Staff Engineer
Marsh McLennan is seeking candidates for the following position.
What can you expect?
• Lead the application development within Marsh McLennan as a technical expert and mentor • Drive security excellence through hands-on code reviews, architecture guidance, and technical leadership • Create and maintain security-focused boilerplate code, libraries, and frameworks for development teams • Serve as the technical bridge between security requirements and engineering implementation • Shape the security posture of applications through deep technical involvement in the development lifecycle
What is in it for you?
• Marsh McLennan offers competitive employee benefits and a thriving culture • A company with a strong Brand and strong results to match • Employee Resource Groups which provide access to leaders, relevant volunteer and mentoring opportunities, and interactions with counterparts in industry groups and client organizations • Competitive pay (salary and bonus potential), Full benefits package – starting day one (medical, dental, vision, STD/LTD, life insurance, RSP (Retirement Savings Plan) or TFSA (tax free savings account)) • Tuition Reimbursement plan and participation in our Employee Stock Purchase Plan • Entitled to vacation, floating holidays, time off to give back to your community, sick days, and provincial/national holidays (with early dismissal)
We will count on you to:
Technical Leadership & Code Quality
• Conduct comprehensive security-focused pull request reviews across multiple applications and technology stacks
• Design, develop, and maintain reusable security libraries, frameworks, and boilerplate code for development teams
• Establish and enforce secure coding standards through technical guidance and code review processes
• Create and maintain security-focused development tools, linters, and automated checks
Architecture & Design
• Review and provide technical input on application architectures from a security perspective
• Participate in design reviews and technical discussions to ensure security best practices are embedded from the ground up
• Perform threat modeling and security architecture assessments for new and existing applications
• Collaborate with engineering teams to design secure, scalable solutions that meet business requirements
Security Champion Leadership
• Serve as the senior technical member within the Security Champion community across MMC
• Mentor and guide other security champions, providing technical expertise and best practice guidance
• Lead technical discussions regarding proposed changes to Application Security Standards and guidelines
• Act as resident security expert and technical consultant across multiple application portfolios
Development & Implementation
• Actively contribute to secure application development through hands-on coding and technical implementation
• Integrate security controls and features into applications (RBAC, authentication, authorization, encryption, etc.)
• Develop and maintain security testing frameworks and automated security validation tools
• Contribute to the design and implementation of security infrastructure and deployment pipelines
Standards & Process
• Establish and maintain technical security standards, guidelines, and best practices for development teams
• Provide technical guidance on vulnerability assessment, triaging, and remediation approaches
• Review and validate security incident remediation, including secrets management and disposal
• Ensure alignment with industry standards (OWASP Top 10, SANS Top 25, CWE) and internal security policies
Collaboration & Communication
• Work closely with development teams, product owners, and architects to integrate security seamlessly into the development process
• Serve as technical liaison between development teams and global information security
• Provide technical training and knowledge sharing sessions on secure development practices
• Communicate complex security concepts clearly to both technical and non-technical stakeholders
What you need to have:
Technical Expertise
• Bachelor's degree in Computer Science, Engineering, or equivalent technical experience
• 7+ years of software development experience with strong engineering fundamentals
• Expert-level proficiency in multiple programming languages (JavaScript/TypeScript, Python, Java, C#, etc.)
• Deep understanding of modern application architectures, microservices, and cloud platforms (Azure, AWS)
• Extensive experience with CI/CD pipelines, DevOps practices, and infrastructure as code
• Advanced knowledge of secure coding practices, common vulnerabilities, and security testing methodologies
Security Specialization
• Advanced expertise in application security principles, practices, and industry standards
• Experience with security testing tools (SAST, DAST, IAST, dependency scanning)
• Deep understanding of authentication, authorization, cryptography, and secure communication protocols
• Knowledge of threat modeling methodologies and security architecture patterns
• Experience with security frameworks and compliance requirements (SOC 2, ISO 27001, NYDFS, etc.)
Leadership & Communication
• Proven track record of leading technical initiatives and mentoring development teams
• Excellent communication skills with ability to influence and educate technical and non-technical audiences
• Experience working in distributed, cross-functional teams across multiple time zones
• Strong problem-solving skills with ability to balance security requirements with business needs
What makes you stand out:
Technical Excellence
• Demonstrated ability to architect and implement enterprise-scale security solutions
• Experience building and maintaining security-focused development tools and frameworks
• Deep expertise in multiple technology stacks and ability to quickly adapt to new technologies
• Track record of successfully implementing security controls in complex, distributed systems
Leadership & Impact
• Experience leading security transformation initiatives within large organizations
• Proven ability to influence engineering culture and drive adoption of security best practices
• Experience with site reliability engineering (SRE) practices and security operations
Innovation & Continuous Learning
• Active participation in security communities, conferences, and open-source projects
• Proactive approach to staying current with emerging security threats and technologies
• Experience with AI/ML security considerations and secure integration of LLM technologies
• Demonstrated ability to translate business requirements into technical security solutions
Marsh McLennan (NYSE: MMC) is a global leader in risk, strategy and people, advising clients in 130 countries across four businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of $24 billion and more than 90,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective. For more information, visit marshmclennan.com, or follow on LinkedIn and X.
Marsh McLennan is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, caste, disability, ethnic origin, family duties, gender orientation or expression, gender reassignment, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.
Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person.