Cloud Security Operations Analyst (REMOTE)

📋 Description

• • As a Cloud Security Operations Analyst at The Vanguard Group, Inc., you will be a pivotal technical authority responsible for safeguarding our Google Cloud Platform (GCP) environments. This remote role is crucial for maintaining the integrity, confidentiality, and availability of our cloud infrastructure and the sensitive data it hosts.
• • You will be at the forefront of designing, operating, and continuously enhancing our cloud threat detection, investigation, and response capabilities. A significant focus will be placed on leveraging Google Security Command Center (SCC) to its fullest potential, integrating GCP-native telemetry, and ensuring seamless operation with Cloud-Native Application Protection Platform (CNAPP) solutions.
• • Your primary objective will be to fortify our GCP security posture across enterprise-scale environments, ensuring resilience, compliance, and robust observability. This involves proactive identification of vulnerabilities, rapid response to security incidents, and continuous improvement of our security operations.
• • You will act as a subject matter expert, providing hands-on technical leadership in all aspects of cloud security operations, from initial detection of threats to their thorough investigation and effective response.
• • A key responsibility will be the design, configuration, and ongoing optimization of Google Security Command Center (SCC) findings, detectors, and risk prioritization mechanisms. This ensures that our security alerts are accurate, actionable, and aligned with our risk appetite.
• • You will be tasked with monitoring and investigating a wide array of security events. This includes meticulously analyzing GCP audit logs, VPC flow logs, workload telemetry, and behavioral indicators to detect anomalies and potential threats.
• • Proactive identification of security risks is paramount. You will identify misconfigurations, instances of identity misuse, potential workload compromises, and data exfiltration risks across all GCP projects, folders, and the organization.
• • To achieve comprehensive threat analysis, you will correlate SCC findings with data from CNAPP platforms, endpoint security solutions, and our Security Information and Event Management (SIEM) system, enabling end-to-end visibility and investigation.
• • Understanding and mapping attack paths and exposure chains within our complex GCP environments will be a critical function, allowing us to prioritize and mitigate the most significant risks.
• • You will contribute to the development and refinement of automated response playbooks. These playbooks will enable rapid containment actions, such as revoking compromised credentials, isolating vulnerable workloads, and restricting network access, thereby minimizing the impact of security incidents.
• • Leading cloud-native incident response activities will be a core duty. This encompasses the full incident lifecycle: triage, containment, eradication, and recovery, ensuring swift and effective resolution of security breaches.
• • Performing cloud forensics will be essential for in-depth analysis of security incidents. This includes examining identity activity, understanding workload behavior, and tracing data access patterns to reconstruct events and identify root causes.
• • You will be responsible for producing clear and concise investigation reports, conducting thorough root cause analyses, and formulating actionable post-incident recommendations to prevent recurrence.
• • Providing architectural guidance on secure GCP design principles is vital. This includes best practices for identity and access management (IAM), network segmentation, workload isolation, and data protection strategies.
• • You will collaborate closely with cloud engineering and development teams to embed security controls directly into CI/CD pipelines and infrastructure-as-code (IaC) workflows, promoting a DevSecOps culture.
• • Partnering with Cloud Engineering, Security Operations, and Governance teams is essential to ensure a cohesive and effective security strategy across the enterprise.
• • This role offers a unique opportunity to shape the future of cloud security at a leading financial services organization, working with cutting-edge technologies and contributing to the protection of critical assets.
• • You will be part of a dynamic and collaborative team within Global Risk and Security (GR&S), specifically the Enterprise Security and Fraud (ES&F) sub-division, dedicated to protecting Vanguard's crew, property, data, and client assets.
• • Continuous learning and professional development are encouraged, reflecting the ever-evolving landscape of cybersecurity.
• • The role is fully remote, offering flexibility and the opportunity to work from anywhere in the United States.
• • You will contribute to a strong risk culture and act as a trusted advisor, leveraging deep expertise to drive risk-informed decisions across the organization.