Senior IT Security Specialist - SaaS, CSPM, and Container Security

About The Company

Voya Financial is a leading provider of retirement, investment, and insurance solutions dedicated to helping Americans plan, invest, and protect their savings. With a commitment to innovation and security, Voya continuously evolves its technological infrastructure to meet the dynamic needs of its clients and the industry. The company fosters a collaborative and inclusive environment, emphasizing integrity, excellence, and a forward-thinking approach to financial services. Voya's focus on leveraging cutting-edge technology ensures the safety and resilience of its digital platforms, making it a trusted partner in financial security.

About The Role

Voya is seeking a highly skilled Senior IT Security Specialist to enhance and fortify our SaaS Security Posture Management (SSPM), Cloud Security Posture Management (CSPM), and container security capabilities. This role is pivotal in managing security across a rapidly evolving hybrid cloud and SaaS ecosystem, ensuring robust protection against emerging threats. The position involves close collaboration with Cloud, DevSecOps, Application Security, and Platform Engineering teams to identify, assess, and remediate security risks associated with SaaS platforms, public cloud infrastructure, and containerized workloads. The ideal candidate will possess extensive hands-on experience with cloud-native security controls, automation, Infrastructure-as-Code (IaC), and Policy-as-Code (PaC), along with familiarity with advanced security tooling such as CrowdStrike Falcon Shield, Palo Alto Prisma, and Cortex. This is a remote role, with the expectation that candidates are based near one of the following Voya office locations: Windsor, CT; Boston, MA; or Atlanta, GA.

Qualifications

• 5+ years of experience in information security, with a focus on cloud and SaaS security
• Hands-on experience with Cloud Security Posture Management (CSPM) in AWS and/or Azure
• Experience with SSPM tools such as CrowdStrike Falcon Shield, Palo Alto (SaaS / Prisma), or similar platforms
• Strong understanding of container security and Kubernetes environments
• Proficiency in scripting and automation (Python, PowerShell, Bash)
• Practical experience with Infrastructure-as-Code (Terraform, ARM, CloudFormation)
• Knowledge of Policy-as-Code (OPA, Sentinel, native cloud policies)
• Solid understanding of IAM, identity federation, least-privilege access, and SaaS permissions models
• Ability to collaborate effectively with cross-functional teams including cloud, DevOps, AppSec, and platform teams
  
  

  Interested in remote work opportunities in Devops? Discover Devops Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

Responsibilities

• Support SSPM initiatives across enterprise SaaS platforms, configuring and tuning tools to identify misconfigurations, excessive permissions, and risky integrations
• Support and mature CSPM capabilities across AWS and Azure, including continuous monitoring and risk prioritization
• Partner with application owners to drive remediation efforts for SaaS and cloud security findings
• Secure cloud-native workloads across AWS and Azure using native and third-party security controls
• Support container and Kubernetes security, including image scanning, runtime protections, and policy enforcement
• Embed security controls into CI/CD pipelines in collaboration with DevSecOps teams
• Develop and maintain security automation scripts using languages such as Python, PowerShell, and Bash
• Implement and review Infrastructure-as-Code (Terraform, ARM, CloudFormation) with a security-first approach
• Design and enforce Policy-as-Code (OPA, Sentinel, native cloud policies) to prevent insecure deployments
• Contribute to emerging AI Security Posture Management (AI-SPM) initiatives and partner with platform and data teams to secure MLOps pipelines and models
• Translate technical findings into actionable risk insights and support audits, risk assessments, and regulatory inquiries
• Stay current on emerging threats, SaaS attack patterns, cloud security trends, and AI security risks

Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

• Mentor junior team members and promote secure-by-design practices across the organization
  
  

Benefits

• Comprehensive health, dental, vision, and life insurance plans
• 401(k) Savings plan with generous company matching contributions (up to 6%)
• Voya Retirement Plan – employer-paid cash balance retirement plan (4%)
• Tuition reimbursement up to $5,250 annually
• Paid time off including 20 days of vacation, nine paid holidays, and a flexible Diversity Celebration Day
• Paid volunteer time of 40 hours per calendar year
  
  

Equal Opportunity

Voya Financial is an equal opportunity employer committed to fostering an inclusive environment. We provide reasonable accommodations to applicants and employees to ensure equal access to employment opportunities regardless of race, color, religion, sex, national origin, age, disability, sexual orientation, gender identity, or any other protected characteristic. We believe diversity enhances our innovation and success, and we are dedicated to creating a workplace where everyone can thrive.