The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications. If you already have a profile with us, you can log in to check status.Need Help?
If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries won't receive a response).
Regular or Temporary:Regular
Language Fluency: English (Required)
Work Shift:1st shift (United States of America)
Please review the following job description:This role is responsible for designing, implementing, and enhancing technical controls and monitoring solutions that detect and prevent unauthorized use of privileged access across the enterprise.
This role plays a critical part in identifying anomalous and high-risk access behaviors by leveraging advanced detection tools, including SIEM platforms (Splunk) and endpoint detection solutions (CrowdStrike). The engineer partners closely with Security Operations, IAM, and Infrastructure teams to develop detection use cases, improve visibility, and strengthen the organization's security posture.
ESSENTIAL DUTIES AND RESPONSIBILITIES Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
- Identify and define unauthorized access scenarios, including credential misuse, privilege escalation, and anomalous account behavior.
- Develop and tune Splunk/CrowdStrike queries, correlation searches, and alerts to detect suspicious privileged activity.
- Leverage CrowdStrike (or equivalent EDR tools) to monitor endpoint-level indicators of compromise, lateral movement, and misuse of elevated privileges
- Build and maintain detection use cases aligned with MITRE ATT&CK techniques related to identity and access abuse.
- Correlate data from multiple sources (identity systems, logs, endpoints, cloud platforms) to identify potential threats.
- Partner with Security Operations Center (SOC) and Incident Response teams to escalate and respond to confirmed incidents.
- Design and implement automated detection and response mechanisms for privileged access risks.
- Develop scripts or integrations (e.g., Python, APIs) to enhance monitoring, alerting, and reporting capabilities.
- Continuously improve detection logic to reduce false positives and increase detection accuracy
- Provide technical expertise to improve visibility into privileged account usage across on-prem and cloud environments.
- Contribute to enforcement of least privilege and just-in-time access models through monitoring and analytics.
- Create dashboards and reports in Splunk to track privileged access activity, trends, and risks.
- Recommend improvements to detection coverage based on threat intelligence and incident learnings
QualificationsRequired Qualifications The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Bachelor's degree or equivalent education, training, and work-related experience.
- Minimum of 5 years of experience in security engineering or related cybersecurity roles.
- Advanced knowledge in cybersecurity principles, theories, and concepts.
- Proven experience in software development lifecycle security practices.
- Advanced knowledge of threat modeling, security testing, and penetration testing.
- Experience implementing and managing complex information security technologies.
Preferred Qualifications - Experience developing detection use cases and threat hunting techniques for identity-based attacks.
- Strong expertise in:
- SIEM engineering and log analysis
- Behavioral analytics and anomaly detection
- Identity Threat Detection and Response (ITDR)
- Experience with PAM tools such as StrongDM and CyberArk.
- Familiarity with frameworks such as:
- MITRE ATT&CK (especially credential access and privilege escalation techniques)
- NIST and CRI Cybersecurity Framework
- Scripting and automation skills (e.g., Python, PowerShell).
- Experience integrating multiple data sources (cloud logs, Active Directory, EDR telemetry) into SIEM platforms.
- Relevant certifications such as:
- CISSP, GIAC (GCIA, GCIH), CEH, or Security+
- Strong analytical, problem-solving, and communication skills.
General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist's generous benefit plans, please visit our Benefits site. Depending on the position and division, this job may also be eligible for Truist's defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work.
