Ally Financial Careers

At Ally, you get a startup feel, but experience the benefits of a company that’s worked out the kinks and is fulfilling its purpose. We’re always evolving and see that as a good thing. From owning our work to seeing its impact in the real world, our team is relentless in finding new ways technology can help make experiences better and help people. We are problem solvers, we value diverse thinking, we support one another, and we challenge ourselves to think bigger in the journey to deliver customer-obsessed tech solutions. To read more about what our tech team does, be sure to visit our tech blog at ally.tech

The Cloud Security Principal Engineer position at Ally is a member of the Information Protection and Risk Management team and works closely with other members of the IPRM program to identify, manage, and mitigate security risks at Ally. The engineer is part of a broader team of security engineers reporting to the Sr. Director, Cloud Security who are responsible for developing, deploying, and integrating technical controls and tools to meet specific security requirements, as well as defining processes and standards to ensure that security configurations and tools are maintained. This is a project focused resource within the organization and will focus on designing and implementing both technologies and governance processes focused on our SaaS platforms.  This resource will have potential opportunity to transition into a longer-term engagement to continue to mature and improve the SaaS security service.

• Primary responsibility will be to support our existing security infrastructure and security projects with potential to take on responsibilities for other technologies such as DevOps toolchain, Cloud automation, SaaS posture management and other technologies.
• Define and mature cloud-focused security policies and controls (governance, processes, frameworks, metrics)
• Managing the day to day troubleshooting of the enterprise CSPM platform and other security controls. This includes:
• Configuration tuning, troubleshooting, as well as defining and executing escalation criteria.
• Work with Security teams to tune control systems to best meet the need of the business.
• Ability to identify security risks and work with IPRM team to report and lead the remediation efforts.
• Perform architecture and engineering responsibilities in support of existing technologies and new security projects.
• Perform daily, weekly and monthly health checks, user activity audits and must have good knowledge in determining baseline offsets.
• Identify, Implement, and Operationalize security technologies and processes to improve visibility and reduce risk
• Partner with other technical leaders throughout the organization to refine and mature Ally’s security posture for cloud-based technologies and platforms, as well as identifying and maturing our application security capabilities
• Consult with project teams to ensure that platform architecture has proper security controls in place (focused on Cloud Providers / SaaS engagements)
• Engage as needed in other Cloud Security efforts where skills may overlap:  Cloud Platform Security and DevSecOps / Pipeline Security

• Demonstrated technical expertise in two or more technology areas (compute, storage, network, data, etc)
• Strong background in information security practices, controls, and governance (CISSP preferred)
• 5+ years of experience as a technical resource within an IT organization (enterprise / matrixed organization preferred)
• 2+ years of experience with cloud platforms (operational experience preferred for AWS, Azure, GCP, etc)
• Strong soft skills: builds partnerships, translates complexities into simple terms, ability to maintain focus on objectives
• Highly proficient in drafting technical documents:  process/procedures, standards/policies, architectures, etc)