Our vision for the future is based on the idea that transforming financial lives starts by giving our people the freedom to transform their own. We have a flexible work environment, and fluid career paths. We not only encourage but celebrate internal mobility. We also recognize the importance of purpose, well-being, and work-life balance. Within Empower and our communities, we work hard to create a welcoming and inclusive environment, and our associates dedicate thousands of hours to volunteering for causes that matter most to them. Chart your own path and grow your career while helping more customers achieve financial freedom. Empower Yourself. ***Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment visa at this time, including CPT/OPT.*** The Cloud Security Engineer will manage and secure cloud infrastructure environments by implementing and maintaining secure, reliable, and scalable cloud network architectures. This role focuses on AWS and Azure, applying strong expertise in cloud security controls, networking, and firewalls to protect systems against evolving threats while supporting operational performance and resilience. What you will do: - Implement and manage secure cloud network infrastructure to support performance, security, scalability, and reliability. - Partner with development teams to integrate security measures and best practices into the development lifecycle. - Architect secure and resilient AWS and Azure environments aligned with industry standards and compliance requirements. - Design and implement security controls and policies to reduce unauthorized access, data breaches, and related risks. - Collaborate with cross-functional teams to support timely resolution of security incidents and security-related issues. - Create and maintain Terraform scripts to provision and manage infrastructure resources using Infrastructure-as-Code (IaC). - Stay current on security best practices, network technologies, and cloud services, and apply improvements to the environment. - Train and guide junior team members on security practices and technologies. What you will bring: - Bachelor’s degree in Computer Science, Information Technology, or a related field. - Proven experience designing, implementing, and managing network infrastructure, particularly in innovation lab or cloud development environments. - Extensive knowledge of security controls, protocols, and best practices across on-premises and cloud environments. - Strong expertise in AWS and Azure, including architecture, security, and automation capabilities. - Hands-on experience with IaC tools with a focus on Terraform. - Proficiency in Python. - Experience building, tuning, and operating detections using cloud-native tools (GuardDuty, Security Hub) and SIEM platforms (Splunk). - Ability to investigate cloud logs (CloudTrail, VPC Flow Logs, audit logs). - Strong understanding of least privilege IAM design, role-based access, service accounts, and federated identity. - Strong problem-solving, communication, and teamwork skills, with the ability to collaborate with technical and non-technical stakeholders across Cloud Platform, DevOps, SRE, and Engineering teams. What will set you apart: - Relevant certifications such as CISSP, AWS Certified Security, or similar credentials. - 3+ years managing security controls, including defining security policies and guardrails (preferred). - 4+ years of technical experience working with security solutions and conducting security operations (preferred). - 4+ years of cloud network security experience, including reviewing tools and making recommendations on utilization and strategy (preferred). - 4+ years of experience with network protocols, data flows, and attacks within an IP environment (preferred). - 3+ years building configurations for security devices and building automated processes to support large-scale deployment (preferred). - Extensive experience with security software, firewalls, intrusion detection systems, and network monitoring (preferred). - Extensive hands-on technical knowledge of network systems, protocols, and standards such as TCP/IP (preferred). - 2+ years performing network and application security administration and threat assessments; CISSP or GIAC certification(s) (preferred). - 2+ years programming or scripting experience in one or more of Java, Perl, PHP, Python, or shell (preferred). This job description is not intended to be an exhaustive list of all duties, responsibilities and qualifications of the job. The employer has the right to revise this job description at any time. You will be evaluated in part based on your performance of the responsibilities and/or tasks listed in this job description. You may be required perform other duties that are not included on this job description. The job description is not a contract for employment, and either you or the employer may terminate employment at any time, for any reason. What we offer you We offer an array of diverse and inclusive benefits regardless of where you are in your career. We believe that providing our employees with the means to lead healthy balanced lives results in the best possible work performance. - Medical, dental, vision and life insurance - Retirement savings – 401(k) plan with generous company matching contributions (up to 6%), financial advisory services, potential company discretionary contribution, and a broad investment lineup - Tuition reimbursement up to $5,250/year - Business-casual environment that includes the option to wear jeans - Generous paid time off upon hire – including a paid time off program plus ten paid company holidays and three floating holidays each calendar year - Paid volunteer time — 16 hours per calendar year - Leave of absence programs – including paid parental leave, paid short- and long-term disability, and Family and Medical Leave (FMLA) - Business Resource Groups (BRGs) – BRGs facilitate inclusion and collaboration across our business internally and throughout the communities where we live, work and play. BRGs are open to all. Base Salary Range $105,700.00 - $149,275.00 The salary range above shows the typical minimum to maximum base salary range for this position in the location listed. Non-sales positions have the opportunity to participate in a bonus program. Sales positions are eligible for sales incentives, and in some instances a bonus plan, whereby total compensation may far exceed base salary depending on individual performance. Actual compensation offered may vary from posted hiring range based upon geographic location, work experience, education, licensure requirements and/or skill level and will be finalized at the time of offer. Equal opportunity employer • Drug-free workplace We are an equal opportunity employer with a commitment to diversity. All individuals, regardless of personal characteristics, are encouraged to apply. All qualified applicants will receive consideration for employment without regard to age (40 and over), race, color, national origin, ancestry, sex, sexual orientation, gender, gender identity, gender expression, marital status, pregnancy, religion, physical or mental disability, military or veteran status, genetic information, or any other status protected by applicable state or local law. ***For remote and hybrid positions you will be required to provide reliable high-speed internet with a wired connection as well as a place in your home to work with limited disruption. You must have reliable connectivity from an internet service provider that is fiber, cable or DSL internet. Other necessary computer equipment, will be provided. You may be required to work in the office if you do not have an adequate home work environment and the required internet connection.*** Job Posting End Date at 12:01 am on: 04-10-2026 Want the latest money news and views shaping how we live, work and play? Sign up for Empower’s free newsletter and check out The Currency.

