Role Value Proposition:
The Principal Security Engineer is responsible for executing the enterprise wide strategy to identify, develop, and implement technical security solutions to enhance MetLife’s control environment. This hands-on position requires a subject matter expert (SME) with strong collaboration skills to work with cross functional and global teams to ensure the design of technology solutions complies with MetLife’s information security policies and regulatory obligations.
- The Principal Security Engineer must have the ability to identify, document, and recommend security safeguards and configurations in a highly complex environment with a demonstrated ability to recognize, and appropriately incorporate layered security safeguards within the network, application, and data layers from both an offensive and defender’s perspective.
- The Principal Security Engineer must be an adaptable, pragmatic, and positive professional, who is comfortable in delivering clear and concise information at both a technical and managerial level.
- Assess technological business initiatives to identify the threat landscape and security requirements, create technical documentation and solution overviews, and provide guidance on risk mitigation strategies for identified threats and vulnerabilities. Work effectively with other Information Security teams and outsourcing providers to ensure technology security solutions are in alignment with organizational strategic requirements.
- Create and publish security technology white papers or position papers and create security configuration checklists (e.g., hardening or lockdown guides) for technology platforms and solutions (e.g., operating systems, databases, firewalls, etc.).
- Operate as a security ambassador to the larger organization by keeping management team and relative peers informed of the latest security trends and threats, driving the security technology pipeline and strategy for the team, and presenting internally and externally on security technologies and solutions.
- Provide security consulting services internally to the engineering organization by giving guidance and functioning as an information security SME.
- Act in a mentoring or coaching capacity for team members and further technical skills through certifications and continual self-learning
Essential Business Experience and Technical Skills:
- 10+ years of experience in one or more of the following information security domains: identity and access management, cryptography, data loss prevention (DLP), cloud, enterprise mobile security, endpoint security, incident response, network and perimeter security, or web and mobile application security.
- 10+ years IT Security Engineering, Architecture, or Operations experience working in an enterprise infrastructure environment.
- 5+ years of experience security solution engineering or security architecture
- Must possess working knowledge of various industry security standards and frameworks including: PCI DSS, ISO 27001, ISF Standard of Good Practice (SoGP), NIST Special Publications, etc.
- Teamwork and communication skills, both written and verbal.
- Bachelor’s degree in Computer Science, Information Systems, or related field; 15+ years of equivalent work experience required in lieu of BA/BS degree is acceptable.
- Knowledge of modern enterprise and security architectures, their challenges, common approaches to overcome their challenges, and their inherent security strengths and weaknesses.
- Experience implementing and assessing risks using Threat Modeling frameworks such as STRIDE, DREAD, or Cyber Kill Chain
- Professional certifications such as: CISSP, CISA, CISM, GIAC, CGEIT, CRISC, CEH, or other relevant industry certification strongly preferred.
Requisition #: 41963