Software Engineer III
Human API
About the Business
LexisNexis Risk Solutions is the essential partner in the assessment of risk. Within our insurance vertical, we provide customers with solutions and decision tools that combine public and industry-specific content with advanced technology and analytics to assist them in evaluating and predicting risk and enhancing operational efficiency. Our insurance risk solutions help drive better data-driven decisions across the insurance policy lifecycle – all while reducing risk. You can learn more about LexisNexis Risk at the link below. https://risk.lexisnexis.com/insurance
About our Team
You will be working with our development teams on securing Java Spring Boot microservice applications deployed to our AWS and Azure cloud platforms. Our team follows DevSecOps principles, integrating security throughout the software development lifecycle. We value collaboration, continuous learning, and building security capabilities that enable developers rather than block them.
You’ll work as part of a cross-functional organization including:
Development teams (backend Java microservices, frontend typescript, data engineering python)
SRE/Platform engineers managing AWS and Azure infrastructure
Product managers and business analysts defining requirements
Security peers across the broader LexisNexis Risk organization
External partners: InfoSec, compliance teams, and third-party security vendors
About the Role
As a Security Engineer, you will be the security champion for our cloud-native microservices platform. You will develop and maintain security controls, harden CI/CD pipelines, and work closely with development teams to build secure, resilient applications. The ideal candidate has deep understanding of system internals and common attack vectors, demonstrating practical knowledge of DevSecOps practices and cloud security on Azure and/or AWS platforms. You will be familiar with the Secure Software Development Life Cycle and have experience implementing security controls in modern microservices architectures.
Key Responsibilities
Secure and maintain microservice applications and CI/CD pipelines
Implement DevSecOps strategy in existing and new projects.
Develop security controls to harden CI/CD pipelines and continuously improve application security posture.
Conduct threat modeling and security design reviews for new projects
Work with development teams to remediate vulnerabilities in applications
Monitor security events using SIEM tools (Grafana, Loki, Azure Sentinel)
Investigate and respond to security incidents and alerts
Conduct root cause analysis and implement preventive measures
Maintain incident response playbooks, procedures and security documentation
Establish secure coding standards and provide developer training
Integrate security gates into release pipelines (Dev → Non-Prod → Prod)
Requirements
Deep understanding of OWASP Top 10 and common vulnerability classes (injection, XSS, CSRF, etc.)
Working knowledge of security frameworks: NIST Cybersecurity Framework, CIS Benchmarks, MITRE ATT&CK
Strong grasp of the Secure Software Development Lifecycle (SSDLC) and security integration points
Understanding of common exploitation techniques and mitigation strategies
Experience with cloud IAM, network security groups, VPNs, and security policies
Knowledge of encryption standards, key management, and secrets handling (Azure Key Vault, AWS Secrets Manager, HashiCorp Vault, Akeyless)
Understanding of container security best practices (Docker, Kubernetes)
Familiarity with infrastructure as code security (Terraform, ARM templates)
Ability to read and review Java code for security vulnerabilities
Understanding of API security best practices (authentication, authorization, rate limiting, input validation)
Knowledge of authentication/authorization mechanisms (OAuth 2.0, SAML, JWT, OpenID Connect)
Experience with microservices security patterns (service mesh, mutual TLS, zero trust)
Familiarity with Spring Boot framework security features (Spring Security, etc.)
Strong proficiency with CI/CD security: GitHub, GitHub Actions
Experience integrating security tools into build pipelines (SAST, DAST, dependency scanning)
Proficiency with Git for version control and secure development workflows
Hands-on experience with security testing tools:
Required: Web app security testing (Burp Suite, OWASP ZAP, or equivalent)
Preferred: Network analysis (Wireshark, tcpdump), port scanning (Nmap), vulnerability scanning
Understanding of dependency scanning and software composition analysis (Dependabot, Snyk, etc.)
Experience with logging and SIEM platforms for security monitoring (we use Grafana, Loki, Azure Sentinel)
Ability to create security dashboards and alerts
Familiarity with log analysis and threat hunting techniques
Proficiency in at least one scripting language: Python, Bash, or PowerShell
Experience automating security testing, compliance checks, or vulnerability management
Strong communication skills, ability to explain security vulnerabilities and risks to both technical and non-technical audiences
Thrive in a distributed/remote team environment with minimal supervision
Stay current with emerging threats, vulnerabilities, and security best practices
Preferred Qualifications
Security certifications (CISSP, CEH, OSCP, Azure Security Engineer Associate)
Experience in insurance, financial services, or regulated industries
Knowledge of data privacy regulations and PII/PHI handling
Experience with Power BI security and row-level security (RLS)
Background in penetration testing or red team operations
Contributions to open-source security projects
Experience and Education
4+ years in Application Security, DevSecOps, or Software Engineering with demonstrated security focus
3+ years securing cloud environments (Azure preferred, AWS acceptable, multi-cloud experience a plus)
B.Sc. in Computer Science, Engineering, Cybersecurity, or equivalent practical experience with demonstrable security expertise (certifications, portfolio, contributions)
Apply today, or to learn more about opportunities with LexisNexis Risk Solutions or RELX Global, join us here:
https://risk.lexisnexis.com/group/careers
We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1-855-833-5120.
Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here.
Please read our Candidate Privacy Policy.
We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.
USA Job Seekers: