Security Engineer II - Threat and Vulnerability

Why Stifel

Stifel strives for a culture that puts its clients and associates first : a culture where everyone belongs, everyone is welcome, and everyone contributes to the success of our clients, their careers, and the firm as a whole.

Let's talk about how you can find your place here at Stifel, where success meets success .

What You'll Be Doing

The Security Engineer II - Threat and Vulnerability is responsible for identifying, assessing, and mitigating security risks across Stifel's environments. This role emphasizes detecting vulnerabilities, ensuring secure configurations, and driving remediation efforts to strengthen the firm's overall security posture. The Security Engineer II leverages technical expertise, automation, and programming skills to improve the efficiency and accuracy of vulnerability detection, reporting, and response processes.

What We're Looking For

• Research, analyze, and evaluate emerging threats, vulnerabilities, and exploits across on-premises and cloud environments.
• Monitor and correlate threat intelligence feeds to identify relevant tactics, techniques, and procedures (TTPs).
• Apply frameworks such as MITRE ATT&CK, OWASP, and CVSS to assess severity, exploitability, and business impact.
• Identify, assess, and manage vulnerabilities across cloud platforms such as AWS, Azure, or GCP, including misconfigurations and exposed services.
• Utilize CSPM and CWPP tools like Prisma Cloud, Defender for Cloud, and Wiz to detect, track, and report vulnerabilities.
• Collaborate with cloud, DevOps, and IT teams to remediate vulnerabilities and integrate security controls into infrastructure and pipelines.
• Implement and maintain secure configuration standards across servers, endpoints, databases, network devices, and cloud resources.
• Perform regular configuration audits and compliance checks using frameworks such as CIS Benchmarks, NIST 800-53, and DISA STIGs.
• Develop and maintain automation scripts or integrations with Python, PowerShell, Bash, JavaScript to streamline scanning, reporting, and data correlation.
• Integrate vulnerability management tools with SIEM, SOAR, and ticketing systems via APIs to improve workflow efficiency.
• Create dashboards and data visualizations to enhance threat visibility and remediation tracking.
• Track and verify remediation progress, ensuring alignment with defined SLAs, risk priorities, and compliance requirements.
• Communicate technical findings, risks, and remediation guidance clearly to both technical and non-technical stakeholders.

What You'll Bring

Education & Experience

Licenses & Credentials

Systems & Technology

#LI-DL1

About Stifel

Stifel is more than 130 years old and still thinking like a start-up. We are a global wealth management and investment banking firm serious about innovation and fresh ideas. Built on a simple premise of safeguarding our clients' money as if it were our own, coined by our namesake, Herman Stifel, our success is intimately tied to our commitment to helping families, companies, and municipalities find their own success.

While our headquarters is in St. Louis, we have offices in New York, San Francisco, Baltimore, London, Frankfurt, Toronto, and more than 400 other locations. Stifel is home to approximately 9,000 individuals who are currently building their careers as financial advisors, research analysts, project managers, marketing specialists, developers, bankers, operations associates, among hundreds more. Let's talk about how you can find your place here at Stifel, where success meets success.

At Stifel we offer an entrepreneurial environment, comprehensive benefits package to include health, dental and vision care, 401k, wellness initiatives, life insurance, and paid time off.

Stifel is an Equal Opportunity Employer.