Email Security Engineer

Come join one of America's fastest-growing insurance companies. Since 1848, National Life Group has aimed to keep our promises, providing families with stability in good times and in bad. Throughout that history, we have provided peace of mind to those families as they plan their futures.

Our mission extends beyond the insurance and annuities policies that we offer. We strive to make the world a better place through our grants from our charitable foundation, paid volunteer time for our employees, environmentally sustainable and healthy workplaces, and events that promote the work of nonprofits in our own backyard.

We foster a collaborative environment with opportunities for growth and encourage our associates to live our values: Do good. Be good. Make good.

Please note that we do not offer visa sponsorship for this position.

Email is the number one attack vector and here, you'll be the trusted expert who takes our defenses to the next level.  In this hands-on role, you'll architect and refine cutting-edge security controls using the latest in Proofpoint, Microsoft Office 365, Exchange Online Protection, and Microsoft Purview DLP to stay ahead of phishing, business email compromise, and data loss threats.  You'll have the freedom to innovate, experiment with new solutions, and champion fresh ideas that drive real results.

Grow your skills and make a difference.  Our team thrives on collaboration and knowledge-sharing, and we believe in leading by example.  You'll automate successful strategies, quickly adapt from lessons learned, and help shape our security roadmap.  Leaders here empower you to test new approaches and encourage ongoing personal and professional development, so your contributions will have a direct and meaningful impact.

Join a culture built on purpose and progress.  We keep things simple: Do good. Be good. Make good.  You'll be supported by a team that values thoughtful experimentation and growth, ensuring your work matters for our organization and for your career.

This position currently offers an onsite work schedule, with the expectation that you are in the office four (4) days per week during onsite core days. Our current onsite core days are Monday, Tuesday, Wednesday, and Thursday.  The work schedule type and core days are subject to change with advance notification and manager discretion.

Essential Duties and Responsibilities

• Engineer and operate advanced email protections in Proofpoint and Microsoft Defender for Office 365 (including Exchange Online Protection, Safe Links/Safe Attachments, impersonation safeguards) with continuous tuning to cut false positives and boost catch rates.
• Engineer and operate Microsoft Purview DLP for Exchange Online.  Design classification labels and enforcement rules with defined exceptions to stop data exfiltration.  Use split tests and drift monitoring to sustain policy effectiveness.
• Harden trust and identity for mail: SPF/DKIM/DMARC strategy, DMARC enforcement and reporting, display name/VIP impersonation controls, external tag strategy, QR code phishing and Business Email Compromise patterns.
• Investigate and respond: lead deep-dive investigations on phishing campaigns; provide actionable post-incident improvements.
• Cross-team force multiplier: improve detections and execute response with Security Monitoring & Response, lock down access with IAM, ensure compliance fit with GRC, and make the fix stick with Security Architecture and Infrastructure.
• Automate and integrate: build playbooks and API/SOAR hooks for triage, enrichment, and response (e.g., auto-pull/recall, bulk purge, VIP watchlists, threat intel lookups).
• Measure what matters: define metrics (catch rate, FP rate, MTTD/MTTR for mail events, DLP signal quality) and share insights that drive roadmap priorities.
• Document and mentor: publish standards, playbooks, and quick-wins; coach peers, and champion secure-by-default patterns for email workflows.

Minimum Qualifications

• 5+ years in Information Security with 2+ years focused on email security engineering/operations.
• Hands-on experience with Proofpoint email security, including Targeted Attack Protection (TAP) and Threat Response Auto-Pull (TRAP); policy tuning; Data Loss Prevention integration; and quarantine workflows.  Proficiency with Microsoft Defender for Office 365 and Exchange Online Protection (EOP); configuring Safe Links and Safe Attachments; conducting advanced hunting; and performing header and mail flow troubleshooting. 
• Email DLP platform expertise (Microsoft Purview preferred).  Define and maintain the label taxonomy; tune rules and detectors including Exact Data Match (EDM) and regex; establish exception governance; and run testing at scale.
• Mail flow and identity depth across Exchange Online, connectors, transport rules, header analysis, and DNS; SPF/DKIM/DMARC design and enforcement; and vanity domain lifecycle for email: subdomain design and naming, DNS ownership and hygiene, third-party sender onboarding and alignment, and ongoing deliverability and blocklist monitoring.
• Strong scripting (PowerShell or Python), API/automation comfort, and a metrics-first mindset.
• Clear communication, able to turn complex findings into crisp recommendations for engineers, business stakeholders and leadership.

Nice to have:

• Certifications: CISSP, Proofpoint certifications, Microsoft SC-200 or SC-400.
• Experience: Brand Indicators for Message Identification (BIMI) and brand protection.  Experience with Security Orchestration, Automation, and Response (SOAR).  Exposure to email threat intelligence enrichment.

Benefits

• Your benefits start day one and are flexible and customizable to your and your family's specific needs. Check out the BENEFITS of a Career at National Life!

Base Pay Range.  The base pay range for this position is the range National Life reasonably and in good faith expects to pay for the position taking into account the wide variety of factors, including: prior experience and job-related knowledge; education, training and certificates; current business needs; and market factors.  The final salary or hourly wages offered may be outside of this range based on other reasons and individual circumstances.

Additional Compensation and Benefits. The total compensation package for this position may also include a full range of medical, financial, and/or other benefits (including 401(k) eligibility and various paid time off benefits, such as vacation, sick time, and parental leave), dependent on the position offered. The successful candidate may also be eligible to participate in National Life's discretionary annual incentive programs, subject to the rules governing such programs. If hired, the employee will be in an "at-will position" and National Life reserves the right to modify base salary (as well as any other discretionary payment or compensation or benefit program) at any time, including for reasons related to individual performance, company or individual department/team performance, and market factors.

National Life is accepting applications for this role on an ongoing basis and the role remains open until filled.

Salary Pay Range

$93,750—$137,500 USD

National Life Group is a trade name of National Life Insurance Company, Montpelier, VT - founded in 1848, Life Insurance Company of the Southwest, Addison, TX - chartered in 1955, and their affiliates. Each company of National Life Group is solely responsible for its own financial condition and contractual obligations. Life Insurance Company of the Southwest is not an authorized insurer in New York and does not conduct insurance business in New York. Equity Services, Inc., Member FINRA/SIPC, is a Broker/Dealer and Registered Investment Adviser affiliate of National Life Insurance Company. All other entities are independent of the companies of National Life Group.

Fortune 1000 status is based on the consolidated financial results of all National Life Group companies.

Social Media Policy

Site Disclosure and Privacy Policy

National Life Group

1 National Life Dr

Montpelier, VT 05604