At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.What's the role?As a Cybersecurity Engineer on the Threat Detection & Response team, your role will include responding to, investigating and containing anomalous or malicious activity that could indicate a security threat. You'll be responsible for staying up to date on the latest cybersecurity threats and assisting in the continual development and refinement related to monitoring, detecting and responding to abnormal network and host activity.Responsibilities:Triage, pivot and correlate across multiple network and host-based log sources.Analyze system artifacts and memory for evidence of compromise.Proactively hunt for and identify malicious activity in various log sources using threat intelligence and other indicators of compromise.Communicate and collaborate with all areas of the business including executive leadership to educate and inform throughout the incident response lifecycle.Continually improve incident response procedures and documentation.Engage with Detection Engineering and Red Team to find opportunities to better monitor/detect suspicious behavior and automate response capabilities.Keep up to date on evolving cyber threats and identify methods to detect them.Participate in an on-call rotation with other cybersecurity engineers.Desirable Skills:Experience with security tools including SIEM, EDR, AV, CASB, Next-gen Firewalls, and VPN.Experience with system and network artifacts.Working knowledge of the MITRE ATT framework.Familiarity with various cloud environments and containerization technologies (AWS, Azure, O365, Docker, Kubernetes).Functional and practical experience with at least one development or scripting language/framework (e.g. PowerShell, Python, .Net) and regular expressions.Minimum Qualifications:Bachelor's Degree in Information Security, Computer Science, or equivalent combination of education, training, and experience.Two or more years in an Incident Response or Security Operations Center (SOC) role.Background in information technology with an emphasis on network or systems administration.Hold or willingness to obtain certifications such as GCIH, GCFE, GCFA, GDAT, CISSP or other relevant security certifications.Our Benefits:Highly competitive compensation, including annual bonus opportunitiesMedical/Dental/Vision plans, matching 401(k), pension programTuition reimbursement, commuter plans, and paid time offExtensive Professional Training OpportunitiesExcellent Work/Life BalanceHackathons/Dedication to Innovation#LI-postThis job is not covered by the existing Collective Bargaining Agreement.Required Certifications:Grow your career with a best-in-class company that puts our client's interests at the center of all we do. Get started now!We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.