Core Responsibilities

• Defines and owns the technical architecture for CSPM tooling, automation platforms, and integration frameworks — ensuring they scale reliably across thousands of cloud accounts and multiple business units.

• Designs system-level patterns (event-driven pipelines, API contracts, data models) that other engineers build on — establishing the foundational approach for how security findings flow from detection through prioritization to remediation.

• Drives architectural decisions on platform extensibility, service boundaries, and data ownership — balancing near-term delivery against long-term maintainability as the program grows.

• Architects auto-remediation and shift-left enforcement systems that operate at org scale — designing for fault tolerance, auditability, and graceful degradation when upstream systems change.

• Evaluates and selects tooling, frameworks, and integration patterns that the broader team adopts — owning the technical standards for how CSPM systems connect to enterprise infrastructure (CI/CD, CMDB, ITSM, identity providers).

• Partners with engineering leadership across Platform, DevOps, SRE, and application security teams to align on shared interfaces, data contracts, and remediation workflows that reduce friction at organizational boundaries.

• Leads technical design reviews and mentors engineers on the team — raising the bar on code quality, system thinking, and operational readiness.

• Shapes the technical roadmap for AI-assisted security capabilities — evaluating where machine learning and LLM-based automation can meaningfully reduce risk or operational burden, and architecting the systems to deliver them.

Qualifications

• Minimum of five years related work experience required, with two years experience in cloud security preferred.

• Undergraduate degree in a related field or the equivalent combination of training and experience.

• Proficiency in Python, Go or TypeScript - production-grade, not just scripting

• Strong background in distributed systems concepts: event-driven architectures, async processing, API design, observability

• Hands-on experience across at least one of: AWS, GCP, Azure — at the level of org-wide account structures, landing zones, and cross-account security patterns and IAM at scale.

• Track record of influencing technical direction beyond your immediate team

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.