Responsible for execution of Invesco’s enterprise vulnerability and security patch management capability across hybrid and cloud-native infrastructure. This role focuses on reducing material risk at scale through automation-first engineering, high-fidelity data, and AI-assisted prioritization, enabling faster, smarter remediation decisions across complex environments.

As part of a dedicated infrastructure security engineering team, you will play a key role in protecting Invesco’s platforms, data, and reputation by driving continuous improvement across the vulnerability lifecycle—from asset discovery and signal quality to remediation orchestration. Demonstrate through key metrics, challenges and success.

You'll oversee the execution of vulnerability lifecycle automation (on-prem and cloud), accuracy and enrichment of vulnerability and asset data to improve prioritization and ownership, development of meaningful metrics, adoption and advancement of AI-assisted risk scoring, forecasting, and remediation decision support.

This role works closely with infrastructure, cloud and platform engineering teams along with global security teams.

• Subject matter expert on Security patch deployment methodologies and tools based on best industry practice.

• Responsible for risk assessment, deployment activities, scheduling and prioritization.

• Comfortable using AI tools to classify, enrich and prioritize security data, detect anomalies and trends.

• Responsible for reporting back on progress of compliance; contribute to creating metric reports that track team success. Drive accountability to ensure Invesco risk profile is maintained to zero breach in compliance.

• Ensure tools used in the role to maintain accurate and effective risk profile

• Identify opportunities to improve process and tools that would gain either capacity in the team or reduce time taken to close out vulnerabilities.

• Provide technical assistance and lead response to audit reports, including creation of professional documents that would be shared at a senior executive level.

• Act as a mentor and guide to other Team members. Deputize in the absence of line Manager whilst acting as a technical lead on cross-team initiatives.

• Drive a culture of continuous improvement, experimentation and lead projects/initiatives where required.

• Technical mindset with proven experience working in Infrastructure environment in the past 8-10+ years

• Experience in managing cyclical security deployment program(s)

• Proven experience working in any of the following technology environments; Microsoft Operating Systems, CISCO Networks, UNIX/Redhat

• Worked in Financial services industry for a minimum of 5 years.

• Superior written and oral communication skills, working in a global enterprise organization

• Strong skill base (5+ years) using legacy Microsoft End point Management (MECM)

• Demonstrate use, management and interpretation of Security scanning tools such as Wiz and Qualys

• Practical experience of prioritizing remediations plans based on risk score classifications

• Designing and implementing automation pipelines for patch orchestration, validation and reporting and exception handling

• Leverage AI/ML techniques to identify duplicate, inaccurate or noisy vulnerability data, including forecasting emerging exploit-based risks

• API-first mindset

• Advanced scripting, automation in PowerShell, Python, Microsoft Power Automate

Knowledge:

• Familiar with ServiceNow and ITIL Framework

• Strong PowerBI, Windows Operating systems (Server and Desktop), advanced use of O365 products, in particular Excel and manipulation of extensive data sets

• Proven automation / scripting-based skills to enable enterprise wide deployments or methodologies associated with

• Interpret and provide written recommendations on how vulnerabilities present a threat in a multitude of Technology platforms (stated above), the challenges associated to the environment that enable gauging risk profile

• Proficient in working within regulated Change Management environment, focus on risk and impact

• Desirable (not essential) Red Hat Satellite Server

• Deep hands-on experience, across enterprise cloud environments such as AWS and Microsoft Azure/M365 (Intune)

• Solid understanding of vulnerability industry standard scoring mechanisms such as CVSS, EPSS, KEV.

• Proven ability to improve fidelity of vulnerability and asset data (correlating across CMDB, Cloud discovery and scanner output).

• Building and maintaining PowerBI dashboards for analytical purpose that create insight to action

Preferred Qualifications:

Industry-recognized cloud platform certifications (foundational and/or associate/advanced), across enterprise cloud environments including but not limited to;

• Microsoft 365 Certified: Endpoint Administrator Associate/Expert/Security Specialization

• Windows Server Hybrid Administrator Associate

• Azure Administrator/Security/Hybrid/Networking

• Microsoft Certified: Security Operations Analyst Associate

• AWS Foundation/Associate/Professional

• AWS Certified Security Specialist/DevOps/Solutions Architect

Pursuant to Invesco’s Workplace Policy, employees are expected to comply with the firm’s most current workplace model, which as of October 1, 2025, includes spending at least four full days each week working in an Invesco office. This reflects our belief that spending time together in the office helps us build stronger relationships, collaborate more easily, and support each other’s growth and development.

The above information on this description has been designed to indicate the general nature and level of work performed by employees within this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job. The job holder may be required to perform other duties as deemed appropriate by their manager from time to time.