Search Our Career Opportunities

DevSecOps Engineer

Date: Jan 31, 2019

Location: Milwaukee, WI, 53202

At Northwestern Mutual, we believe relationships are built on trust. That our lives and our work matter. These beliefs launched our company nearly 160 years ago. Today, they're just a few of the reasons why people choose to build careers at Northwestern Mutual.

We're strong and growing. In a company with such a long and storied history, this may be the most exciting and important time to be a part of Northwestern Mutual. We're strong, innovative and growing.

We invest in our people. We provide opportunities for employees to grow themselves, their career and in turn, our business.

We care.  We make a positive difference in our communities. Nationally, thousands have benefitted from our support of research and programs to fight childhood cancer. Each year, our Foundation, employees and financial representatives donate time, talent and financial support to causes they're passionate about.


We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.


Role Summary:

The purpose of this role is to (1) Serve as a security engineer with a high level of autonomy to design and deliver enterprise-grade security solutions to create a secure AWS cloud-based posture using AWS, Gitlab-CI, Kubernetes, Docker, Windows, Centos, NodeJS, and Dotnet Core. (2) create an integrated partnership between risk management areas and project teams, (3) embed risk-driven culture and decision making within agile teams and (4) assure that NM is actively identifying and effectively responding to new and evolving risks encountered by the teams at agile speed and scale.


Essential Duties for Role:

  • Work in a “DevSecOps” oriented environment using automated testing, continuous integration, automated infrastructure and monitoring using Gitlab-CI CICD pipelines.
  • Build and implement automated solutions for identified security threats
  • Be willing and able to adapt to new security trends by learning and incorporating new technology into existing systems.
  • Educate team on risks that need to be addressed as part of product design.
  • Facilitate risk profile creation, gather information, and act as a central point of contact to assure that requirements have been implemented properly.
  • Ensure control effectiveness by monitoring risk profiles and implemented controls
  • Provide identify, provide feedback on and implement ways to improve on the risk policies and processes.
  • Identify and document changes to products, services, roles, and architecture in their area.
  • Maintain current asset inventory and product risk profile for products in their area. 
  • Document decisions during design and implementation of processes and controls.


Desired Skills and Experience:

  • Strong sense of ownership and an ability to work through ambiguity
  • Proficient in at least one programming language (Python/Javascript preferred)
  • Experience with Git, Gitlab, etc
  • Create a vision for security and create buy-in for a larger audience at multiple levels within the organization
  • Understand DevOps practices / culture and work cooperatively in a “DevOps” or “DevSecOps” environment.
  • Exhibits “Managerial Courage”, “Act Like an Owner” behaviors.
  • Familiar with OWASP top 10 and mitigation strategies.


Additional Skills a Plus:

  • Able to learn new languages and concepts related to: Kubernetes, Containerization, Docker, Ansible, Terraform
  • Existing Certifications or willingness to obtain AWS Certified Developer/Architect
  • Existing Certifications or willingness to obtain Risk Certifications a plus (CCSP, CSSLP, CRISC, CISSP, Security+)


Req ID: 24688
Position Type: Regular Full Time
Education Experience: Bachelor's Desired
Employment Experience: 3-5 years
FLSA Status: Exempt
Posting Date: 01/31/2019