About Invesco

As one of the world’s leading independent global investment firms, Invesco is dedicated to rethinking possibilities for our clients. By delivering the combined power of our distinctive investment management capabilities, we provide a wide range of investment strategies and vehicles to our clients around the world. If you're looking for challenging work, intelligent colleagues, and exposure across a global footprint, come explore your potential at Invesco.

What’s in it for you?

Our people are at the very core of our success. Invesco employees get more out of life through our comprehensive compensation and benefit offerings including:

• Flexible paid time off

• Hybrid work schedule

• 401(K) matching of 100% up to the first 6% with a discretionary supplemental contribution

• Health & wellbeing benefits

• Parental Leave benefits

• Employee stock purchase plan

Job Description

The Department

Our Information Security department is to protect Invesco’s information and Information assets from all internal and external, deliberate, or accidental threats. The information security team will protect data from unauthorized access while maintaining the confidentiality, integrity, and availability of information. In addition, designing and maintaining the Security Policies and Standards while adhering to legislative and regulatory requirements, providing information security training for all employees, and ensuring the business continuity of Invesco.

Your Role

Principal Engineer Cloud Security will work closely with technology and application teams to help them secure their cloud environment. In this role, you will partner with Infrastructure teams to provide secure cloud requirements, and ensure the solutions and infrastructure are securely designed, developed, and implemented, while enforcing conformity with technical standards and approved cloud security architectures that align to regulatory and compliance standards.

You will be responsible for:

• Designing, configuring, and implementing secure solutions for the firm’s global cloud infrastructure in partnership with architects and engineering teams.

• Defining cloud security technical requirements, including IAM, network segmentation, data protection, container security, workload protection, CI/CD security, Kubernetes, microservices, SIEM integrations, and more.

• Developing security patterns and controls for Data Loss Prevention (DLP) across cloud, endpoint, and SaaS environments—including policies, detection tuning, and data governance alignment.

• Driving SaaS Security strategy, including secure configuration baselines, CASB/CSPM integrations, continuous monitoring, and third‑party SaaS risk assessment.

• Strategizing and maturing cloud security solutions to improve compliance with the NIST Cybersecurity Framework, Cloud Security Alliance guidance, and Invesco policies.

• Developing and deploying infrastructure‑as‑code to automate and optimize cloud security controls.

• Providing technical support for patches, upgrades, incident response, and operational improvements.

• Performing security threat modeling and design reviews for emerging cloud and SaaS technologies.

The experience you bring:

• 10+ years of information security experience supporting enterprise‑scale security engineering and architecture programs.

• 5+ years designing and implementing enterprise cloud security solutions across AWS, Azure, Oracle, and other major cloud providers.

• Experience with Terraform for deployment automation, orchestration, and security configuration management.

• Proficiency in scripting (Python, PowerShell, JSON).

• Experience developing and institutionalizing security standards, blueprints, and patterns aligned to frameworks such as SOX, CSA-CCM, DORA, NIST, ISO, GDPR, and SOC1/2.

• Hands‑on experience with Data Loss Prevention programs, including policy creation, tuning, incident handling, and integrating DLP with cloud and SaaS platforms.

• Experience with SaaS Security technologies, such as CASB, SSPM (SaaS Security Posture Management), and SaaS risk assessment frameworks.

• Knowledge of cloud and endpoint security tools such as Crowd Strike and Wiz.

• Hands‑on experience with AWS native security services including Control Tower, CloudWatch, GuardDuty, CloudTrail, Config, Lambda, Trusted Advisor, AWS Organizations, Transit Gateway, AWS SSO, and others.

• Extensive experience with AWS services including EC2, IAM, Route53, SSM, S3, EFS, EBS, ELB, EKS, ECS, Lambda, CloudFormation, CloudFront, DynamoDB, Athena, Kinesis, and more.

• 5+ years working in DevOps environments with applied Agile practices.

• Experience conducting threat modeling for cloud and SaaS technologies.

• Willingness to travel domestically and internationally as needed.

• Bachelor’s Degree in MIS or Computer Science preferred, or equivalent work experience.

• Preferred certifications: CISSP, CCSP, CCSK.

• Preferred cloud provider certifications (AWS, Azure, GCP).

Full Time / Part Time

Full time

Worker Type

Employee

Job Exempt (Yes / No)

Yes

Workplace Model

Pursuant to Invesco’s Workplace Policy, employees are expected to comply with the firm’s most current workplace model, which as of October 1, 2025, includes spending at least four full days each week working in an Invesco office. This reflects our belief that spending time together in the office helps us build stronger relationships, collaborate more easily, and support each other’s growth and development.

The above information on this description has been designed to indicate the general nature and level of work performed by employees within this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job. The job holder may be required to perform other duties as deemed appropriate by their manager from time to time.

Invesco's culture of inclusivity and its commitment to diversity in the workplace are demonstrated through our people practices. We are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender, gender identity, sexual orientation, marital status, national origin, citizenship status, disability, age, or veteran status. Our equal opportunity employment efforts comply with all applicable U.S. state and federal laws governing non-discrimination in employment.