AVP, AWS Security Engineer

Build a career that matches your initiative with innovation. From cutting‑edge resources and a collaborative environment to freedom to make an impact, LPL Financial shapes your success while helping clients pursue their financial goals.

As the AVP, AWS Security Engineer, you will be a hands‑on senior cloud security engineer in the Security & Governance pod within the Foundations team in LPL’s Cloud Center of Excellence (CCOE). You will partner closely with the Network Engineering pod and every other CCOE team and pod to raise our cloud security posture to meet LPL’s enterprise Information Security standards and support application and infrastructure teams shipping into our AWS landing zone.

• Codify and continuously improve LPL’s cloud control library – Security Hub CSPM, AWS Config with custom conformance packs, and additional control‑management systems – and triage, investigate, and drive resolution of findings within CCOE.
• Partner with Security Engineering to jointly monitor Wiz signal, drive resolution, and coordinate with Security Hub findings.
• Contribute directly to the Account Factory for Terraform (AFT) foundational base layer, ensuring secure‑by‑default posture for all accounts.
• Support the enterprise vulnerability management department on cloud‑workload findings, providing triage, prioritization, and remediation guidance.
• Act as the security & governance partner across all CCOE teams and pods, embedding security reviews into design, code, and delivery touchpoints.
• Collaborate with the Network Engineering pod on shared network‑security controls such as segmentation, encryption, WAF, Shield, and certificate lifecycle.
• Partner with Security Architecture and Security Engineering to evaluate, pilot, and operationalize additional security solutions and ensure CCOE meets application‑team requirements.
• Translate regulatory requirements (FINRA, SEC, PCI, SOX) into automated, code‑reviewed controls; lead incident response, audit evidence collection, and post‑incident reviews.
• Embed agentic AI capabilities into engineering practice, security governance, and the platform’s self‑service experience, including AI‑assisted triage and automated control authoring.
• Operate as a hands‑on senior cloud engineer, spending majority of time in Terraform code, security tooling configuration, remediation, design reviews, and incident response.
• Participate in 24/7 on‑call rotations as a senior technical responder and escalation point for production incidents.
• Partner with peers across CCOE to align roadmaps and remove cross‑team blockers.
• Champion AWS Well‑Architected Framework adoption, focusing on the Security pillar, and drive continuous improvement against operational, reliability, and compliance outcomes.
• Raise engineering quality through code review, design partnership, and technical pairing.
• Participate in Agile/Scrum ceremonies and collaborate with the RTE and PMO on delivery commitments.
• Represent the pod’s security posture in architecture review boards, internal audit, and customer engagements.

• 7+ years of progressive technical experience including 3+ years in a senior cloud security, network security, or cloud infrastructure engineering role;
• 3+ years of hands‑on production AWS at scale in a multi‑account landing zone with strong Terraform delivery through Terraform Cloud and Git Hub Actions;
• 3+ years of senior individual‑contributor experience influencing technical direction, code review leadership, design‑review participation, and technical mentorship;
• 3+ years of personal participation in 24/7 production on‑call rotations in a fast‑paced, security‑conscious, regulated environment (financial services strongly preferred);
• 5+ years of hands‑on experience codifying cloud security controls in Security Hub CSPM and AWS Config with custom conformance packs, and awareness of the broader CSPM and control‑management landscape.

• Approach each finding as an opportunity to fix code and reduce recurring tickets;
• Serve as a governance voice, raising the bar through controls and partnership, not policing;
• Lead outcomes through partnership, code, clear technical writing, and…