Security Engineering Specialist
At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.
What's the role?
As a Security Engineering Specialist, partner with both the Business and Engineering organizations to assist them with information protection, cybersecurity, and privacy related risks. This includes helping them navigate through the various risk and cybersecurity assessment processes, prioritize and establish plans to address findings, generate threat models, mitigate security vulnerabilities and participate in risk treatment conversations in various stages of the development lifecycle.
Under the direction of a Security Engineering Lead, your general landmarks will be the following:
- Within the first one (1) month, jump head-first into getting to know the business and engineering teams with the goal of understanding what their business priorities are, how they work and function as a team to best integrate security tasks and identify the applications / systems they handle and support.
- Within two (2) months, you will understand the highest risk applications in their space, status of the application's Authorization to Operate, when the last penetration testing assessment was completed, and have a comprehensive list of outstanding findings, security vulnerabilities and other risk management concerns.
- Within four (4) months, gain a foundational understanding of the various risk management processes, how to engage in them and what documentation is required to complete them. By now, you will have a plan for learning and development to be fully engaged in those processes and helping teams finish vital activities.
- Within six (6) months obtain a high-level understanding the entire space from an information protection and cybersecurity perspective and be a point person if the area has questions or concerns. Engage early in the process when new efforts (large development changes or vendor evaluations) are underway and participate in information protection and cybersecurity efforts through completion working with a mentor or lead.
- Within twelve (12) months, demonstrate sustainability of assessments, findings, vulnerabilities through various dashboards and metrics. Be familiar with and how to use control patterns to handle risks in a consistent and repeatable manner. Review additional application security learning needs, such as code reviews, application and infrastructure vulnerabilities and securing CI/CD pipelines. Develop a plan to achieve desired risk and security certifications.
Our tech stack:
- Amazon Web Services (AWS) Cloud
- Microservice / Micro-architectures
- Experience with automation tools or coding/scripting (i.e. Ansible, Terraform, Python, Java/JavaScript, PowerShell)
- Architecture Diagrams / Data Flow Diagrams / Threat Models
- Application Security - SAST, DAST, Continuous Delivery / Continuous Integrations
- Risk Management (Identity and Access, Data Encryption, Incident Response, Logging and Monitoring, Vulnerability Management)
- Familiarity with NIST, OWASP, security maturity frameworks (i.e. OpenSAMM, BSIMM), secure software development lifecycle, cybersecurity regulations, GRC tools
Bring Your Best! What this role needs:
In this mid-level role, bring a strong appreciation and skill in partnering with leaders as well as developers, ability to understand, follow risk management processes, practices and documentation needs, ability to balance risk issues with business priorities to drive mutually agreeable timelines for remediation, a basic technical understanding of cloud, application security tools and application vulnerabilities. Desire and commitment to achieve risk and security certifications within the first two years of hire that may include (CRISC, CCSP, CISSP, CEH, or equivalent). 1-3 years of experience preferred.
Benefits:
- Whip-smart team that is very friendly and always willing to lend a hand
- Tons of room for career growth, learning and development
- Highly competitive salary
- Amazing Benefits
#LI-POST
This job is not covered by the existing Collective Bargaining Agreement.
Required Certifications:
Grow your career with a best-in-class company that puts our client's interests at the center of all we do. Get started now!
We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.
If you work or would be working in Colorado or outside of a Corporate location, please click here for information pertaining to compensation and benefits.