Vice President, Cloud Security Engineer

Cloud Security Engineer

At BNY, our culture allows us to run our company better and enables employees' growth and success. As a leading global financial services company at the heart of the global financial system, we influence nearly 20% of the world's investible assets. Every day, our teams harness cutting-edge AI and breakthrough technologies to collaborate with clients, driving transformative solutions that redefine industries and uplift communities worldwide.

Recognized as a top destination for innovators, BNY is where bold ideas meet advanced technology and exceptional talent. Together, we power the future of finance - and this is what #LifeAtBNY is all about. Join us and be part of something extraordinary.

We're seeking a future team member for the role of Vice President, Cloud Security Engineer to join our Cloud Security team. This role is located in New York, NY or Pittsburgh, PA.

In this role, you'll make an impact in the following ways:

• Support implementation and continuous improvement of cloud security controls across infrastructure, platform, and application environments in AWS, Azure, or GCP.
• Support enablement of AI for cloud security by promoting AI use cases that improve security outcomes.
• Drive security integration into CI/CD pipelines and infrastructure delivery processes to ensure secure-by-design and secure-by-default deployment models.
• Support implementation efforts for container, Kubernetes, API, and cloud-native workload security controls.
• Drive the operational maturity of Cloud Security Posture Management (CSPM) capabilities to identify misconfigurations, policy violations, excessive permissions, exposed assets, and control drift.
• Partner with engineering and cyber teams to optimize Wiz and similar CSPM/CNAPP platforms, including workflow integration, prioritization, remediation support, and reporting.
• Implement policy-as-code, automated guardrails, and infrastructure-as-code patterns to improve control consistency and reduce manual processes.
• Partner with cloud architects and governance stakeholders to improve standards adoption, exception handling, and control coverage.
• Maintain and improve documentation for cloud security standards, design patterns, engineering procedures, and operating guidance.

To be successful in this role, we're seeking the following:

• 6-10 years of experience in cloud security engineering, security engineering, DevSecOps, infrastructure security, or a related technical security role.
• Proven experience as an AI enabler for cloud security by identifying, assessing, and promoting AI use cases.
• Experience with security automation, orchestration, analytics, and AI-driven security tooling.
• Hands-on experience working with and securing workloads in AWS, Azure, or GCP.
• Working knowledge of cloud security principles across IAM, networking, encryption, logging, secrets management, workload protection, and secure service configuration.
• Experience implementing security controls for cloud-native services and modern application environments.
• Familiarity with Cloud Security Posture Management (CSPM) concepts and tools such as Wiz.
• Experience with cloud-native policy and posture tools, including Azure Policy and Microsoft Defender for Cloud.
• Experience with Infrastructure as Code and automation using tools such as Terraform.
• Exposure to container and Kubernetes security, API security, or vulnerability management is a plus.
• Strong problem-solving, collaboration, and technical communication skills.
• Bachelor's degree in computer science, engineering, cybersecurity, or related discipline, or equivalent practical experience.

Preferred qualifications:

• Familiarity with CIS Benchmarks, CSA CCM, OWASP, or NIST CSF.
• Relevant certifications such as AWS Security Specialty, Azure Security Engineer Associate, Google Professional Cloud Security Engineer, or CCSP.

Core responsibilities by domain

Cloud security engineering

• Support implementation of cloud security controls across supported cloud platforms.
• Implement and maintain cloud security controls across supported platforms with Cloud native policies, WIZ rules.
• Able to fluently work with KQL, WIZ, Splunk, Azure Policies, bash, Powershell, gcloud, Terraform, Log Analytics, Microsoft Sentinel, Gitlab - All development tools fluently in an enterprise setting.
• Work with platform, DevOps, architecture, and application teams to embed security into engineering workflows.
• Promote adoption of automated controls, secure design patterns, and policy enforcement.

Engineering partnership

Cloud security strategy and governance

• Contribute to standards adoption, remediation governance, exception handling, and security maturity efforts.

Cloud security posture management

• Implement and support posture management processes across third-party tools as such as WIZ and cloud-native capabilities.
• Support detection, prioritization, and remediation of misconfigurations.

AI Security

• Act as an AI enabler by identifying opportunities to apply AI to strengthen cloud security outcomes.
• Support implementation of AI capabilities to improve threat detection, posture analysis, risk prioritization, and security operations efficiency.
• Help streamline cloud security tooling, processes, and workflows through intelligent automation and AI-driven insights.
• Promote practical and responsible use of AI as a force multiplier for cloud security effectiveness, scalability, and operational maturity

What success looks like

• Cloud security controls are implemented consistently, effectively, and at scale.
• AI is integrated into all processes and controls in suppor to increase controls effectiveness and streamline operational efforts
• Security is embedded into engineering and deployment workflows with reduced manual effort.
• Posture management findings are better prioritized, more actionable, and more effectively remediated.
• Wiz, cloud-native policies, and automation capabilities work together to improve visibility and reduce cloud risk.
• Cloud control implementations demonstrate alignment to NIST SP 800-53 and enterprise standards.
• Engineering teams adopt secure patterns more consistently with fewer design and control exceptions.
• Governance and audit stakeholders receive clearer technical support, evidence, and remediation transparency.

At BNY, our culture speaks for itself, check out the latest BNY news at:
[BNY Newsroom]
[BNY LinkedIn]

Here's a few of our recent awards:

• America's Most Innovative Companies, Fortune, 2025
• World's Most Admired Companies, Fortune 2025
• "Most Just Companies", Just Capital and CNBC, 2025

Our Benefits and Rewards:
BNY offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life's journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves, including paid volunteer time, that can support you and your family through moments that matter.

BNY is an Equal Employment Opportunity/Affirmative Action Employer - Underrepresented racial and ethnic groups/Females/Individuals with Disabilities/Protected Veterans.

BNY assesses market data to ensure a competitive compensation package for our employees. The base salary for this position is expected to be between $83,000 and $209,000 per year at the commencement of employment. However, base salary if hired will be determined on an individualized basis, including as to experience and market location, and is only part of the BNY total compensation package, which, depending on the position, may also include commission earnings, discretionary bonuses, short and long-term incentive packages, and Company-sponsored benefit programs.

This position is at-will and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation) at any time, including for reasons related to individual performance, change in geographic location, Company or individual department/team performance, and market factors.