We are a leading global asset management firm with over 3,000 employees across 20 offices in 15 countries; we help millions of investors around the world pursue their financial goals.
We hire critical thinkers. People who thrive in a collaborative culture like ours where we solve real problems while building the future of finance.
You
Are excited to be part of a vibrant engineering community that values diversity, hard work, and continuous learning.
Love solving complex real-world business problems.
Recognize that cross-functional collaboration is a core component of success for the team.
Believe there are multiple ways to solve most technical problems and are willing to debate the trade-offs.
Have become a stronger engineer by making mistakes and learning from them.
Are a doer, someone who wants to grow their career and gain experience across technologies and business functions.
We
Continuously invest in a high-performance and inclusive culture, in which a diversity of backgrounds, experiences and viewpoints are celebrated and valued.
Encourage career mobility, so you can benefit from learning different functions and technologies, and we gain the benefits of your experience across teams.
Run technology pro bono programs that help the non-profit community and give our engineering community opportunities to volunteer and participate.
Offer education reimbursements and ongoing training in technology, communication, and diversity & inclusion.
Embrace knowledge sharing through lunch-and-learns, demos, and technical forums.
Consider our people to be our greatest asset—we will help you learn what PIMCO Technology has to offer so you can participate in activities that benefit your career while delivering impactful technology solutions.
The PIMCO Information and Cybersecurity Organization is looking to hire a Senior Security Engineer with a detailed understanding of cloud security methodologies that can apply to multiple cloud environments including AWS, Azure, and GCP. The Senior Security Engineer is expected to have a meticulous attention to detail, outstanding problem-solving skills, work comfortably under pressure and deliver on tight deadlines. This role will create public CSP-focused Cybersecurity standards and guidance for services, review and consult on application systems destined for or already residing in the cloud, apply risk-based prioritization and decisions, and implement automated controls within public cloud providers. This role reports to the VP of Application and Cloud Security.
Senior Security Engineer Responsibilities:
Applying Security-as-Code principles
Supporting the development or integration of security tools, leveraging various programming languages and open source solutions as needed.
Assisting with the architecture and design of API Security, Container Security, AWS, Azure, and Google Cloud Security.
Developing the automation of security and compliance
Implementing security features and monitoring tools, performing periodic security assessments to verify best practice configuration and secure systems hardening in the cloud
Responding swiftly to new and emerging security threats and vulnerabilities with the cloud
Where required, investigate suspected attacks and help manage security incidents including providing post-mortem analysis, identify causes, develop solutions and preventive measures.
Daily administrative tasks, reporting and communication with the relevant departments in the organization.
Sustain a cloud-focused security model that spans preventative, detective, and corrective controls.
Implement processes and technologies that reduce cloud security deficiencies and help develop creative reporting mechanisms including metrics/key themes that communicate risk to business owners and leadership.
Participate in development and implementation of cloud security standards and cloud service certification.
Work with and influence stakeholders regarding technology controls and risk mitigation techniques related to public cloud service providers.
Participate in defining secure cloud design and deployment, secure configuration practices, and using appropriate technology solutions, controls and practices as needed.
Conduct research to identify new attack vectors facing cloud services.
Support data protection strategies and standards.
Demonstrate a commitment to integrity, process improvement, and customer satisfaction.
Top candidates will be comfortable applying Security-as-Code principles across the board to improve security of the product suite, while providing mentoring and best practices to the teams.This is a role focused on automation, process, and necessary tools to support service enablement and security management for PIMCO’s cloud environments.
Position Requirements:
A degree in Computer Science, IT, Systems Engineering or a related qualification or experience
Expertise with AWS and experience with at least one other major cloud service provider
Experience putting the “Sec” into DevSecOps
Technically adept and comfortable with one or more programming languages, Python or Go are preferred
Technically adept and comfortable with one or more policy-as-code languages such as Rego or Sentinel
Experience writing, building, and shipping cloud-native software using CI/CD
Expertise in infrastructure as code (IaC) technology and principles
Working knowledge of at least two cybersecurity control domains and their applicability to the cloud
Strong attention to detail with an analytical mind and outstanding problem-solving skills.
Great awareness of cybersecurity trends.
Creating innovative solutions to meet our company’s technical security needs
Develop company-wide best practices for IT security.
Research security enhancements and make recommendations to management
Experience with application/system/infrastructure security monitoring and applicable toolsets
Exceptional administrative, organizational, and problem-solving skills
Strong technical knowledge of secure engineering principles, privacy (DPA/GDPR) and compliance law, standards, and frameworks (OWASP/ISO/CIS/ISF/NIST/CSA)
Desired Certifications, but not required: CCSP, CCSK, AWS Certified Security – Specialty, AWS Certified SA – Professional, Microsoft Certified: Azure Security Engineer Associate, Microsoft Certified: Cybersecurity Architect Expert, GCP Professional Cloud Security Engineer, CKS
PIMCO follows a total compensation approach when rewarding employees which includes a base salary and a discretionary bonus. Base salary is the fixed component of compensation that is determined by core job responsibilities, relevant experience, internal level, and market factors. The discretionary bonus is used to award performance and therefore is determined by company, business, team, and individual performance.
Salary Range: $ 114,000.00 - $ 135,000.00
Equal Employment Opportunity and Affirmative Action Statement
PIMCO recruits and hires qualified candidates without regard to race, national origin, ancestry, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), sexual orientation, gender (including gender identity and expression), age, military or veteran status, disability (physical or mental), any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity and affirmative action, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other basis such as medical condition, or marital status under applicable laws.
Applicants with Disabilities
PIMCO is an Equal Employment Opportunity/Affirmative Action employer. We provide reasonable accommodation for qualified individuals with disabilities, including veterans, in job application procedures. If you have any difficulty using our online system due to a disability and you would like to request an accommodation, you may contact us at 949-720-7744 and leave a message. This is a dedicated line designed exclusively to assist job seekers with disabilities to apply online. Only messages left for this purpose will be considered. A response to your request may take up to two business days.