Principal Financial Group Information Security Engineer - #221812 in Des Moines, Iowa
Job Area: ITBusiness Area: Individual LifeLocation: IA - Des MoinesCareer Category: Experienced ProfessionalFull/Part Time: Full-TimeRegular/Temporary: RegularDate Posted: 2018-05-15
U.S. Insurance Solutions (USIS) is building a security team! Principal is looking for an Information Security Risk Engineer. This role offers an opportunity to join a security program protecting insurance customers.
The engineer understands the balance between business impact, cost and risk when implementing security controls. Recognized for broad and deep security technical knowledge. Routinely mentors others in developing secure solutions. Will review and evaluate cybersecurity information to determine its relevance to the Business Unit and responds accordingly. Participates in cybersecurity events related to a broad variety of information technology systems, networks, and digital evidence. Responsibilities:
Stay abreast of security best practices in the industry by continually increasing security knowledge, which includes legislative laws as it relates to security issues.
Design and develop security architectures for cloud and cloud/hybrid based systems. Possess a firm understanding of the offerings and developing secure design patterns within Salesforce, Amazon Web Services (AWS), Google Cloud Platform (GCP) and the Microsoft Azure platforms with appropriate security controls present.
Assist teams to develop secure solutions when developing green field systems and/or working with new technology. The engineer should be able to assist in the development of security blueprints and patterns by applying best practice concepts to new areas of interest and opportunities in USIS.
Maintain expertise on the Secure Software Touchpoints and Knowledge Catalogs.
Touchpoint specific interactions may include:
Architecture Risk Analysis (ARAR) – Consult on technical or complex security concepts
Application Vulnerability Testing (AVA) – Explain vulnerabilities / mitigations techniques
Static Code Analysis (SCA) – Explain vulnerabilities / mitigations techniques
Code Reviews – Participate in code reviews offering security related feedback
Risk Based Security Tests – Explain common attacks and attacker’s viewpoint
Abuse Cases – Consult on technical or complex security concepts; explain common attacks and attacker’s viewpoint
Security Requirements – Consult on technical or complex security concepts
Security Operations – Participate in dialogs to gain operation’s / provide application’s security perspectives
Mentor and coach team members to build their security acumen.
Analyze business impact and exposure based on emerging security threats, vulnerabilities, risks and help to adjust overall security strategy accordingly.
Represent security while engaging with other technical teams and leaders throughout organization in design and implementation of secure solutions.
Works with engineering, infrastructure services and application development organizations to choose appropriate technology solutions and facilitates complete integration into the company environments.
Leads initiatives designed to share knowledge across security and technology teams.
Research and maintain proficiency in tools, techniques, countermeasures, trends in vulnerabilities, and other security topics.
Associate's or Bachelor's degree in a science, technology, engineering, or math related field or equivalent work experience (6 years of experience equates to an Associate’s degree when defining “equivalent work experience”)
8+ years of IT experience
3+ years of relevant security consulting or industry experience
Additional preferred technical experience:
CISSP desired but not required
Understanding of cyber security concepts and the ability to design and execute appropriate solutions
Experience with the broad set of technologies that are incorporate into full stack security solutions including platforms, databases, web servers, applications, networks, etc.
Experience in identity federation and with multi-factor authentication technologies in a hybrid enterprise environment with SaaS, PaaS, IaaS and on-premises IT assets
Experience with identity and access management (IAM), account provisioning, virtual directory, role-based and attribute-based access control etc.
Experience in applying policies and procedure in designing security controls
Strong familiarity with NIST CSF, NIST 800-53, OWASP Top 10, and OWASP ASVS
Keys to success in this position:USIS is looking for an engineer who is results oriented, multi-disciplined, and experienced in designing and reviewing security solutions for critical business applications. The successful candidate possesses the excellent interpersonal and communication skills required to partner with other teams across USIS to identify opportunities, understand threats, develop and deliver solutions that support business strategies.
Click on "Email to a Friend" to notify a friend or family member of this opportunity.
Learn more about our company!
As a member of Principal’s global IT community, you are part of a high-performing culture that promotes employee empowerment, innovation, collaboration, and career development while fostering flexibility between professional and personal responsibilities. The work you do while partnering closely with the business puts our customers’ needs first by shaping the financial security of millions of lives across the globe!
Principal was #18 on Computerworld’s list of 100 Best Places to Work in IT 2017 making it 16 years in a row on the list! Click the link to read all about it.
And, if you have 2 minutes, you'll want to watch this video about our company:
This position is not eligible for sponsorship for work authorization by Principal. Therefore, if you will require sponsorship for work authorization now or in the future, we cannot consider your application at this time.
Willing to consider applicants at multiple job levels.
Principal is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, gender identity, gender expression, pregnancy, national origin, citizenship status, disability, genetic characteristics, sexual orientation, marital status, domestic partner status, military status, protected veteran status, disability status or any other characteristic protected by law.
What’s next? Innovation at its finest. We’ll review your application and if you’re selected for an interview, you’ll receive an invite for an On-Demand Video interview. Haven’t done that before, don’t worry. We’ve got all the tips and tricks available to help you be successful. With an On-Demand Video Interview, you can add your own flair and personality – at your pace. Be sure to check your email frequently. We’ll communicate our decisions through the email address used on your online profile. If you receive an email from Principal Talent Team, you’ve been selected to begin your video interview and have a set time to submit once you log in.