Job Description
Job Description
Description
We deliver our customers peace of mind every day by helping them protect what they value most. Our passion for placing the customer at the center of everything we do is driving a transformational shift at Liberty Mutual. Operating as a tech startup within a Fortune 100 company, we are leading a digital disruption that will redefine how people experience insurance. The Liberty Mutual Global Cybersecurity (GCS) BISO organization is seeking a Cybersecurity Solutions Engineer focused on proactively identifying, consulting and managing cybersecurity risks aligned to support our Global Digital Services (GDS) organization. As a modern infrastructure and operations organization, GDS leads and enables Liberty's technology direction, supporting business needs to operate remotely and collaborate globally. They are responsible for core enterprise infrastructure systems and emphasize process efficiency, automation, resiliency and platform standardization at global scale.
As a Cybersecurity Solutions Engineer team member within our Business Information Security Office (BISO), your role acts as a bi-directional partner to GDS creating alignment between GDS objectives and the enterprise cybersecurity strategy. The Cybersecurity Solution Engineer ensures business decisions adhere to corporate cybersecurity policies, standards and are implemented with security top of mind, while being mindful to the practicalities of speed, agility, and business results. Based on GDS strategic security needs, the Cybersecurity Solution Engineer will be a key partner in the creation of solutions to remediate or mitigate cybersecurity risks.
For this role we are seeking a Cybersecurity Solution Engineer to focus upon driving our application security program within GDS. You will partner with delivery teams to embed security into the software development lifecycle (SSDLC), work closely with engineering and product teams, and facilitate developer outreach and vulnerability management efforts. Help drive the secure usage of AI throughout the SDLC, as well as driving remediation efforts at scale. This role combines technical delivery (threat modeling, code review, secure architecture guidance) with program leadership (KPIs, Issues Management, executive reporting, security culture). Ensure secure by design principles are incorporated as part of GDS service delivery to Liberty Mutual.
Responsibilities - Provide technical consultation across a wide variety of technical cybersecurity domains such as Secure DevOps, Identity & Access Management, Threat & Vulnerability Management, Data Protection, Cloud Security, Network and Cloud environments
- Perform threat modeling, security design reviews, and technical remediation guidance for new and existing system interfacing with engineers, architects, product owners or leaders.
- Drive proactive identification of threats and vulnerabilities and coordinate remediation prioritization and implementation across stakeholders.
- Review source code and advise on vulnerabilities and validate risk ratings.
- Drive secure-by-design patterns across services and APIs, including secure protocol and API design, cryptography guidance, and key/certificate management best practices.
- Build, measure and report AppSec program maturity and effectiveness using KPIs/KRIs; maintain application security issue register and provide visibility on progress to senior leadership.
- Lead developer outreach within GDS by partnering with BISO peers to create practical guidance, training, and a security champions program to raise security awareness and adoption.
- Mentor engineering teams on secure development practices and act as an escalation point for complex application security issues.
- Support and coordinate between threat intelligence, cyber defense and offensive security teams for GDS applications and services.
- Stay current on evolving threats, regulatory requirements, and industry best practices, and incorporate them into application security program
- improvements.
Qualifications - Bachelor`s or Master`s degree in technical discipline or equivalent experience; technical Master`s degree preferred
- 10+ years of experience in cybersecurity, including a minimum of 3 years in an application security role.
- 5+ years designing and developing software (demonstrated ability to read, understand, and review source code).
- Proven experience building and scaling application security programs in enterprise environments and influencing outcomes across large, matrixed organizations.
- Strong understanding of threat modeling, vulnerability management, OWASP Top 10, and modern application security risks.
- Deep practical knowledge of secure software development practices, DevSecOps principles, and CI/CD tooling and infrastructure-as-code automation with familiarity with platforms such as GitHub Actions, Confluence, JIRA.
- Hands-on experience with static code analysis (SAST), dynamic application scanning (DAST), dependency/SCA tools, and managing false positives.
- Experience securing cloud-based platforms and applications; multi-cloud experience desired, AWS experience preferred
- Experience securing containerized/Kubernetes deployments and modern microservices architectures.
- Familiarity with penetration testing or ethical hacking techniques
- Prior experience developing, maintaining and reporting for application security KPIs/KRIs
- Strong stakeholder management, communication, and leadership skills - able to translate technical risk into business impact and influence senior leaders
- Industry cybersecurity and/or technology certifications are an expectation
- Negotiation skills; oral and written communication skills
- Ability to work CT or EST is required
About Us Pay Philosophy: The typical starting salary range for this role is determined by a number of factors including skills, experience, education, certifications and location. The full salary range for this role reflects the competitive labor market value for all employees in these positions across the national market and provides an opportunity to progress as employees grow and develop within the role. Some roles at Liberty Mutual have a corresponding compensation plan which may include commission and/or bonus earnings at rates that vary based on multiple factors set forth in the compensation plan for the role.
As a purpose-driven organization, Liberty Mutual is committed to fostering an environment where employees from all backgrounds can build long and meaningful careers. Through strong relationships, comprehensive benefits and continuous learning opportunities, we seek to create an environment where employees can succeed, both professionally and personally.
At Liberty Mutual, we believe progress happens when people feel secure. By providing protection for the unexpected and delivering it with care, we help people embrace today and confidently pursue tomorrow.
We are dedicated to fostering an inclusive environment where employees from all backgrounds can build long and meaningful careers. By actively seeking employee feedback and amplifying the voices of our seven Employee Resource Groups (ERGs), which are open to all, we create an environment where every individual can make a meaningful impact so we continue to meet the evolving needs of our customers.
We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being. To learn more about our benefit offerings please visit:
Liberty Mutual is an equal opportunity employer. We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veteran's status, pregnancy, genetic information or on any basis prohibited by federal, state or local law.
Fair Chance Notices - California
- Los Angeles Incorporated
- Los Angeles Unincorporated
- Philadelphia
- San Francisco
Job Tags
Work at office, Local area, Remote work, Shift work,