Principal Cyber security Engineer


Date: Jun 29, 2022

Location: New York, NY, US

Company: New York Life Insurance Co



When you join New York Life, you’re joining a company that values career development, collaboration, innovation, and inclusiveness. We want employees to feel proud about being part of a company that is committed to doing the right thing. You’ll have the opportunity to grow your career while developing personally and professionally through various resources and programs. New York Life is a relationship-based company and appreciates how both virtual and in-person interactions support our culture.



The position is a Hybrid based role (on-site Tues, Wed, Thurs)

NYL is looking for an experienced IT Security professional to fill a role as a Principal Cyber security Engineer.  This role requires a strong technical understanding of all security domains to help secure a large-scale IT environment (including Cloud) focusing on maturing the ability to protect assets and applications with applying controls around the four pillars of prevent, detect, respond and remediate.  Excellent communication and inter-personal skills are a must in this role as the chosen candidate would be a key liaison between multiple stakeholders ranging from Technical staff, Risk management, and application/business owners. 


Some of the key responsibilities are:

  • Design and build enterprise-class security solutions in alignment with organization strategy and in partnership with Security Domain Leads, Enterprise Architects, IT Managers and Developers
  • Design security architecture elements to mitigate threats as they emerge. Act as visionary to proactively assist in setting direction for future security strategies
  • Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
  • Participate in planning and strategy of cybersecurity capabilities, own solution roadmap, solution delivery and budget
  • Manage and execute cybersecurity solutions (including Cloud security) across lifecycle strategy, design, implementation
  • Serve as subject-matter expertise on designing and implementing secure cloud solutions and products
  • Provide supervision and guidance to a security team, including answering technical and procedural questions for less experienced team members, teaching improved processes, and mentoring team members.
  • Identify and deliver appropriate controls based on industry standards (e.g., CCM) to drive cloud and customer security solutions framework based on business risk and cloud native threat
  • Determining security requirements by evaluating business strategies and requirements, researching information security standards, conducting system security and vulnerability analyses and risk assessments, studying architecture and platforms, and identifying integration issues.
  • Partner with Technical teams (Architect, Engineers) to assist in creating solutions that balance business requirements with information and cybersecurity requirements in alignment with company’s standards and risk appetite
  • Planning of security systems by evaluating network and security technologies, developing technical security standards and requirements for security devices such as routers, firewalls, and related security and network devices.
  • Designing public/private key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software adhering to industry standards.
  • Integrating systems with security operations, responding to security incidents, and providing thorough post-event analyses



  • 8+ years of experience in Cybersecurity
  • 4+ years of experience in architecting security solutions
  • Degree in Information Technology, Computer Science, Engineering, or related field is highly desirable, but not required. Advanced security certifications such as CISSP (Certified Information Systems Security Professional) , CCSP – Certified Cloud Security Professional, Security Architecture (SABSA) are highly desired
  • Understanding of industry framework (e.g., NIST, CIS) and standards for cybersecurity (e.g., OAuth)
  • Knowledge and understanding of key differences between most popular cloud provider solutions and cloud orchestration tools (e.g. Azure, AWS, GCP, Pivotal Cloud Foundry, BOSH, Kubernetes, Docker, etc.)
  • Strong security experience in the area of (but not limited to) data protection, cloud security, firewalls, intrusion detection, and prevention systems (IDS/IPS), web and application security, network access controls, Access Management and network segmentation.
  • Strong domain expertise in cloud infrastructure compute, network and storage as well as the cloud control plane
  • Knowledge of virtualization, containers, service-mesh and enterprise service business
  • Experience with structured Enterprise Architecture practices, hybrid cloud deployments, and onpremise-to-cloud migration deployments
  • Ability to identify and drive remediation of public and hybrid cloud risks
  • Experience in designing, implementing and delivering security for cloud native, distributed computing and architectural solutions with a principle of “Secure by Design”
  • Good working knowledge of current IT risks and experience implementing security solutions
  • Ability to interact with a broad cross-section of personnel to explain and enforce security measures
  • Excellent written and verbal communication skills




Recognized as one of Fortune’s World’s Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and volunteerism, supported by the Foundation. We're proud that due to our mutuality, we operate in the best interests of our policy owners. We invite you to bring your talents to New York Life, so we can continue to help families and businesses “Be Good At Life.” To learn more, please visit LinkedIn, our Newsroom and the Careers page of

Job Requisition ID: 86303




Nearest Major Market: Manhattan
Nearest Secondary Market: New York City

Job Segment: Cyber Security, Cloud, Manufacturing Engineer, Information Technology, IT Architecture, Security, Technology, Engineering