Lead DevOps Security Engineer at Vanguard Group in Malvern, PA

Build IT that develops financial futures

In this role, you will be a key member of Vanguard’s DevSecOps Engineering team within the Enterprise MarTech Platforms organization. This team is responsible for driving continuous improvement, automation, security, and release management best practices across the software development lifecycle as new MarTech platforms and capabilities are planned and implemented across Vanguard divisions.

As the Lead DevOps Security Engineer, you will interpret business use cases, marketing platform, requirements and solution designs to develop overall testing strategies, end-to-end test plans and scenarios in support of Agile MarTech delivery initiatives. You have comprehensive knowledge of Continuous Integration/Continuous Development (CI/CD) protocols, processes, and deployment automation tools.

In this role, you will:

• Work side by side with developers/engineering to ensure security protocols and considerations are embedded into the software development lifecycle, not just added on at the end / prior to production release. Provide security techniques and expertise to ensure the MarTech infrastructure services meet Vanguard’s security requirements/certifications. Support the DevOps team to solve operational issues and develop automation enhancements.
• Work with the DevSecOps team for the design and development of security solutions using the approved automation and CI/CD tooling
• Recognize areas for security improvements within the cloud platform around automation and CI/CD, access controls, network, automated compliance, alerting and forensics etc.
• Manage the development, refresh and implementation of security policies, standards, guidelines and procedures
• Run, facilitate and support testing and validate security related alerting, incident responses, counter measures, SOC, operational processes, forensics, etc
• Define and support secure continuous delivery approaches including tooling and automated testing
• Work closely with our internal InfoSec team and be the primary engineering contact related to all things security.
• Own and manage our security vulnerability monitoring and intrusion detection systems. Ensure we are proactively fixing issues raised. Manage the interactions with the company's outsourced SOC, and the WAF.
• Develop internal tooling for automatic deployment of security patches to our production infrastructure.
• Build out, test and maintain disaster recovery solutions and tabletop exercises.
• Architect and implement solutions necessary to address security audits and compliance efforts. Knowledge of SOC2 and ISO27001 and PCI a plus.
• Work with external security testing vendors to coordinate pen testing of our platform and network. Coordinate any necessary fixes with the engineering team. Support the outsourced bug bounty program.
• Work closely with the applications and infrastructure engineering teams to ensure we are considering security when architecting and building new systems. Ensure that security solutions are architectured with developer velocity and efficiency in mind. Identify and develop tools to aid this process.
• Develop tools to automate the ongoing security auditing of IAM permissioning and other AWS configurations
• Participate in an on-call rotation with the engineering team.

What it takes:

• B.S. in Computer Science or another technical field preferred, but not required.
• 3+ years of experience working in a Software Engineering role
• 3+ years of experience working in a DevOps role
• 3+ years of experience working in a Security role handling cloud infrastructure
• Experience securing AWS deployments.
• Experience turning feedback from security analysis tools (Threatstack, Amazon Inspector, etc) into infrastructure improvements
• Familiarity with Docker and container orchestration tools like Kubernetes
• Experience managing and automating large AWS deployments
• Strong foundation in programming, algorithms, and software application design
• Passion for solving challenging problems and iterating quickly