Senior Engineer

About Invesco

Invesco is a leading independent global investment firm dedicated to rethinking possibilities for our clients and delivering a wide range of investment strategies and vehicles worldwide.

• Flexible paid time off
• Hybrid work schedule
• 401(k) matching of 100% up to the first 6% with a discretionary supplemental contribution
• Health & wellbeing benefits
• Parental leave benefits
• Employee stock purchase plan

Responsible for execution of Invesco’s enterprise vulnerability and security patch management capability across hybrid and cloud-native infrastructure. The role focuses on reducing material risk at scale through automation-first engineering, high-fidelity data, and AI-assisted prioritization, enabling faster, smarter remediation decisions across complex environments.

• Oversee execution of vulnerability lifecycle automation (on-prem and cloud).
• Ensure accuracy and enrichment of vulnerability and asset data to improve prioritization and ownership.
• Develop meaningful metrics and advance AI-assisted risk scoring, forecasting, and remediation decision support.
• Collaborate with infrastructure, cloud, and platform engineering teams and global security teams.
• Act as subject matter expert on security patch deployment methodologies and tools based on best industry practice.
• Conduct risk assessment, deployment activities, scheduling, and prioritization.
• Use AI tools to classify, enrich, prioritize security data, and detect anomalies and trends.
• Report progress on compliance and contribute to metric reports tracking team success.
• Drive accountability to maintain a zero-breach compliance risk profile.
• Identify opportunities to improve processes and tools to increase capacity or reduce time to close vulnerabilities.
• Provide technical assistance and lead response to audit reports, including creation of professional documents for senior executives.
• Mentor and guide team members; deputize in absence of line manager while acting as technical lead on cross‑team initiatives.
• Drive a culture of continuous improvement, experimentation, and lead projects/initiatives as required.

• 8‑10+ years of experience in an infrastructure environment.
• Experience managing cyclical security deployment programs.
• Experience with Microsoft operating systems, CISCO networks, UNIX/Redhat, and financial services industry for a minimum of 5 years.
• Superior written and oral communication skills in a global enterprise organization.
• 5+ years managing legacy Microsoft Endpoint Management (MECM).
• Use, management, and interpretation of security scanning tools such as Wiz and Qualys.
• Practical experience prioritizing remediation plans based on risk score classifications.
• Designing and implementing automation pipelines for patch orchestration, validation, reporting, and exception handling.
• Apply AI/ML techniques to identify duplicate, inaccurate, or noisy vulnerability data, including forecasting emerging exploit-based risks.
• API-first mindset, advanced scripting and automation in Power Shell, Python, Microsoft Power Automate.
• Knowledge of Service Now and ITIL framework.
• Strong PowerBI skills and advanced use of Office 365, especially Excel for extensive data manipulation.
• Proven automation/scripting skills to enable enterprise-wide deployments or related methodologies.
• Ability to interpret and recommend vulnerability risk across multiple technology platforms.
• Experience working within regulated change management environments with focus on risk and impact.

• Red Hat Satellite Server experience.
• Deep hands‑on experience across enterprise cloud environments such as AWS and Microsoft Azure/M365 (Intune).
• Solid understanding of vulnerability industry standard scoring mechanisms such as CVSS, EPSS, KEV.
• Proven ability to improve fidelity of vulnerability and asset data across CMDB, cloud discovery, and scanner output.
• Building and maintaining PowerBI dashboards for analytical insight that drives action.
• Industry‑recognized cloud platform certifications (foundational/associate/advanced) in Microsoft 365, Windows Server, Azure, Microsoft Certified:
  Security Operations Analyst, AWS Foundation/Associate/Professional, AWS Certified Security Specialist/Dev Ops/Solutions Architect.

Full‑time, exempt employee. Expectation to be present at the office at least four full days per week, in accordance with Invesco’s workplace model effective October 1, 2025.

We are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender identity, sexual orientation, marital status, national origin, citizenship, disability, age, or veteran status. Our equal‑opportunity employment efforts comply with all applicable U.S. state and federal laws governing non‑discrimination in employment.