DevSecOps Engineer
Vacancy expired!
At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference. What's the Role?We are looking for enthusiastic technologists who want to grow their career in DevSecOps - Application Security. In this position, you will work with multi-functional teams while leveraging a set of diverse technologies and an automation first approach to strive towards improving the efficiency and effectiveness of our DevSecOps program with a focus on Application Security.In this role, the candidate can expect to:
- Engineer solutions with a focus on automation to reduce manual/repetitive tasks
- Guide and advise application and engineering teams in the area of Application Security
- Operationally support DevSecOps capabilities integrated into our software development lifecycle including SAST, DAST, SCA, RASP, CSPM, and infrastructure vulnerability scanners
- Assist with technical support of DevSecOps capabilities and respond to service and escalation tickets within service-level agreements
- Actively monitor, assess and recommend tactical and pivotal initiatives based on new and emerging threats posing risk to our environments
- Stay apprised of current and proposed security changes impacting regulatory, privacy and security industry standard methodologies
- Assist in remediation efforts after security assessment findings outline weaknesses requiring attention
- Passionate about security
- A standout colleague and enjoy collaborating with cross-functional teams
- A great communicator (written and verbal) with an ability to articulate complex topics in a clear and concise manner
- Employs a flexible and constructive approach when solving problems
- Continuously looking for opportunities to improve our processes and capabilities
- Proficient with development and scripting languages, Python preferred
- Knowledgeable of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS)
- Experience working with application and engineering teams
- Comfortable peer-reviewing code, educating on AppSec vulnerabilities (OWASP), and providing remediation guidance
- A self-directed individual contributor
- Bachelor's degree, Associate's degree or equivalent experience with an emphasis in Cybersecurity, Computer Science, Computer Engineering, Software Engineering, MIS or related field
- 1-3+ years' experience in application security or cybersecurity practitioner
- Knowledgeable about secure architecture, engineering and design principles
- Experience conducting security tests (static and dynamic code analysis, software composition analysis, or penetration tests)
- Knowledge of common application and cloud security tools, such as Burp, Zap, Checkmarx, InsightCloudSec (DivvyCloud), PrismaCloud, InsightAppsec, InsightCloudsec, Jfrog Xray
- Experience with CICD pipelines to automate application and infrastructure code deployments
- Experience with workload orchestration platforms such as Kubernetes
- Relevant certifications from GIAC, ISC(2) and other recognized cybersecurity industry organizations
- Collaborative team first environment
- Tons of room for career growth.
- We offer highly competitive compensation, including annual bonus opportunities
- Medical/Dental/Vision plans, 401(k), pension program
- We provide tuition reimbursement, commuter plans, and paid time off
- We provide extensive Professional Training Opportunities
- We offer an excellent Work/Life Balance
- Hackathons/Dedication to Innovation