Software Engineer III

Job Description About The Business LexisNexis Risk Solutions is the essential partner in the assessment of risk. Within our insurance vertical, we provide customers with solutions and decision tools that combine public and industry-specific content with advanced technology and analytics to assist them in evaluating and predicting risk and enhancing operational efficiency. Our insurance risk solutions help drive better data-driven decisions across the insurance policy lifecycle all while reducing risk. You can learn more about LexisNexis Risk at the link below.https://risk.lexisnexis.com/insurance About Our Team You will be working with our development teams on securing Java Spring Boot microservice applications deployed to our AWS and Azure cloud platforms. Our team follows DevSecOps principles, integrating security throughout the software development lifecycle. We value collaboration, continuous learning, and building security capabilities that enable developers rather than block them. You'll work as part of a cross-functional organization including: - Development teams(backend Java microservices, frontend typescript, data engineering python) - SRE/Platform engineersmanaging AWS and Azure infrastructure - Product managersand business analysts defining requirements - Security peersacross the broader LexisNexis Risk organization - External partners: InfoSec, compliance teams, and third-party security vendors About The Role As a Security Engineer, you will be the security champion for our cloud-native microservices platform. You will develop and maintain security controls, harden CI/CD pipelines, and work closely with development teams to build secure, resilient applications. The ideal candidate has deep understanding of system internals and common attack vectors, demonstrating practical knowledge of DevSecOps practices and cloud security on Azure and/or AWS platforms. You will be familiar with the Secure Software Development Life Cycle and have experience implementing security controls in modern microservices architectures. Key Responsibilities - Secure and maintain microservice applications and CI/CD pipelines - Implement DevSecOps strategy in existing and new projects. - Develop security controls to harden CI/CD pipelines and continuously improve application security posture. - Conduct threat modeling and security design reviews for new projects - Work with development teams to remediate vulnerabilities in applications - Monitor security events using SIEM tools (Grafana, Loki, Azure Sentinel) - Investigate and respond to security incidents and alerts - Conduct root cause analysis and implement preventive measures - Maintain incident response playbooks, procedures and security documentation - Establish secure coding standards and provide developer training - Integrate security gates into release pipelines (Dev Non-Prod Prod) Requirements - Deep understanding ofOWASP Top 10and common vulnerability classes (injection, XSS, CSRF, etc.) - Working knowledge of security frameworks:NIST Cybersecurity Framework,CIS Benchmarks,MITRE ATT&CK - Strong grasp of theSecure Software Development Lifecycle (SSDLC)and security integration points - Understanding of common exploitation techniques and mitigation strategies - Experience with cloud IAM, network security groups, VPNs, and security policies - Knowledge of encryption standards, key management, and secrets handling (Azure Key Vault, AWS Secrets Manager, HashiCorp Vault, Akeyless) - Understanding of container security best practices (Docker, Kubernetes) - Familiarity with infrastructure as code security (Terraform, ARM templates) - Ability to read and reviewJava codefor security vulnerabilities - Understanding of API security best practices (authentication, authorization, rate limiting, input validation) - Knowledge of authentication/authorization mechanisms (OAuth 2.0, SAML, JWT, OpenID Connect) - Experience with microservices security patterns (service mesh, mutual TLS, zero trust) - Familiarity withSpring Boot frameworksecurity features (Spring Security, etc.) - Strong proficiency withCI/CD security: GitHub, GitHub Actions - Experience integrating security tools into build pipelines (SAST, DAST, dependency scanning) - Proficiency withGitfor version control and secure development workflows - Hands-on experience with security testing tools: - Required: Web app security testing (Burp Suite, OWASP ZAP, or equivalent) - Preferred: Network analysis (Wireshark, tcpdump), port scanning (Nmap), vulnerability scanning - Understanding of dependency scanning and software composition analysis (Dependabot, Snyk, etc.) - Experience with logging and SIEM platforms for security monitoring (we useGrafana,Loki,Azure Sentinel) - Ability to create security dashboards and alerts - Familiarity with log analysis and threat hunting techniques - Proficiency in at least one scripting language:Python,Bash, orPowerShell - Experience automating security testing, compliance checks, or vulnerability management - Strong communication skills, ability to explain security vulnerabilities and risks to both technical and non-technical audiences - Thrive in a distributed/remote team environment with minimal supervision - Stay current with emerging threats, vulnerabilities, and security best practices Preferred Qualifications - Security certifications (CISSP, CEH, OSCP, Azure Security Engineer Associate) - Experience in insurance, financial services, or regulated industries - Knowledge of data privacy regulations and PII/PHI handling - Experience with Power BI security and row-level security (RLS) - Background in penetration testing or red team operations - Contributions to open-source security projects Experience And Education - 4+ years in Application Security, DevSecOps, or Software Engineering with demonstrated security focus - 3+ yearssecuring cloud environments (Azurepreferred,AWSacceptable, multi-cloud experience a plus) - B.Sc. in Computer Science, Engineering, Cybersecurity, or equivalent practical experience with demonstrable security expertise (certifications, portfolio, contributions) Apply today, or to learn more about opportunities with LexisNexis Risk Solutions or RELX Global, join us here: https://risk.lexisnexis.com/group/careers www.relx.com/careers/join-us