Sr Cloud Security Engineer/Analyst - Exposure Management en Edward Jones
Edward Jones · Tempe, Estados Unidos De América · Hybrid
- Senior
- Oficina en Tempe
Opportunity Overview
Team Overview:
The Exposure Management Team is responsible for discovering, monitoring and communicating vulnerabilities across the firm's internal and external attack surface. This includes working with internal teams and trusted third parties to discovery, classify, and prioritize assets, then drive and monitor vulnerability remediation with the goal of reducing the attackable surface.
As a member of the Security Assessments and Configuration Management Team within Exposure Management, your objective is to support and optimize the firm's ability to assess its security posture and quickly adapt to protect the business from risk. You must be highly technical and possess at least 5 years of experience in cybersecurity across multiple security domains including governance and compliance and cloud security architecture, with intermediate knowledge of Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS).
As a team member with security experience with cloud environments, your primary responsibility will be participating with internal and external teams as the firm expands security capabilities for addressing risk and ensuring compliance throughout the entire lifecycle for cloud-native applications and infrastructure. You will participate in the design, deployment, and operation of monitoring solutions of cloud-native applications and infrastructures to ensure they align with industry best practices, firm established standards, and current business needs. As this is an advanced role, you are expected to possess administrative and troubleshooting skills, and be knowledgeable about cloud architecture, engineering, and design principles.
What You'll Do:
The Exposure Management Team is responsible for discovering, monitoring and communicating vulnerabilities across the firm's internal and external attack surface. This includes working with internal teams and trusted third parties to discovery, classify, and prioritize assets, then drive and monitor vulnerability remediation with the goal of reducing the attackable surface.
As a member of the Security Assessments and Configuration Management Team within Exposure Management, your objective is to support and optimize the firm's ability to assess its security posture and quickly adapt to protect the business from risk. You must be highly technical and possess at least 5 years of experience in cybersecurity across multiple security domains including governance and compliance and cloud security architecture, with intermediate knowledge of Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS).
As a team member with security experience with cloud environments, your primary responsibility will be participating with internal and external teams as the firm expands security capabilities for addressing risk and ensuring compliance throughout the entire lifecycle for cloud-native applications and infrastructure. You will participate in the design, deployment, and operation of monitoring solutions of cloud-native applications and infrastructures to ensure they align with industry best practices, firm established standards, and current business needs. As this is an advanced role, you are expected to possess administrative and troubleshooting skills, and be knowledgeable about cloud architecture, engineering, and design principles.
What You'll Do:
- Partner with business, technology, and security teams to maintain and enhance the firm's cloud security capabilities for cloud-native applications and infrastructure.
- Partner with security teams to identify misconfigurations and vulnerabilities, assess security risk, recommend priority, and recommend mitigations to maintain the security posture of the firm.
- Assist security teams by providing data and analysis of the security posture of cloud-native applications and infrastructures.
- Participates in the reviews of vendor capability demonstrations, proof-of concept testing, and vendor contract negotiation.
- Stay apprised of current and proposed changes impacting regulatory, privacy, and security for cloud-native applications and infrastructure Apply learned knowledge across key lines of business, including products, practices, and procedures.
- Develop and improve key metrics for demonstrating the effectiveness of the program.
- Analyze misconfigurations and vulnerabilities to determine security risk and priority.
Position Type
Home Office
Position Schedule
Full-Time
EEO Statement
Edward Jones does not discriminate on the basis of race, color, gender, religion, national origin, age, disability, sexual orientation, pregnancy, veteran status, genetic information or any other basis prohibited by applicable law.
Posting Location
Arizona, Tempe, Missouri, St. Louis
Company Description
Join a financial services firm where your contributions are valued. Edward Jones is a Fortune 500¹ company where people come first. With over 9 million clients and 20,000 financial advisors across the U.S. and Canada, we’re proud to be privately-owned, placing the focus on our clients rather than shareholder returns.
