Application Security Tester

Northwestern Mutual?has been helping families and businesses achieve financial security for 160 years. Through a distinctive, whole-picture planning approach including both insurance and investments, we empower people to be financially confident. We combine the expertise of our financial professionals with a personalized digital experience and leading-edge technology to best serve our clients.

This position works with the Cyber Threat Management (CTM) Team to lead with the expansion of web and mobile application security testing capabilities and services in support of Northwestern Mutual’s Information Risk Management Program.

* This opening will focus on security assessments penetration tests of web and mobile applications, as well as overall network security. * Engagements will be executed using a variety of tools, techniques and procedures including manual penetration testing, static code scanning, dynamic application scans and/or infrastructure scans for systems developed and hosted by Northwestern Mutual.

- Bachelor’s degree with an emphasis in Computer Science, Computer Engineering, Software Engineering, MIS or related field - 3-10 years of hands-on experience with web/mobile application and/or network penetration testing. - Strong understanding of web application design principles in the areas of coding, infrastructure, middleware, etc. - Firm understanding of applicable frameworks including “OWASP Top Ten” and NIST - Firm understanding of (or experience with) analyzing network security and traffic, the OSI Model, firewalls, routers, and switches - Demonstrated ability to lead, coach and mentor other staff members - Strong ability to independently identify and resolve critical and complex issues through effective problem solving skills - Strong ability to maintain and strengthen relationships; ability to effectively influence and negotiate with internal and external partners - Proven organizational savvy with demonstrated tact and diplomacy - Strong written and verbal communication skills with the ability to interpret and fully explain the programming impact of vulnerabilities as well as any recommended remediation **Other Preferred Skills:** - One or more certifications in penetration testing and/or ethical hacking (e.g., GWAPT, GWEB, OSCP, OSWE, GMOB, GAWN, CEH, etc.) - Experience with infrastructure/network penetration testing - Software development experience - Experience with the following security assessment suites: Burp Suite, IBM AppScan, HP Fortify, and QualysGuard - Experience with one or more scripting/programming languages such as Python, Ruby, PowerShell, Bash, Perl, etc.