AppSec Jobs
← Back to all jobs

MetLife

Director of Investments DevSecOps and QA

Whippany, NJWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About MetLife

MetLife, Inc. is a prominent global financial services company that specializes in insurance, annuities, employee benefits, and asset management. Founded in 1868, it operates in over 40 countries and employs approximately 46,500 people. The company has a rich history, beginning as the National Union Life and Limb Insurance Company, and has evolved to become a leader in the life insurance market. MetLife offers a wide range of financial protection and savings solutions. Its core products include individual and group life insurance, annuities, retirement and savings products, as well as medical, dental, and accident insurance. The company also provides employee benefit programs and specialized solutions tailored to meet the needs of both individual consumers and businesses. With a strong international presence, MetLife serves around 90 million customers, including many of the largest Fortune 500 companies, through various distribution channels.

Industry

insurance

Employees

45,000

2275 engineers

Revenue

$70B

Website

Visit →

Security at MetLife

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

MetLife operates as a "DevSecOps-first engineering organization" with a mission to "Champion DevSecOps best practices and contribute to the Enterprise DevSecOps Center of Excellence." Their philosophy emphasizes developer enablement through tools like "GitHub Enterprise (with GitHub Advanced Security and Copilot)" and the implementation of "automated security scanning (SAST/DAST, dependency scanning) and vulnerability management." Strategically, the firm is "targeting a cyber maturity level beyond Level 4" while "unifying the security stack to reduce complexity." A current priority includes managing "access control and data classification, especially as AI tools like Microsoft Copilot are rolled out," alongside maintaining "annual assessments for all vendors, including penetration testing."

Security Team

  • The AppSec program is part of a global technology and operations structure.
  • Key leadership includes Dan Antilley (CISO), who has a history of building the company's AppSec and Insider Threat programs. Other public-facing leaders include Aaron Ades (Deputy CISO and Vice President) and Matthew Duckworth (Director of IT Risk and Security, Asia Operations).
  • The team size is estimated at approximately 40 security-related roles in the United States based on recent job aggregator signals.

Key Initiatives

MetLife is actively implementing "automated security scanning (SAST/DAST, dependency scanning)" within their pipelines. A significant regional initiative involved using Azure DevOps to "implement industry best practices for development security operations (DevSecOps)" which successfully "reduces automated development security operations tests and builds to under an hour." There is currently no public evidence of a formal 'Security Champions' program or specific vulnerability triage SLAs.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.