Cloud Security Operations Analyst (REMOTE)

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

 

Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.

Our crew are our greatest resource – by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.

We are seeking a Senior Cloud Security Specialist to serve as a technical authority for securing Google Cloud Platform (GCP) environments. In this role, you will design, operate, and continuously improve cloud threat detection, investigation, and response capabilities, with a strong focus on Google Security Command Center (SCC), GCP-native telemetry, and CNAPP integrations.

You will partner closely with Cloud Engineering, Security Operations, and Governance teams to ensure a resilient, compliant, and highly observable GCP security posture across enterprise-scale environments.

Key Responsibilities

• Act as a subject matter expert for GCP cloud security, providing hands-on leadership across detection, investigation, and response
• Design, configure, and optimize Google Security Command Center (SCC) findings, detectors, and risk prioritization
• Monitor and investigate security events using GCP audit logs, VPC flow logs, workload telemetry, and behavioral indicators
• Identify misconfigurations, identity misuse, workload compromise, and data exfiltration risks across GCP projects, folders, and organizations
• Correlate SCC findings with CNAPP, endpoint, and SIEM data sources to perform end-to-end threat analysis
• Identify attack paths and exposure chains across complex GCP environments
• Assist with the development of automated response playbooks for containment actions such as IAM revocation, workload isolation, and network restriction
• Lead cloud-native incident response activities, including triage, containment, eradication, and recovery
• Perform cloud forensics to analyze identity activity, workload behavior, and data access patterns
• Produce investigation reports, root cause analyses, and post-incident recommendations
• Provide architectural guidance on secure GCP design, including identity, network segmentation, workload isolation, and data protection
• Partner with engineering teams to embed security controls into CI/CD pipelines and infrastructure-as-code workflows

Required Qualifications

• Deep hands-on experience with Google Cloud Platform security architecture, including IAM, organization policies, VPC Service Controls, Cloud Logging, and Cloud Monitoring
• Expert-level knowledge of Google Security Command Center (SCC), including Premium tier capabilities, built-in detectors, and security posture management
• Experience with GCP-native threat detection services such as Event Threat Detection, Container Threat Detection, and Security Health Analytics
• Strong investigation skills using cloud-native logs, workload telemetry, and behavioral analytics
• Experience integrating GCP security telemetry with CNAPP platforms (e.g., Wiz, Prisma Cloud, Orca)
• Hands-on experience with SIEM/SOAR platforms (e.g., Splunk, Sentinel, Elastic, Tines)
• Knowledge of cloud security frameworks such as MITRE ATT&CK and CSA CCM
• Experience supporting regulatory and compliance requirements (e.g., ISO 27001, GDPR, SOX) in cloud environments

Preferred Qualifications

• Experience leading or mentoring cloud security analysts or engineers
• Strong background in cloud-native incident response and forensics
• Experience securing large-scale, multi-project GCP environments
• Familiarity with Terraform or other infrastructure-as-code tools
• Experience with large multi-cloud environments

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

Future of Work

During the pandemic, we transitioned to a work from home model for the majority of our crew and we continue to interview, hire, and on-board future crew remotely.

As we have developed the path forward, we have taken a thoughtful approach that both maximizes the advantages of working remotely and the many benefits of coming together and collaborating in a shared workspace. We believe that in-person interactions among our crew are important for preserving our unique culture and advantageous for the personal development of our crew.

When our Crew return to the office, many will work in our hybrid model. A smaller proportion of our crew will operate in the Work from Home work model (for example, field sales crew); or in the Work from Office model (for example, portfolio managers).

The working model that your role falls into will be communicated to you in the interview process – please do ask if you are unsure. We encourage you to make the decision regarding your job interview and offer knowing which model your role will fall into. We will test and learn as our ways of working evolve and will continue to evaluate working models along the way.

Salary Range:

$100,000.00 - $180,000.00