DevSecOps Engineer - Application Security

At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.

Summary:

Northwestern Mutual is looking for enthusiastic technologists who want to grow their career in DevSecOps – Application Security! In this position, you will work with multi-functional teams while demonstrating a set of diverse technologies and an automation first approach to strive towards improving the efficiency and effectiveness of our DevSecOps program with a focus on Application Security!

Responsibilities:

• Engineer solutions with a focus on automation to reduce manual/repetitive tasks

• Guide and advise application and engineering teams in the area of Application Security

• Operationally support DevSecOps capabilities integrated into our software development lifecycle including SAST, DAST, SCA, RASP, CSPM, and infrastructure vulnerability scanners

• Assist with technical support of DevSecOps capabilities and respond to service and critical issue tickets within service-level agreements

• Actively monitor, assess and recommend tactical and critical initiatives based on new and emerging threats posing risk to our environments

• Stay apprised of current and proposed security changes impacting regulatory, privacy and security industry standard methodologies

• Assist in remediation efforts after security assessment findings outline weaknesses requiring attention

The ideal candidate is:

• Passionate about security

• A standout colleague and enjoy collaborating with multi-functional teams

• A phenomenal communicator (written and verbal) with an ability to articulate complex topics in a clear and concise manner

• Employs a flexible and constructive approach when solving problems

• Continuously looking for opportunities to improve our processes and capabilities

• Proficient with development and scripting languages, Python and JavaScript preferred

• Knowledgeable of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS)

• Experience working with application and engineering teams

• Comfortable peer-reviewing code, educating on appsec vulnerabilities (OWASP), and providing remediation guidance

• A self-directed individual contributor

Experience:

• Bachelor’s degree, Associate's degree or equivalent experience with an emphasis in Cybersecurity, Computer Science, Computer Engineering, Software Engineering, MIS or related field

• 1-3+ years' experience in application security or cybersecurity practitioner

• Knowledgeable about secure architecture, engineering and design principles

• Experience conducting security tests (static and dynamic code analysis, software composition analysis, or penetration tests)

• Knowledge of common application and cloud security tools, such as Burp, Zap, Checkmarx, InsightAppsec, PrismaCloud, InsightAppsec, InsightCloudsec, Jfrog Xray

• Experience with CICD pipelines to automate application and infrastructure code deployments

• Experience with workload orchestration platforms such as Kubernetes

• Relevant certifications from GIAC, ISC(2) and other recognized cybersecurity industry organizations

#LI-Post

Grow your career with a best-in-class company that puts our client’s interests at the center of all we do. Get started now!

W e are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.

If you work or would be working in Colorado or outside of a Corporate location, please click here for information pertaining to compensation and benefits.