Security Engineer

MetLife, Inc. (NYSE: MET), through its subsidiaries and affiliates (“MetLife”), is one of the largest life insurance companies in the world. Founded in 1868, MetLife is a global provider of life insurance, annuities, employee benefits and asset management. Serving approximately 100 million customers, MetLife has operations in nearly 50 countries and holds leading market positions in the United States, Japan, Latin America, Asia, Europe and the Middle East.

The Security Engineer is responsible for executing the enterprise wide strategy to identify, develop, and implement technical security solutions to enhance MetLife’s control environment. This hands-on position requires a subject matter expert (SME) with strong collaboration skills to work with cross functional teams to ensure the design of technology solutions complies with MetLife’s information security policies, and regulatory obligations.

The Security Engineer must have the ability to identify, document, and recommend security safeguards and configurations in a highly complex environment with a demonstrated ability to recognize, and appropriately incorporate layered security safeguards within the network, application, and data layers from a defender’s perspective. * Identify, develop, and implement technical security solutions to enhance MetLife’s control environment. Work effectively with other Information Security teams and outsourcing providers to ensure technology security solutions are in alignment with organizational strategic requirements. Document and transition operational responsibilities to the Security Operations team. * Create and publish security configuration checklists (e.g., hardening or lockdown guides) for technology platforms and solutions (e.g., operating systems, databases, firewalls, etc.). * Provide security consulting services internally to the engineering organization by giving guidance and functioning as an information security SME.

The Security Engineer must be an adaptable, pragmatic, and positive professional, who is comfortable in delivering clear and concise information at both a technical and managerial level. **Required Experience** * 2+ years of experience in one or more of the following information security domains: access management, cryptography, data loss prevention (DLP), emerging technologies (i.e., cloud, mobile, etc.), endpoint security, incident response, malware analysis and protection, network and perimeter security, or web and mobile application security. * 2+ years IT Security Engineering experience working in an enterprise infrastructure or security architecture environment. * 2+ years of experience architecting and deploying Security Information and Event Management (SIEM) security solutions. * 1+ year(s) experience of various industry security standards and frameworks including: ISO 27001, ISF Standard of Good Practice (SoGP), NIST Special Publications, etc. **Preferred Experience** * Bachelor’s degree in Computer Science, Information Systems, or related field. 5+ years of equivalent work experience required in lieu of degree is acceptable. * Knowledge of modern enterprise and security architectures, their challenges, common approaches to overcome their challenges, and their inherent security strengths and weaknesses. * Professional certifications such as: CISSP, CISA, CISM, GIAC, CGEIT, CRISC, CEH, or other relevant industry certification strongly preferred.