Career Center

Summary:

Northwestern Mutual is looking for enthusiastic technologists who want to grow their career in DevSecOps - Application Security! In this position, you will work with multi-functional teams while demonstrating a set of diverse technologies and an automation first approach to strive towards improving the efficiency and effectiveness of our DevSecOps program with a focus on Application Security!

Responsibilities:

• Engineer solutions with a focus on automation to reduce manual and repetitive tasks

• Guide and advise application and engineering teams in the area of Application Security

• Lead day-to-day support of DevSecOps capabilities integrated into our software development lifecycle including SAST, DAST, SCA, RASP, CSPM, and infrastructure vulnerability scanners

• Lead technical support of DevSecOps capabilities and respond to service and critical issue tickets within service-level agreements

• Design, implement, and maintain procedures, processes, and methodologies that support DevSecOps capabilities

• Actively monitor, assess and recommend tactical and critical initiatives based on new and emerging threats posing risk to our company

• Stay apprised of current and proposed security changes impacting regulatory, privacy and security industry standard methodologies

• Handle remediation efforts after security assessment findings outline weaknesses requiring attention

• Mentor other staff members to ensure consistency, quality and efficiency of deliverables

The ideal candidate is:

• Passionate about security

• A great teammate and enjoy collaborating with cross-functional teams

• A great communicator (written and verbal) with an ability to articulate complex topics in a clear and concise manner

• Employs a flexible and constructive approach when solving problems

• Experience conducting security testing using automated and/or manual tools and techniques (static and dynamic code analysis, software composition analysis, or manual penetration tests)

• Proficient with development and scripting languages, JavaScript (Node.JS/React), Java, and Python preferred

• Proficient with network and web related protocols (such as, TCP/IP, SSL/TLS, HTTP, WebSockets)

• Proficient and experience with common security libraries, security controls, and common security flaws

• Continuously looking for opportunities to improve our processes and capabilities

• Experienced working with application and engineering teams

• Comfortable peer-reviewing code, educating on application vulnerabilities (OWASP), and providing remediation guidance

• Self-directed individual contributor

Experience:

• Bachelor's or equivalent experience with an emphasis in computer science, computer engineering, software engineering, MIS related field

• 2-5+ years' experience in development, infrastructure, or cybersecurity

• Familiarity with cloud security controls and standard methodologies

• Understanding of applicable risk management frameworks from NIST, Cloud Security Alliance, and OWASP

• Knowledge of enterprise application and cloud security testing tools, such as Burp, Checkmarx, InsightAppsec, PrismaCloud, InsightAppsec, InsightCloudsec, Jfrog Xray

• Experience with CICD pipelines to automate application and infrastructure code deployments

• Experience with workload orchestration platforms such as Kubernetes

• Understanding of a wide-range of cybersecurity capabilities including security engineering, identify & access management, incident response, logging & monitoring, penetration testing, and vulnerability management

• Relevant certifications from GIAC, ISC(2) and other recognized cybersecurity industry organizations

#LI-Post

W e are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.

If you work or would be working in Colorado or outside of a Corporate location, please click here for information pertaining to compensation and benefits.

We're excited about the potential people bring to Northwestern Mutual. You can grow your career here while enjoying first-class perks, benefits, and commitment to diversity and inclusion.