provides the opportunity to take time away from the office with pay for vacation, personal or short-term illness. Employees dont accrue a bank of time off under FTO and there is no set number of days provided.
Pension Eligible:Yes
Additional Information:Our Engineering Culture
Through our product-driven Agile/Lean DevOps environment, weve fostered a culture of innovation and experimentation across our development teams. As a customer-focused organization, we work closely with our end users and product owners to understand and rapidly respond to emerging business needs.Collaboration is embedded into everything we do from the products we develop to the quality service we provide. Were driven by the belief that diversity of thought, background, and perspective is critical to creating the best products and experiences for our customers.Work Environments
This role offers in-office, hybrid (blending at least three office days in a typical workweek), and remote work arrangements (only if residing more than 30 miles from Des Moines, IA, or Charlotte, NC). Youll work with your leader to figure out which option may align best based on several factors.Work Authorization/Sponsorship
At this time, we're not considering applicants that need any type of immigration sponsorship (additional work authorization or permanent work authorization) now or in the future to work in the United States. This includes, but IS NOT LIMITED TO: F1-OPT, F1-CPT, H-1B, TN, L-1, J-1, etc. For additional information around work authorization needs please use the following links.Nonimmigrant Workers and Green Card for Employment-Based ImmigrantsInvestment Code of Ethics
For Principal Asset Management positions, youll need to follow an Investment Code of Ethics related to personal and business conduct as well as personal trading activities for you and members of your household. These same requirements may also apply to other positions across the organization.Experience Principal
At Principal, we value connecting on both a personal and professional level. Together, were imagining a more purpose-led future for financial services and that starts with you. Our success depends on the unique experiences, backgrounds, and talents of our employees. And we support our employees the same way we support our customers: with comprehensive, competitive benefit offerings crafted to protect their physical, financial, and social well-being. Check out our careers site to learn more about our purpose, values and benefits.Principal is an Equal Opportunity Employer
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.Posting Window:We will accept applications for 3 full days following the Original Posting Date, after which the posting may remain open or be removed based upon applications received. If we choose to post the job again, we will accept additional applications for at least 1 full day following the Most Recently Posted Date. Please submit applications in a timely manner as there is no guarantee the posting will be available beyond the applicable deadline.
Date First Posted (TTF):9/3/2024
Latest Post Date: Careers - US:9/3/2024
LinkedIn Remote Hashtag:#LI-Remote
LinkedIn Hashtag:#LI-EW1
We are looking for an Information Security Engineer III to support the Application Security Team products across Principal Financial Group. The engineer role will work with development teams, enterprise SDLC teams and architects to design secure cloud and hybrid preventative secure software controls. Solutions such as scanning and monitoring tools automation as well as understanding the balance between business impact, cost and risk when implementing security controls. This role will also mentor others in developing secure solutions!Develop secure solutions working with new technology and assist in the development of security blueprints and patterns by applying best practice concepts.Represent security while engaging with other technical teams and leaders throughout the organization in design and implementation of secure solutions.Lead initiatives designed to share knowledge across security and technology teams.Research and maintain proficiency in tools, techniques, countermeasures, trends in vulnerabilities, and other security topics.Consult on Building Security In:
Preventative Pipeline Controls Design and implementation of security gates for application security.Code Standards Reviews Participate in code reviews offering security related feedback.Risk Based Security Tests Design test requirements and evaluate results with application owners.Abuse Cases Explain common attacks and attackers viewpoint.Operating at the intersection of financial services and technology, Principal builds financial tools that help our customers live better lives. We take pride in being a purpose-led firm, motivated by our mission to make financial security accessible to all. Our mission, integrity, and customer focus have made us a trusted leader for more than 140 years.As Principal continues to modernize its systems, this role will offer you an exciting opportunity to build solutions that will directly impact our long-term strategy and tech stack, all while ensuring that our products are robust, scalable, and secure!Who You Are:Associate's or bachelor's degree (preference in a computer science, technology, engineering or math-related field) or equivalent and 3+ years work experience.Cloud experienced preferred.Basic knowledge of insurance and financial services products preferred.Proficiency with database applications, knowledge of mainframe, distributed and/or web programming language.Basic leadership and presentation skills required.Excellent time management skills preferred.Must be able to maintain a high degree of accuracy and confidentiality.Must have the desire and ability to learn new technology and continuously grow.Ability to work on cross-functional teams and collaborate with both IT and non-IT partners.Some travel may be required, including overnight stays.May be required to provide on-call support.Excellent interpersonal and communication skills required to partner with other teams across Benefits and Protection to find opportunities, understand threats, develop and deliver solutions that support business strategies.Skills That Will Help You Stand Out
CISSP CertificationUnderstanding of cyber security concepts and the ability to design and implement appropriate solutions.Experience with the broad set of technologies that are incorporated into full stack security solutions including platforms, databases, web servers, applications, networks, etc.Hands on experience with Python or other scripting tools as well as AWS.Experience in identity federation and with multi-factor authentication technologies in a hybrid enterprise environment with SaaS, PaaS, IaaS and on-premises IT assets.Experience with identity and access management (IAM), account provisioning, virtual directory, role-based and attribute-based access control etc.Experience in applying policies and procedure in crafting security controls.Strong familiarity with NIST CSF, NIST 800-53, OWASP Top 10, and OWASP ASVS.
