At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.
At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.
Remote role available.
What's the role?
As a Senior DevSecOps Engineer, your job is to partner with our engineers and business organizations to assist them with secure software development life cycle (SSDLC). This includes helping navigate through the multifaceted risk and cyber security assessment processes, prioritization and establishment of plans to address findings, generating threat models, mitigating security vulnerabilities, hands-on mentoring and treatment of risks in different stages of the development lifecycle. If also includes creating automation to improve the process, streamline pipeline changes and improve overall developer happiness.
Your role will be that of an embedded team member focused on Managed Investments, Banking, Treasury and Money Movement application portfolio. You will be part of the Risk Engineering Guild, a team that works to improve our SSDLC and shares improvement ideas and works together to keep our policyholders data safe. They will help you learn and navigate the processes and tools that Northwestern Mutual uses as well as support you in your career growth!
Your mission is to enable developer productivity in support of business objectives by: • Assisting development teams to apply secure automation patterns and encourage Secure Software Development Lifecycle (SSDLC) best practices • Creating patterns of automation for CI/CD, infrastructure deployment, maintenance, monitoring, security and compliance using industry and enterprise best practices. • Continuously improve and secure our application patterns and workflow by collecting and responding to feedback and key risk / vulnerability metrics.
• Find ways to help our developers achieve authorization to operate as part of our security engineering assessments
• Remediate security findings and find ways to prevent them from happening again
• Address vulnerabilities found by our security tools
• Proactively learn emerging platforms and related technology and security best practices • Solve complex technical issues and enable/teach peers to be self sufficient • Provide thought leadership throughout the local work division
Bachelor's Degree or equivalent experience
4-5 years • 4 years of professional IT experience • 4 years experience with at least one OS/hosting platform (i.e. Linux, Windows, AWS, Kube) • 2 years experience with integration of n-tier applications (i.e. DNS, HTTP, SSL, Encryption, Authentication) • 2 years experience with CI/CD concepts and tools (i.e. GitLab, testing concepts, change management, blue/green, infrastructure as code) • 2 years experience with infrastructure automation tools or coding/scripting (i.e. ansible, terraform, python, JavaScript, PowerShell) • Creative problem solving skills
#LI-POST
This job is not covered by the existing Collective Bargaining Agreement.
Required Certifications:
Grow your career with a best-in-class company that puts our client's interests at the center of all we do. Get started now!
We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.