As a Senior Security Engineer in Marketing Technology (MarTech), you will pioneer industry-leading technologies and toolsets to enable our developers to innovate in record time. We are looking for an experienced security professional who will bring a vision to the role and have a strong background in partnering with other departments, primarily non-engineering teams, to develop secure practices. Ideally, you will have broad expertise in security standards, practices, tools, and technologies applicable to online financial services with extensive integrations with third-party systems.
About The Team:
Our industry, now more than ever, is built upon the principles of rapid innovation, agile development and testing, continuous deployment, and ultimately faster time to market for applications. The DevSecOps team at Vanguard is a core driver of these principles. The team is searching for a senior engineer with proven experience in owning projects, identifying and leading implementation of new technology, developing standards, and mentoring team members. DevSecOps is central to the entire department's operations, and as such, the successful candidate will have input to technology and implementation decisions across the organization.
In this role, you will:
Design, deploy, manage, and improve critical security infrastructure services/tools for authentication and authorization, PKI, secrets management, logging, detection, vulnerability management, and application security.
Ensure technology implementation and product development methodology aligns with information security policies and improves security posture.
Responsible for threat management, security monitoring, trend correlation, and incident management, including security violations and exceptions.
Provide recommendations on security requirements to be included in product design and security testing.
Provide recommendations to the Risk Management Framework process activities and related documentation
Research and design ways to achieve risk reduction objectives in creative ways, including expanding our current tool stack where appropriate
Assess risk arising from third parties, vendors, and partners in our ecosystem and design controls to mitigate such risks
Part of the security incident response team.
An ideal candidate will have:
8+ years of hands-on security experience
Must have hands-on expertise operating in an AWS environment with mastery of architecture and security capabilities in the cloud
Mastery of multiple security domains such as intrusion detection, incident response, malware analysis, and forensics
Deep understanding of Linux operating systems
In-depth knowledge of CVSSv3, CWE, OWASP Top 10, and CWE/SANS TOP 25 Most Dangerous Software Errors
Outstanding written and oral communications skills with the ability to develop internal processes and articulate assessment results with internal partners
Continuously seek to develop new skills and technical expertise, as well as proactively share knowledge with others
Experience with various public cloud services Using AWS / Azure / GCP is strongly preferred
Bachelor's degree in a relevant technical field/equivalent knowledge and experience
What sets you apart:
Experience in security incident response preferred
Experience in software development (C/C++, Java, or Python) preferred
Certification in one or more of the following: CISSP, CASP, Security+, CISA, GSEC, CAP, SCNA, SCNP, SSCP, GSLC, GSE, CCNA
AWS and or Azure Professional level certification (Solutions Architect, DevOps Administrator, or Developer)
Vanguard is not offering sponsorship for this role
We are Vanguard. Together, we’re changing the way the world invests.
For us, investing doesn’t just end in value. It starts with values. Because when you invest with courage, when you invest with clarity, and when you invest with care, you can get so much more in return. We invest with purpose – and that’s how we’ve become a global market leader. Here, we grow by doing the right thing for the people we serve. And so can you.
We want to make success accessible to everyone. This is our opportunity. Let’s make it count.
Vanguard’s continued commitment to diversity and inclusion is firmly rooted in our culture. Every decision we make to best serve our clients, crew (internally employees are referred to as crew), and communities is guided by one simple statement: “Do the right thing.”
We believe that a critical aspect of doing the right thing requires building diverse, inclusive, and highly effective teams of individuals who are as unique as the clients they serve. We empower our crew to contribute their distinct strengths to achieving Vanguard’s core purpose through our values.
When all crew members feel valued and included, our ability to collaborate and innovate is amplified, and we are united in delivering on Vanguard's core purpose.
Our core purpose: To take a stand for all investors, to treat them fairly, and to give them the best chance for investment success.