Salary Range Information:Salary ranges below reflect targeted base salaries. Non-sales positions have the opportunity to participate in a bonus program. Sales positions are eligible for sales incentives, and in some instances a bonus plan, whereby total compensation may far exceed base salary depending on individual performance. Actual compensation for all roles will be based upon geographic location, work experience, education, licensure requirements and/or skill level and will be finalized at the time of offer.
Salary Range:$95200 - $182400 / year
Time Off Program:Flexible Time Off (FTO) is provided to salaried (exempt) employees and provides the opportunity to take time away from the office with pay for vacation, personal or short-term illness. Employees dont accrue a bank of time off under FTO and there is no set number of days provided.
Pension Eligible:Yes
Additional Information:Our Engineering Culture
Through our product-driven Agile/Lean DevOps environment, weve fostered a culture of innovation and experimentation across our development teams. As a customer-focused organization, we work closely with our end users and product owners to understand and rapidly respond to emerging business needs.Collaboration is embedded into everything we do from the products we develop to the quality service we provide. Were driven by the belief that diversity of thought, background, and perspective is critical to creating the best products and experiences for our customers.Work Environments
This role offers in-office, hybrid (blending at least three office days in a typical workweek), and remote work arrangements (only if residing more than 30 miles from Des Moines, IA, or Charlotte, NC). Youll work with your leader to figure out which option may align best based on several factors.Work Authorization/Sponsorship
At this time, we're not considering applicants that need any type of immigration sponsorship (additional work authorization or permanent work authorization) now or in the future to work in the United States. This includes, but IS NOT LIMITED TO: F1-OPT, F1-CPT, H-1B, TN, L-1, J-1, etc. For additional information around work authorization needs please use the following links.Nonimmigrant Workers and Green Card for Employment-Based ImmigrantsInvestment Code of Ethics
For Principal Asset Management positions, youll need to follow an Investment Code of Ethics related to personal and business conduct as well as personal trading activities for you and members of your household. These same requirements may also apply to other positions across the organization.Experience Principal
At Principal, we value connecting on both a personal and professional level. Together, were imagining a more purpose-led future for financial services and that starts with you. Our success depends on the unique experiences, backgrounds, and talents of our employees. And we support our employees the same way we support our customers: with comprehensive, competitive benefit offerings crafted to protect their physical, financial, and social well-being. Check out our careers site to learn more about our purpose, values and benefits.Principal is an Equal Opportunity Employer
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.Posting Window:We will accept applications for 3 full days following the Original Posting Date, after which the posting may remain open or be removed based upon applications received. If we choose to post the job again, we will accept additional applications for at least 1 full day following the Most Recently Posted Date. Please submit applications in a timely manner as there is no guarantee the posting will be available beyond the applicable deadline.
Date First Posted (TTF):9/3/2024
Latest Post Date: Careers - US:9/3/2024
LinkedIn Remote Hashtag:#LI-Remote
LinkedIn Hashtag:#LI-EW1