• Tier-3 Network & Security Ownership: Resolve complex connectivity and security-related incidents, driving root cause analysis (RCA) and remediation across the network and security stack. • Operational Readiness: Ensure readiness for network/security changes by managing monitoring/alerting, validation steps, rollback strategies, and runbooks. • Technical Coordination: Collaborate with Kubernetes, Data, and Storage SMEs to resolve cross-domain production issues and application impacts caused by network constraints. • Automation: Reduce operational toil and improve stability by automating standard operational procedures and remedial processes. • Compliance Consulting: Advise on operational controls, including logging/monitoring evidence, access enforcement patterns, and vulnerability handling coordination. • Deployment Validation: Define and enforce quality assurance measures and documentation for deployment artifacts to ensure high-quality service delivery. • Security Enforcement: Implement logging strategies to support audit requirements and perform routine security scans to remediate vulnerabilities.

• Design and implement security measures for full-stack applications • Develop and maintain secure CI/CD pipelines • Conduct threat modeling and implement least privilege principles • Collaborate with cross-functional teams on security best practices • Lead security initiatives for flagship projects • Support ongoing and future audits for various compliance frameworks • Mentor junior engineers on security best practices

Our vision for the future is based on the idea that transforming financial lives starts by giving our people the freedom to transform their own. We have a flexible work environment, and fluid career paths. We not only encourage but celebrate internal mobility. We also recognize the importance of purpose, well-being, and work-life balance. Within Empower and our communities, we work hard to create a welcoming and inclusive environment, and our associates dedicate thousands of hours to volunteering for causes that matter most to them. Chart your own path and grow your career while helping more customers achieve financial freedom. Empower Yourself. ***Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment visa at this time, including CPT/OPT.*** The Cloud Security Engineer will manage and secure cloud infrastructure environments by implementing and maintaining secure, reliable, and scalable cloud network architectures. This role focuses on AWS and Azure, applying strong expertise in cloud security controls, networking, and firewalls to protect systems against evolving threats while supporting operational performance and resilience. What you will do: - Implement and manage secure cloud network infrastructure to support performance, security, scalability, and reliability. - Partner with development teams to integrate security measures and best practices into the development lifecycle. - Architect secure and resilient AWS and Azure environments aligned with industry standards and compliance requirements. - Design and implement security controls and policies to reduce unauthorized access, data breaches, and related risks. - Collaborate with cross-functional teams to support timely resolution of security incidents and security-related issues. - Create and maintain Terraform scripts to provision and manage infrastructure resources using Infrastructure-as-Code (IaC). - Stay current on security best practices, network technologies, and cloud services, and apply improvements to the environment. - Train and guide junior team members on security practices and technologies. What you will bring: - Bachelor’s degree in Computer Science, Information Technology, or a related field. - Proven experience designing, implementing, and managing network infrastructure, particularly in innovation lab or cloud development environments. - Extensive knowledge of security controls, protocols, and best practices across on-premises and cloud environments. - Strong expertise in AWS and Azure, including architecture, security, and automation capabilities. - Hands-on experience with IaC tools with a focus on Terraform. - Proficiency in Python. - Experience building, tuning, and operating detections using cloud-native tools (GuardDuty, Security Hub) and SIEM platforms (Splunk). - Ability to investigate cloud logs (CloudTrail, VPC Flow Logs, audit logs). - Strong understanding of least privilege IAM design, role-based access, service accounts, and federated identity. - Strong problem-solving, communication, and teamwork skills, with the ability to collaborate with technical and non-technical stakeholders across Cloud Platform, DevOps, SRE, and Engineering teams. What will set you apart: - Relevant certifications such as CISSP, AWS Certified Security, or similar credentials. - 3+ years managing security controls, including defining security policies and guardrails (preferred). - 4+ years of technical experience working with security solutions and conducting security operations (preferred). - 4+ years of cloud network security experience, including reviewing tools and making recommendations on utilization and strategy (preferred). - 4+ years of experience with network protocols, data flows, and attacks within an IP environment (preferred). - 3+ years building configurations for security devices and building automated processes to support large-scale deployment (preferred). - Extensive experience with security software, firewalls, intrusion detection systems, and network monitoring (preferred). - Extensive hands-on technical knowledge of network systems, protocols, and standards such as TCP/IP (preferred). - 2+ years performing network and application security administration and threat assessments; CISSP or GIAC certification(s) (preferred). - 2+ years programming or scripting experience in one or more of Java, Perl, PHP, Python, or shell (preferred). This job description is not intended to be an exhaustive list of all duties, responsibilities and qualifications of the job. The employer has the right to revise this job description at any time. You will be evaluated in part based on your performance of the responsibilities and/or tasks listed in this job description. You may be required perform other duties that are not included on this job description. The job description is not a contract for employment, and either you or the employer may terminate employment at any time, for any reason. What we offer you We offer an array of diverse and inclusive benefits regardless of where you are in your career. We believe that providing our employees with the means to lead healthy balanced lives results in the best possible work performance. - Medical, dental, vision and life insurance - Retirement savings – 401(k) plan with generous company matching contributions (up to 6%), financial advisory services, potential company discretionary contribution, and a broad investment lineup - Tuition reimbursement up to $5,250/year - Business-casual environment that includes the option to wear jeans - Generous paid time off upon hire – including a paid time off program plus ten paid company holidays and three floating holidays each calendar year - Paid volunteer time — 16 hours per calendar year - Leave of absence programs – including paid parental leave, paid short- and long-term disability, and Family and Medical Leave (FMLA) - Business Resource Groups (BRGs) – BRGs facilitate inclusion and collaboration across our business internally and throughout the communities where we live, work and play. BRGs are open to all. Base Salary Range $105,700.00 - $149,275.00 The salary range above shows the typical minimum to maximum base salary range for this position in the location listed. Non-sales positions have the opportunity to participate in a bonus program. Sales positions are eligible for sales incentives, and in some instances a bonus plan, whereby total compensation may far exceed base salary depending on individual performance. Actual compensation offered may vary from posted hiring range based upon geographic location, work experience, education, licensure requirements and/or skill level and will be finalized at the time of offer. Equal opportunity employer • Drug-free workplace We are an equal opportunity employer with a commitment to diversity. All individuals, regardless of personal characteristics, are encouraged to apply. All qualified applicants will receive consideration for employment without regard to age (40 and over), race, color, national origin, ancestry, sex, sexual orientation, gender, gender identity, gender expression, marital status, pregnancy, religion, physical or mental disability, military or veteran status, genetic information, or any other status protected by applicable state or local law. ***For remote and hybrid positions you will be required to provide reliable high-speed internet with a wired connection as well as a place in your home to work with limited disruption. You must have reliable connectivity from an internet service provider that is fiber, cable or DSL internet. Other necessary computer equipment, will be provided. You may be required to work in the office if you do not have an adequate home work environment and the required internet connection.*** Job Posting End Date at 12:01 am on: 04-10-2026 Want the latest money news and views shaping how we live, work and play? Sign up for Empower’s free newsletter and check out The Currency.

• Work in a team-orientated, fast-paced, global, and flexible environment • Perform penetration testing across our entire product and infrastructure • Perform SaaS-based red team exercises with specific goal oriented objectives • Continuously evolve your skills toward AI evaluation and knowledge based on emerging tactics, techniques and procedures related to AI agent vulnerabilities • Collaborate with our AI Security, threat intelligence, threat monitoring and threat engineering teams to understand our threats, provide practical validations of threats and ensure our protections and incident response are continuously refined • Provide actionable insights for our Product Development team regarding vulnerabilities