The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications. If you already have a profile with us, you can log in to check status.

Need Help?

If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries won't receive a response).

Regular or Temporary:
Regular

Language Fluency: English (Required)

Work Shift:
1st shift (United States of America)

Please review the following job description:

Designs and develops advanced technical and cybersecurity capabilities across all phases of the software development lifecycle, including threat modeling, security testing, and penetration testing. Plans, builds, and enhances cybersecurity technologies by baselining systems, analyzing trends, and preparing for future requirements to deliver reliable, scalable, and secure technology solutions with major impact on the job area.

GENERAL ESSENTIAL DUTIES AND RESPONSIBILITIES
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
1. Designs and implements advanced cybersecurity solutions that protect critical assets within the job area, contributing to the technical approach for complex implementations while aligning to established strategies and patterns.
2. Performs and enhances threat modeling, security testing, and penetration testing for high-risk platforms and services in scope, applying innovative techniques to uncover and remediate significant vulnerabilities.
3. Integrates and configures information security technologies in production environments, defining and improving configuration patterns, automation, and handoff processes for the assigned domain.
4. Serves as a key technical point of escalation for challenging security issues, diagnosing recurring problems and creating reusable solutions that improve how the team operates.
5. Assesses emerging security threats, tools, and architectural options, and provides recommendations that shape technical plans, priorities, and goals for the job area.
6. Collaborates with product and engineering teams to apply modern security architecture, secure by design practices, and governance controls throughout the local development lifecycle.
7. Develops and maintains security baselines, guardrails, and control patterns for systems and applications in the area of responsibility, contributing to approaches that support regulatory and policy compliance.
8. Leads the technical execution of major incident response and forensic activities within the job area, coordinating tasks, leveraging tooling effectively, and suggesting improvements to playbooks and processes.
9. Provides guidance, coaching, and technical training to other security engineers, leading code and design reviews and sharing best practices that elevate team capability.
10. Leads large or complex security engineering initiatives within the job area, delegating work to lower level technical professionals, reviewing outputs, and ensuring delivery meets agreed objectives.

SPECIFIC ESSENTIAL DUTIES AND RESPONSIBILITIES

SOAR Engineering & Integrations
- Design, build, and maintain integrations between XSOAR and platforms such as Archer (or other GRC tools), SecurityScorecard (or similar vendor risk tools), and SIEM solutions such as Splunk.
- Develop custom connectors and API-based integrations where native connectors do not exist.
- Normalize, enrich, and correlate data from third-party and external risk sources for operational use.

Third-Party Risk Alerting
- Build alerting logic for vendor-related threats including vendor breaches, risk score degradation, SaaS abuse, and exposure of vendor-managed assets.
- Correlate vendor risk signals with internal telemetry to determine potential business impact.
- Enable SOC workflows for third-party-related detections.

Automation & Playbooks

- Design and implement SOAR playbooks to triage, enrich, and respond to vendor-related alerts.
- Automate response actions such as token revocation, access suspension, ticket creation, and stakeholder notification.
- Maintain and optimize playbooks to reduce manual effort and mean time to respond (MTTR).

Operational Collaboration
- Partner with SOC, Vendor Risk, Threat Modeling, and Detection Engineering teams to translate risk scenarios into automation logic.
- Document integrations, workflows, and playbooks.
- Monitor performance and reliability of SOAR automations.
- Design and implement SOAR playbooks to triage, enrich, and respond to vendor-related alerts.
- Automate response actions such as token revocation, access suspension, ticket creation, and stakeholder notification.
- Maintain and optimize playbooks to reduce manual effort and mean time to respond (MTTR).

Qualifications
Required Qualifications
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
1. Bachelor's degree or equivalent education, training, and work-related experience.
2. Minimum of 7 years of experience in security engineering or related cybersecurity roles.
3. Deep specialized knowledge in cybersecurity principles, theories, and concepts.
4. Proven experience in software development lifecycle security practices.
5. Deep knowledge of threat modeling, security testing, and penetration testing.
6. Experience implementing and managing complex information security technologies.

Preferred Qualifications

1. Experience integrating Archer, ServiceNow GRC, SecurityScorecard, BitSight, or RiskRecon.
2. Knowledge of MITRE ATTACK and detection engineering concepts.
3. Experience automating SaaS security actions (token revocation, session termination).
4. Familiarity with External Attack Surface Management (EASM) tools.

General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist's generous benefit plans, please visit our Benefits site. Depending on the position and division, this job may also be eligible for Truist's defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work.