Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
LPL Financial

AVP, AWS Security Engineer

LPL Financial

AVP, AWS Security Engineer ensuring cloud security posture at LPL Financial. Collaborating with multiple teams to raise security standards in a fast-paced environment.

Posted 6/26/2026full-timeAustin • North Carolina, Texas • 🇺🇸 United StatesLead💰 $125,145 - $208,575 per yearWebsite

Tech Stack

Tools & technologies
AWSCloudTerraform

About the role

Key responsibilities & impact
  • Codify and continuously improve LPL's cloud control library — Security Hub CSPM as today's AWS-native control system, AWS Config with custom conformance packs to express controls as code, and additional control-management systems as the landscape evolves — and triage, investigate, and drive resolution of Security Hub findings within CCOE
  • Partner with the Security Engineering team within LPL's enterprise Information Security organization (a peer of Security Architecture), which manages Wiz, to jointly monitor Wiz signal and drive resolution of Wiz findings, recognizing that Wiz and Security Hub findings frequently diverge
  • Contribute directly to the Account Factory for Terraform (AFT) foundational base layer — security-control modules, Service Control Policies, AWS Config conformance packs, and reference patterns — so the secure-by-default posture is a property of the platform every account inherits
  • Support LPL's enterprise vulnerability management department on cloud-workload findings: assist with triage, prioritization, and remediation guidance for findings that originate in or affect AWS, without owning vulnerability management end-to-end
  • Operate as the security & governance partner across every CCOE team and pod — Foundations (FinOps, Functional Design Engineering & Strategy, Network Engineering, Monitoring), Platforms, Containers, Support, and Delivery — since Security & Governance is involved in every aspect of CCOE; embed security and governance review into design, code, and delivery touchpoints
  • Partner closely and day-to-day with the Network Engineering pod within Foundations (VP, AVP, and engineers) on shared network-security controls: segmentation and micro-segmentation, ingress/egress inspection, encryption in transit, WAF, Shield, and certificate lifecycle
  • Collaborate cross-organization with Security Architecture and Security Engineering — peer teams within LPL's Information Security organization — to evaluate, pilot, and operationalize additional security solutions (CNAPP, CSPM, CWPP, runtime defense, DSPM, secrets scanning) and to ensure CCOE's posture meets InfoSec and application-team requirements
  • Translate regulatory requirements (FINRA, SEC, PCI, SOX) into automated, code-reviewed controls; lead cloud-security incident response within CCOE's scope as a senior responder; partner with Internal Audit and Information Security on evidence collection, attestation, and audit response; drive blameless post-incident reviews to durable control improvements
  • Embed agentic AI capabilities into the team's engineering practice (e.g., Cursor, Claude Code, Bedrock, MCP servers, agentic IaC and review workflows) and into the platform's self-service experience for internal customers
  • Embed agentic AI capabilities into security governance: AI-assisted triage of Security Hub and Wiz findings, automated control authoring (Terraform and AWS Config conformance pack drafts from natural-language intent), conversational interfaces for control inquiries, and MCP-backed agents that join Security Hub, AWS Config, Wiz signal, and Terraform context into one queryable view
  • Operate as a hands-on senior cloud engineer: spend the majority of your time in Terraform code, security tooling configuration, vulnerability remediation, design reviews, peer reviews, and incident response — hands-on engineering is the primary leverage point
  • Personally participate in 24x7 on-call rotations as a senior technical responder and escalation point for production incidents
  • Partner with peer engineers, AVPs, and VPs across the Cloud Center of Excellence — the five CCOE teams (Foundations, Platforms, Containers, Support, Delivery) and the five Foundations pods (Security & Governance, FinOps, Functional Design Engineering & Strategy, Network Engineering, Monitoring) — to align roadmaps and remove cross-team and cross-pod blockers
  • Champion AWS Well-Architected Framework adoption (with emphasis on the Security pillar) and drive continuous improvement against operational, security, reliability, and compliance outcomes
  • Contribute to the private Terraform module library and the Account Factory for Terraform (AFT) foundational base layer, including security-control modules and reference patterns
  • Raise engineering quality across the pod through code review, design partnership, and technical pairing — acting as a force multiplier without direct reports
  • Participate in Agile/Scrum ceremonies (sprint planning, standups, backlog grooming, retrospectives) and partner with the RTE and PMO on delivery commitments and dependencies
  • Represent the pod's security posture in architecture review boards, internal audit, and customer engagements; communicate technical risk and trade-offs clearly to engineers and to non-technical executives

Requirements

What you’ll need
  • 7+ years of progressive technical experience including 3+ years in a senior cloud security, network security, or cloud infrastructure engineering role
  • Bachelor's degree in Computer Science, Engineering, or a related discipline (or equivalent work experience)
  • 3+ years of hands-on production AWS at scale in a multi-account landing zone with strong production Terraform delivered through Terraform Cloud and GitHub Actions
  • 3+ years experience operating as a senior individual contributor (AVP, Senior Engineer, Staff Engineer, or equivalent), influencing technical direction and uplifting peer engineers without direct authority — including code review leadership, design-review participation, and technical mentorship
  • 3+ years experience personally participating in 24x7 production on-call rotations in a fast-paced, security-conscious, regulated environment (financial services strongly preferred)
  • 5+ years hands-on production experience codifying cloud security controls in Security Hub CSPM and AWS Config (including custom conformance packs), with awareness of the broader CSPM and control-management landscape (Wiz, Prisma Cloud, Lacework, Orca) and how those systems integrate with Security Hub

Benefits

Comp & perks
  • 401K matching
  • health benefits
  • employee stock options
  • paid time off
  • volunteer time off

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
AWSTerraformSecurity Hub CSPMAWS Configvulnerability remediationcloud security controlsnetwork securityincident responseAgilecode review
Soft Skills
technical mentorshipinfluencing technical directioncommunicationcollaborationproblem-solvingleadershipcross-team alignmentdesign partnershipblameless post-incident reviewsstakeholder engagement
Certifications
Bachelor's degree in Computer ScienceBachelor's degree in Engineeringrelated discipline degree