About Invesco

As one of the worlds leading independent global investment firms Invesco is dedicated to rethinking possibilities for our clients. By delivering the combined power of our distinctive investment management capabilities we provide a wide range of investment strategies and vehicles to our clients around the world. If youre looking for challenging work intelligent colleagues and exposure across a global footprint come explore your potential at Invesco.

The Department

Our Information Security department is to protect Invescos information and Information assets from all internal and external deliberate or accidental threats. The information security team will protect data from unauthorized access while maintaining the confidentiality integrity and availability of addition designing and maintaining the Security Policies and Standards while adhering to legislative and regulatory requirements providing information security training for all employees and ensuring the business continuity of Invesco.

Your Role

Principal Engineer Cloud Security will work closely with technology and application teams to help them secure their cloud this role you will partner with Infrastructure teams to provide secure cloud requirements and ensure the solutions and infrastructure are securely designed developed and implemented while enforcing conformity with technical standards and approved cloud security architectures that align to regulatory and compliance standards.

You will be responsible for:

• Designing configuring and implementing secure solutions for the firms global cloud infrastructure in partnership with architects and engineering teams.

• Defining cloud security technical requirements including IAM network segmentation data protection container security workload protection CI/CD security Kubernetes microservices SIEM integrations and more.

• Developing security patterns and controls for Data Loss Prevention (DLP) across cloud endpoint and SaaS environmentsincluding policies detection tuning and data governance alignment.

• Driving SaaS Security strategy including secure configuration baselines CASB/CSPM integrations continuous monitoring and thirdparty SaaS risk assessment.

• Strategizing and maturing cloud security solutions to improve compliance with the NIST Cybersecurity Framework Cloud Security Alliance guidance and Invesco policies.

• Developing and deploying infrastructureascode to automate and optimize cloud security controls.

• Providing technical support for patches upgrades incident response and operational improvements.

• Performing security threat modeling and design reviews for emerging cloud and SaaS technologies.

The experience you bring:

• 10 years of information security experience supporting enterprisescale security engineering and architecture programs.

• 5 years designing and implementing enterprise cloud security solutions across AWS Azure Oracle and other major cloud providers.

• Experience with Terraform for deployment automation orchestration and security configuration management.

• Proficiency in scripting (Python PowerShell JSON).

• Experience developing and institutionalizing security standards blueprints and patterns aligned to frameworks such as SOX CSA-CCM DORA NIST ISO GDPR and SOC1/2.

• Handson experience with Data Loss Prevention programs including policy creation tuning incident handling and integrating DLP with cloud and SaaS platforms.

• Experience with SaaS Security technologies such as CASB SSPM (SaaS Security Posture Management) and SaaS risk assessment frameworks.

• Knowledge of cloud and endpoint security tools such as CrowdStrike and Wiz.

• Handson experience with AWS native security services including Control Tower CloudWatch GuardDuty CloudTrail Config Lambda Trusted Advisor AWS Organizations Transit Gateway AWS SSO and others.

• Extensive experience with AWS services including EC2 IAM Route53 SSM S3 EFS EBS ELB EKS ECS Lambda CloudFormation CloudFront DynamoDB Athena Kinesis and more.

• 5 years working in DevOps environments with applied Agile practices.

• Experience conducting threat modeling for cloud and SaaS technologies.

• Willingness to travel domestically and internationally as needed.

• Bachelors Degree in MIS or Computer Science preferred or equivalent work experience.

• Preferred certifications: CISSP CCSP CCSK.

• Preferred cloud provider certifications (AWS Azure GCP).

#LI-SD1

Full Time / Part Time

Worker Type

Job Exempt (Yes / No)

Workplace Model

Pursuant to Invescos Workplace Policy employees are expected to comply with the firms most current workplace model which as of October 1 2025 includes spending at least four full days each week working in an Invesco office. This reflects our belief that spending time together in the office helps us build stronger relationships collaborate more easily and support each others growth and development.

The above information on this description has been designed to indicate the general nature and level of work performed by employees within this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties responsibilities and qualifications required of employees assigned to this job. The job holder may be required to perform other duties as deemed appropriate by their manager from time to time.

Invescos culture of inclusivity and its commitment to diversity in the workplace are demonstrated through our people practices. We are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race creed color religion sex gender gender identity sexual orientation marital status national origin citizenship status disability age or veteran status. Our equal opportunity employment efforts comply with all applicable U.S. state and federal laws governing non-discrimination in employment.