Are you a team player? Are you curious to learn? Are you interested in working on meaningful projects? Do you want to work with cutting-edge technology? Are you interested in being part of an innovative team that builds products which are transforming the organization? If so, LPL Financial is the place for you!
LPL Financial (Nasdaq: LPLA) was founded on the principle that the firm should work for the advisor, and not the other way around. Today, LPL is a leader in the markets we serve, supporting more than 22,000 financial advisors, 1,100 institution-based investment programs, and 500 independent RIA firms nationwide. We are steadfast in our commitment to the advisor-centered model and the belief that Americans deserve access to personalized guidance from a financial advisor. At LPL, independence means that advisors have the freedom they deserve to choose the business model, services, and technology resources that allow them to run their perfect practice. And they have the freedom to manage their client relationships, because they know their clients best. Simply put, we take care of our advisors, so they can take care of their clients.
Job Overview:
As a member of the Information Security team, the Principal Cloud Code Security Engineer will be responsible for developing, maturing, and sustaining the Cloud Security program with an emphasis on Infrastructure as Code security. This position will partner with the Application Security, Cloud Engineering/Operations, and Security Engineering teams to ensure that company private cloud resources are securely deployed through established automated pipelines.
Responsibilities:
- Implement and maintain appropriate controls within the CI/CD pipelines used to deploy cloud resources to ensure that resources are securely designed and deployed.
- Review Infrastructure as Code scripts and code repositories using Terraform to identify potential security issues or noncompliance with coding best practices.
- Implement and maintain tools to perform automated security scanning/analysis of Infrastructure as Code, containers, and serverless functions.
- Review security scan results and work with Application Development and Cloud Engineering teams to prioritize remediation efforts, review potential false positives and evaluate potential mitigating factors.
- Produce and track routine reports/metrics on security vulnerabilities, coding deficiencies, and exposures.
- Mentor and educate other teams within the organization on secure development and cloud security best practices.
- Monitor and review CVEs, and industry developments, and provide inputs for continuous improvement.
- Work with Internal Audit, IT Governance, IT Compliance and other key stakeholder groups on specific projects to ensure compliance with applicable regulatory requirements.
- Act as an SME in the area of Cloud and Code Security.
What are we looking for?
We want strong collaborators who can deliver a world-class client experience . We are looking for people who thrive in a fast-paced environment, are client-focused, team oriented , and are able to execute in a way that encourages creativity and continuous improvement .
Requirements:
- 8+ years of Cloud experience specifically working with AWS and Azure environments.
- 6+ years of experience specifically working with Infrastructure as Code (Terraform) and helping to secure automated Cloud deployment pipelines.
- 5+ years of experience using Cloud Security and IAC scanning tools including Prisma Code Security or similar tools.
- 5+ years of experience with reviewing and analyzing vulnerabilities, including cloud-related issues, and tracking closure of vulnerabilities.
Preferences:
- Bachelor’s Degree or equivalent in Information Security, Engineering, or Computer Science.
- Experience developing Infrastructure as Code using tooling such as Terraform, Cloud Formation, or HashiCorp.
- Expert-level knowledge in securing Infrastructure as Code scripts and Cloud resource deployments.
- Expert-level knowledge of the major Cloud platforms and their associated resources, common cloud misconfigurations/vulnerabilities and how to securely deploy each resource type.
- Experience working with Cloud Security Posture Management (CSPM) technologies such as Wiz, Prisma, Laceworks, Orca and Compute Security tools such as Twistlock and Aquasec.
Pay Range: $143,100.00 - $238,500.00. Actual base salary varies based on factors, including but not limited to, relevant skill, prior experience, education, base salary of internal peers, demonstrated performance, and geographic location. Additionally, LPL Total Rewards package is highly competitive, designed to support your success at work, at home, and at play – such as 401K matching, health benefits, employee stock options, paid time off, volunteer time off, and more. Your recruiter will be happy to discuss all that LPL has to offer!
Information on Interviews:
LPL will only communicate with a job applicant directly from an @lplfinancial.com email address and will never conduct an interview online or in a chatroom forum. During an interview, LPL will not request any form of payment from the applicant, or information regarding an applicant’s bank or credit card. Should you have any questions regarding the application process, please contact LPL’s Human Resources Solutions Center at (855) 575-6947.
#J-18808-Ljbffr