Search Our Career Opportunities

DevSecOps Security Engineer

Date: Jan 10, 2019

Location: Milwaukee, WI, 53202

At Northwestern Mutual, we believe relationships are built on trust. That our lives and our work matter. These beliefs launched our company nearly 160 years ago. Today, they're just a few of the reasons why people choose to build careers at Northwestern Mutual.

We're strong and growing. In a company with such a long and storied history, this may be the most exciting and important time to be a part of Northwestern Mutual. We're strong, innovative and growing.

We invest in our people. We provide opportunities for employees to grow themselves, their career and in turn, our business.

We care.  We make a positive difference in our communities. Nationally, thousands have benefitted from our support of research and programs to fight childhood cancer. Each year, our Foundation, employees and financial representatives donate time, talent and financial support to causes they're passionate about.

 

We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.

 

Purpose:

The purpose of this role is to (1) Serve as a security engineer with a high level of autonomy to design and deliver enterprise-grade security solutions to create a secure AWS cloud-based posture in DevSecOps architectures using Gitlab-CI, Kubernetes, Docker, etc. (2) create an integrated partnership between risk management areas and project teams, (3) embed risk-driven culture and decision making within agile teams and (4) assure that NM is actively identifying and effectively responding to new and evolving risks encountered by the teams at agile speed and scale.

 

Role Summary:

The DevSecOps Security Engineer role is designed to be a highly autonomous development role as well as a liaison with the various risk partners at Northwestern Mutual. In addition to performing their standard duties, this role ensures the business is aware of risk encountered by their area, the impact it has on their area or the organization and is responsible for driving or implementing the necessary work to appropriately address the risk (avoidance, acceptance, remediation, mitigation). Overall this role is entrusted to drive risk-aware design.

 

Essential Duties for Role:

  • Work in a “DevSecOps” oriented environment including automated testing, continuous integration, automated infrastructure and monitoring, in a “GitOps” methodology.
  • Be able to develop and implement technology driven solutions for identified security threats to “automate all the things” related to security.
  • Be willing and able to adapt to new security trends by learning and incorporating cutting-edge technology into existing systems.
  • Act as liaison for all risk partners to assure compliance with company standards.
  • Coordinate activities between product team(s) and risk and security partners.
  • Educate team on risks that need to be addressed as part of product design.
  • Work closely with risk partners to implement appropriate processes and controls to align with documented policies.
  • Document decisions during design and implementation of processes and controls.
  • Facilitate risk profile creation, gather information, and act as a central point of contact to assure that requirements have been implemented properly.
  • Manage findings for product team(s) in their area, according to the findings workflow process
  • Facilitate risk escalations.
  • Review and monitor risk profiles and implemented controls after Production deployment to assure control effectiveness.
  • Work with ASRC mentor to facilitate the “Authorization to Operate” annual recertification process.
  • Participate in education opportunities such as monthly alignment sessions, self-education, etc.
  • Provide feedback on the risk policies and processes.
  • Identify and document changes to products, services, roles, and architecture in their area.
  • Maintain current asset inventory and product risk profile for products in their area. 

     

Desired Skills and Experience:

  • Knowledge of the following – Gitlab-CI, Bash, Python, JavaScript, PowerShell, Ansible, Terraform, Kubernetes, Containerization, Docker.
  • Ability to learn new languages or certifications within a specified period.
  • Create a vision for security and enable buy-in for a larger audience at multiple levels within the organization.
  • Understand DevOps practices / culture and work cooperatively in a “DevOps” or “DevSecOps” environment.
  • Subject matter expert in their area of business
  • Exhibits “Managerial Courage”, “Act Like an Owner” behaviors.
  • Passion to assure risk decisions are disciplined and transparent
  • Acts with integrity and trustworthiness
  • Ability to learn in a specified period.
  • Effective verbal and written communication skills
  • Knowledge of Risk Management Frameworks utilized at Northwestern Mutual
  • Experience working in Archer
  • AWS Certified Developer/Architect – Associate/Professional, CCSP, CEH, CISSP, CRISC, other Risk Management certifications)
  • Risk Certifications a plus (CCSP, CSSLP, CRISC, CISSP, Security+)
  • Familiar with OWASP top 10 and mitigation strategies.

 

Req ID: 24560
Position Type: Regular Full Time
Education Experience: Bachelor's Required
Employment Experience: 3-5 years
Licenses/Certifications:
FLSA Status: Exempt
Posting Date: 01/10/2019