Behind everything we do is our purpose: We partner for positive impact to improve the lives of our clients and colleagues, and together, better our communities and society. We are an innovative, flexible, and inclusive organization that attracts, develops, and inspires performance excellence and a sense of belonging.
People are at the center of our partnership. Edward Jones associates are seen, heard, respected, and supported. This is what we believe makes us the best place to start or build your career.
View our Purpose, Inclusion and Citizenship Report.
¹Fortune 500, published June 2024, data as of December 2023. Compensation provided for using, not obtaining, the rating.
Behind everything we do is our purpose: We partner for positive impact to improve the lives of our clients and colleagues, and together, better our communities and society. We are an innovative, flexible, and inclusive organization that attracts, develops, and inspires performance excellence and a sense of belonging.
People are at the center of our partnership. Edward Jones associates are seen, heard, respected, and supported. This is what we believe makes us the best place to start or build your career.
View our Purpose, Inclusion and Citizenship Report.
¹Fortune 500, published June 2024, data as of December 2023. Compensation provided for using, not obtaining, the rating.
External Flexible Work Option(s)
Hybrid, Remote
Awards and Accolades
At Edward Jones, we are building a place where everyone feels like they belong. We're proud of our associates' contributions to the firm and the recognitions we have received.
Check out our U.S. awards and accolades: Insights & Information Blog Postings about Edward Jones
Check out our Canadian awards and accolades: Insights & Information Blog Postings about Edward Jones
Check out our U.S. awards and accolades: Insights & Information Blog Postings about Edward Jones
Check out our Canadian awards and accolades: Insights & Information Blog Postings about Edward Jones
Country
United States
Search Headquarters Positions by Area of Interest
TECHNOLOGY
Position Requirements
What Experience You'll Need:
**Candidates that live within in a commutable distance from our Tempe, AZ and St. Louis, MO home office locations are expected to work in the office three days per week, with preference for Tuesday through Thursday.**
- Bachelor's degree in Information Technology, Telecommunications, or Engineering is preferred or related work experience.
- 5+ years of experience in cybersecurity as a practitioner and at least 2+ years of exposure with one of the following: Amazon Web Services (AWS) or Microsoft Azure. Knowledgeable of security principles for Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
- Knowledge and understanding of misconfiguration and vulnerabilities of cloud-native applications and infrastructure.
- Experience in security operations, especially in security configuration management of cloud-native applications and infrastructure. Experience in the deployment, configuration, and/or operation of cloud security tools is considered a plus.
- Ability to work as an individual and within a fast-paced, collaborative environment.
- Familiarity with DevSecOps methodology and Agile frameworks
- Strong written and verbal communication skills since you will be required to frequently interact with business and technical stakeholders.
- Ability to apply critical thinking, analyze scenarios, consider other perspectives, factors, and dependencies to ensure an effective tactical and strategic direction to address complex problems.
- Working knowledge of various industry compliance standards, regulatory requirements and laws including but not limited to: Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR) and Gramm-Leach-Bliley Act (GLBA), ISO 27001/2, ITIL or NIST.
**Candidates that live within in a commutable distance from our Tempe, AZ and St. Louis, MO home office locations are expected to work in the office three days per week, with preference for Tuesday through Thursday.**
Salary Information
Edward Jones' compensation and benefits package includes medical and prescription drug, dental, vision, voluntary benefits (such as accident, hospital indemnity, and critical illness), short- and long-term disability, basic life, and basic AD&D coverage. Short- and long-term disability, basic life, and basic AD&D coverage are provided at no cost to associates. Edward Jones offers a 401k retirement plan, and tax-advantaged accounts: health savings account, and flexible spending account. Edward Jones observes ten paid holidays and provides 15 days of vacation for new associates beginning on January 1 of each year, as well as sick time, personal days, and a paid day for volunteerism. Associates may be eligible for bonuses and profit sharing. All associates are eligible for the firm's Employee Assistance Program. For more information on the Benefits available to Edward Jones associates, please visit our benefits page.
