AVP, Security & Governance

About The Position

Requirements

• 7+ years of progressive technical experience including 3+ years in a senior cloud security, network security, or cloud infrastructure engineering role.
• Bachelor's degree in Computer Science, Engineering, or a related discipline (or equivalent work experience).
• 3+ years of hands-on production AWS at scale in a multi-account landing zone with strong production Terraform delivered through Terraform Cloud and GitHub Actions.
• 3+ years experience operating as a senior individual contributor (AVP, Senior Engineer, Staff Engineer, or equivalent), influencing technical direction and uplifting peer engineers without direct authority.
• 3+ years experience personally participating in 24x7 production on-call rotations in a fast-paced, security-conscious, regulated environment (financial services strongly preferred).
• 5+ years hands-on production experience codifying cloud security controls in Security Hub CSPM and AWS Config (including custom conformance packs), with awareness of the broader CSPM and control-management landscape.
• Treats every security finding as a chance to fix a class of issues in code — prefers a one-time control change over a recurring ticket.
• Operates as the governance voice within an engineering organization where security is everyone's responsibility.
• Leads in a matrixed environment without direct reports: drives outcomes through partnership, code, clear technical writing, and credibility.
• Strong partnership instincts with Security Architecture, Security Engineering, and Network Engineering peers.
• Continuous learner, especially in cloud-native, IaC, platform engineering, and applied AI.
• Sets vision and translates ambiguous strategy into executable engineering roadmaps.
• Bias for self-service, automation, and reducing toil for downstream internal customers.
• Builds high-trust relationships across the US and India organization and across functions.
• Calm, decisive incident commander; fosters a strong post-incident learning culture.
• Excellent written and verbal communication, executive presence, and ability to influence without direct authority.
• Thrives in matrixed, fast-paced, regulated environments with imperfect information.

Nice To Haves

• AWS Certified Security – Specialty
• Hands-on production exposure to Wiz, Prisma Cloud, Lacework, Orca, or a comparable CNAPP / CSPM platform.
• Hands-on experience with Service Control Policies (SCPs), AWS Config conformance packs (including custom packs), and policy-as-code (Sentinel, OPA / Conftest).
• Familiarity with industry security frameworks (CIS Benchmarks, NIST 800-53, NIST CSF, FedRAMP) and translating them into automated controls.
• Hands-on experience with AWS networking primitives (VPC, Transit Gateway, PrivateLink, Network Firewall, Route 53) and the security controls that wrap them.
• Master's degree in Computer Science, Engineering, or MBA.
• Experience integrating agentic AI / GenAI tooling (Cursor, Claude Code, Copilot, Bedrock, MCP) into platform, IaC, and engineering practice.
• Strong scripting / programming proficiency in Python, Bash, or PowerShell.
• AWS Solutions Architect - Professional
• AWS Certified Generative AI Developer - Associate
• HashiCorp Certified: Terraform Associate (004) or Authoring & Operations.
• Open-source contributions, public technical writing, or conference speaking on cloud, IaC, or platform engineering topics.
• Experience with FinOps practices and cloud cost management at scale.

Responsibilities

• Codify and continuously improve LPL's cloud control library using Security Hub CSPM, AWS Config with custom conformance packs, and other evolving control-management systems.
• Triage, investigate, and drive resolution of Security Hub findings within CCOE.
• Partner with the Security Engineering team to jointly monitor Wiz signal and drive resolution of Wiz findings.
• Contribute directly to the Account Factory for Terraform (AFT) foundational base layer, ensuring security baselines are codified into the platform.
• Support the enterprise vulnerability management department on cloud-workload findings, assisting with triage, prioritization, and remediation guidance.
• Operate as the security & governance partner across all CCOE teams and pods, embedding security and governance review into design, code, and delivery processes.
• Partner closely with the Network Engineering pod on shared network-security controls.
• Collaborate with Security Architecture and Security Engineering to evaluate, pilot, and operationalize additional security solutions.
• Translate regulatory requirements (FINRA, SEC, PCI, SOX) into automated, code-reviewed controls.
• Lead cloud-security incident response within CCOE's scope as a senior responder.
• Partner with Internal Audit and Information Security on evidence collection, attestation, and audit response.
• Drive blameless post-incident reviews to achieve durable control improvements.
• Embed agentic AI capabilities into the team's engineering practice and the platform's self-service experience.
• Embed agentic AI capabilities into security governance, including AI-assisted triage and automated control authoring.
• Operate as a hands-on senior cloud engineer, focusing on Terraform code, security tooling configuration, vulnerability remediation, design reviews, and incident response.
• Personally participate in 24x7 on-call rotations as a senior technical responder.
• Partner with peer engineers and leadership across the Cloud Center of Excellence to align roadmaps and remove blockers.
• Champion AWS Well-Architected Framework adoption, with an emphasis on the Security pillar.
• Contribute to the private Terraform module library and the Account Factory for Terraform (AFT) foundational base layer.
• Raise engineering quality across the pod through code review, design partnership, and technical pairing.
• Participate in Agile/Scrum ceremonies.
• Represent the pod's security posture in architecture review boards, internal audit, and customer engagements.
• Communicate technical risk and trade-offs clearly to engineers and executives.

Benefits

• 401K matching
• health benefits
• employee stock options
• paid time off
• volunteer time off