Application Security Engineer

Principal Financial Group Inc   •  

Omaha, NE

Industry: Accounting, Finance & Insurance


8 - 10 years

Posted 48 days ago


U.S. Insurance Solutions (USIS) is building a security team! We have an immediate need for an Information Security Risk Engineer.

The engineer role will work with development teams and architects to design secure cloud and hybrid solutions. We are looking to hire an engineer who understands the balance between business impact, cost and risk when implementing security controls. The person should possess deep security technical knowledge and can mentor others in developing secure solutions. Participates in cybersecurityevents related to a broad variety of information technology systems, networks, and digital evidence.

We would like this position to sit in our Des Moines, IA office


  • Stay abreast of security best practices in the industry by continually increasing security knowledge, which includes legislative laws as it relates to security issues.
  • Design and develop securityarchitectures for cloud and cloud/hybrid based systems. Possess a firm understanding of the offerings and developing secure design patterns within Salesforce, Amazon Web Services (AWS), Google Cloud Platform (GCP) and the Microsoft Azure platforms with appropriate security controls present.
  • Assist teams to develop secure solutions when developing green field systems and/or working with new technology. The engineer should be able to assist in the development of securityblueprints and patterns by applying best practice concepts to new areas of interest and opportunities in USIS.
  • Maintain expertise on the Secure Software Touchpoints and Knowledge Catalogs.
  • Touchpoint specific interactions may include:
  • Architecture Risk Analysis– Consult on technical or complex security concepts
  • Code Reviews – Participate in code reviews offering security related feedback
  • Risk Based Security Tests – Design test requirements and evaluate results with application owners
  • Abuse Cases – Explain common attacks and attacker’s viewpoint
  • Security Requirements – Consult on technical or complex security concepts
  • Mentor and coach team members to build their security acumen.
  • Analyze business impact and exposure based on emerging securitythreats, vulnerabilities, risks and help to adjust overall security strategy accordingly.
  • Represent security while engaging with other technical teams and leaders throughout organization in design and implementation of secure solutions.
  • Works with engineering, infrastructure services and application development organizations to choose appropriate technology solutions and facilitates complete integration into the company environments.
  • Leads initiatives designed to share knowledge across security and technology teams.
  • Research and maintain proficiency in tools, techniques, countermeasures, trends in vulnerabilities, and other security topics.


  • Associate's or Bachelor's degree in a science, technology, engineering, or math related field or equivalent work experience (6 years of experience equates to an Associate’s degree when defining “equivalent work experience”)
  • 8+ years of IT experience
  • 3+ years of relevant security consulting or industry experience

Additional preferred technical experience:

  • CISSP desired but not required.
  • Understanding of cybersecurity concepts and the ability to design and execute appropriate solutions.
  • Experience with the broad set of technologies that are incorporate into full stack security solutions including platforms, databases, web servers, applications, networks, etc.
  • Experience in identity federation and with multi-factor authentication technologies in a hybrid enterprise environment with SaaS, PaaS, IaaS and on-premises IT assets.
  • Experience with identity and access management (IAM), account provisioning, virtual directory, role-based and attribute-based access control etc.,
  • Experience in applying policies and procedure in designing security controls.
  • Strong familiarity with NIST CSF, NIST 800-53, OWASP Top 10, and OWASP ASVS.

Keys to success in this position:

USIS is looking for an engineer who is results oriented, multi-disciplined, and experienced in designing and reviewing security solutions for critical business applications. The successful candidate possesses the excellent interpersonal and communication skills required to partner with other teams across USIS to identify opportunities, understand threats, develop and deliver solutions that support business strategies.