• Work in a team-orientated, fast-paced, global, and flexible environment • Perform penetration testing across our entire product and infrastructure • Perform SaaS-based red team exercises with specific goal oriented objectives • Continuously evolve your skills toward AI evaluation and knowledge based on emerging tactics, techniques and procedures related to AI agent vulnerabilities • Collaborate with our AI Security, threat intelligence, threat monitoring and threat engineering teams to understand our threats, provide practical validations of threats and ensure our protections and incident response are continuously refined • Provide actionable insights for our Product Development team regarding vulnerabilities

• Nurture strong relationships within key accounts across technical, managerial, and senior executive levels • Coordinate pre and post sale activities with internal teams, distributors, and reseller partners • Expand account revenue through broadened use cases / add-on licenses

Description Second-61: We are Vigilant Defenders. Our foundation is built upon patriotism, protecting what matters most. We honor each other, our community, our country, and our customers through exceptional services as their front-line defenders. Position Description: IAM Engineer – Contingent Pipeline Opportunity – We’re building a talent pipeline for upcoming U.S. Government defense IT and analytics support roles. Opportunities are contingent upon task order awards and funding under existing contracts. Location: Remote Responsibilities: - Design, implement, and manage Identity and Access Management (IAM) solutions for cloud and on-premises environments - Configure and enforce role-based access control (RBAC) and multi-factor authentication (MFA) - Implement identity federation and secure authentication protocols including SAML, OAuth, and OpenID Connect - Support Zero Trust Architecture (ZTA) initiatives and cloud security policies - Maintain compliance with DoD IL2, IL4, and IL5 security frameworks and standards - Administer IAM platforms such as Microsoft Entra ID (formerly Azure AD), Okta, Ping Identity, or AWS IAM - Monitor and troubleshoot IAM systems, access issues, and security events - Collaborate with cybersecurity, cloud, and program teams to ensure secure and compliant access - Maintain documentation of IAM policies, procedures, and configurations Requirements - Bachelor’s degree in Cybersecurity, Information Assurance, Computer Science, or related field OR five years of equivalent experience in IAM engineering - Experience designing and managing IAM frameworks in cloud environments (AWS, Azure) - Experience with identity governance tools and zero-trust architecture implementation - Hands-on experience with IAM platforms such as Microsoft Entra ID, Okta, Ping Identity, or AWS IAM - Strong knowledge of DoD IL2, IL4, and IL5 security frameworks - Familiarity with authentication protocols: SAML, OAuth, OpenID Connect - Experience implementing RBAC and MFA in enterprise environments Desired Skills and Experience: - Experience supporting federal or DoD programs - Experience integrating IAM with DevSecOps pipelines or enterprise applications - Experience conducting IAM audits and compliance reporting - Experience with hybrid cloud identity management Certifications: - Required: None - Preferred: Certified Information Systems Security Professional CISSP, AWS Certified Security – Specialty, Microsoft Certified: Identity and Access Administrator Associate Clearance Requirement: - Must have an active Secret Security Clearance. - Candidate must be a U.S. citizen with the ability to pass a standard background check and drug screening. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations, and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.