Cybersecurity Senior Engineer - Cloud Security

The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications. If you already have a profile with us, you can log in to check status.

Need Help? (

If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (View email address on click.appcast.io?subject=Accommodation%20request)

(accommodation requests only; other inquiries won't receive a response).

Regular or Temporary:

Regular

Language Fluency: English (Required)

Work Shift:

1st shift (United States of America)

Please review the following job description:

We are seeking a highly skilled Engineer to join our technology team. The ideal candidate will excel in designing secure, scalable, and automated cloud solutions, with deep expertise in Python-based automation, AWS, container technologies, CI/CD-GitLab and Infrastructure as code (IaC) with security-focused delivery practices. This role will focus on building modern cloud infrastructure, automating deployments, enhancing security posture, and ensuring seamless collaboration across engineering, development, and risk teams. Additionally, this role contains a strong data engineering component, and you will own the full lifecycle of security data: ingesting raw cloud asset and event data via CloudQuery, transforming and modeling it with dbt, storing it in structured databases, and surfacing insights through Grafana dashboards consumed by security leadership, engineering teams, and executive stakeholders.

Essential Duties and Responsibilities

Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.

• Automate operational workflows using Python .

• Build and manage CI/CD pipelines using GitLab .

• Manage AWS services and ensure secure, scalable cloud environments.

• Build, deploy, and automate containerized applications .

• Develop Infrastructure as Code using Terraform and CloudFormation .

• Implement and support cloud security tools (e.g., Wiz ).

• Troubleshoot and resolve pipeline, cloud, and infrastructure issues.

• Manage vulnerability lifecycle for cloud infrastructure, prioritizing findings through a risk-based lens

• Design, deploy, and maintain CloudQuery pipelines to continuously ingest cloud asset inventory, configuration state, and security findings from AWS, Azure, and GCP into a centralized data store

• Implement robust scheduling, error handling, and data freshness monitoring for all ingestion pipelines

• Manage schema evolution and backward compatibility as upstream APIs and data models change

• Collaborate with the data platform team on storage architecture, partitioning strategy, and query performance

• Document all models in dbt's built-in documentation layer, enabling self-service consumption by downstream teams

• Optimize dbt model performance through incremental materialization, partitioning, and query pushdown strategies

• Build, maintain, and continuously improve a library of Grafana dashboards serving security operations, engineering, and executive audiences

• Apply hands-on AWS (and multi-cloud) security knowledge to validate the accuracy and completeness of ingested security data

• Translate cloud security concepts into data model attributes and dashboard metrics that accurately reflect underlying risk

• Participate in security architecture reviews to identify data collection gaps and advocate for telemetry improvements

• Support vulnerability management, compliance reporting, and security posture programs with data-driven analysis

• Collaborate with cross-functional engineering and security teams.

• Serve as a security advisor to platform engineering and product development teams

• Mentor junior engineers and cross-functional staff on cloud security fundamentals and standard security practices

• Communicate risk posture and program metrics to leadership in clear, business-relevant terms backed by dashboard evidence

Qualifications

Required Qualifications:

The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

1. Bachelor’s degree and eight years of experience in systems engineering or administration or an equivalent combination of education and work experience

2. Deep specialized and/or broad functional knowledge in applied enterprise information security technologies including but not limited to firewalls, intrusion detection/prevention systems, network operating systems, identity management, database activity monitoring, encryption, content filtering, and Mainframe security

3. Previous experience in leading complex IT projects

Preferred Qualifications:

• Proficiency in Python scripting.

• Strong GitLab CI/CD pipeline development.

• Strong hands-on experience with AWS , including:

• IAM

• ECS / EKS

• EC2

• S3

• CloudTrail

• CloudWatch

• CloudFront

• VPC and AWS networking

• Infrastructure as Code with Terraform and CloudFormation .

• Strong container development and automation experience.

• Experience with cloud security tools (e.g., Wiz).

• Exposure to Azure (preferred).

• Production dbt experience: model authoring, testing, documentation, incremental strategies, and CI integration

• Strong SQL proficiency across one or more analytical databases (e.g. PostgreSQL)

• Grafana dashboard development experience: panel types, templating, alerting, and data source configuration

• Experience supporting compliance frameworks: SOC 2, PCI-DSS, HIPAA , or FedRAMP

• Excellent written and verbal communication skills; able to translate technical risk to business impact

• Strong analytical and problem-solving capabilities.

• Ability to collaborate effectively across diverse teams.

• AWS certifications (Solutions Architect, DevOps Engineer, etc.).

• Experience with AI/ML tools:

• AWS Bedrock

• Streamlit

• Claude Sonnet

• Vector Databases

• Familiarity with generative AI integrations.

• Experience with penetration testing, application security, and related disciplines

• Familiarity with MITRE ATT&CK Cloud matrix and adversary simulation concepts

• Experience operating in a regulated industry (financial services, healthcare, defense)

• Background supporting executive-level security reporting programs with defined KPIs and OKRs

Other Job Requirements / Working Conditions

Sitting

Constantly (More than 50% of the time)

Visual / Audio / Speaking

Able to access and interpret client information received from the computer and able to hear and speak with individuals in person and on the phone.

Manual Dexterity / Keyboarding

Able to work standard office equipment, including PC keyboard and mouse, copy/fax machines, and printers.

Availability

Able to work all hours scheduled, including overtime as directed by manager/supervisor and required by business need.

Travel

Minimal and up to 10%

General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist’s generous benefit plans, please visit our Benefits site (

. Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work.

Truist is an Equal Opportunity Employer that does not discriminate on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status, or other classification protected by law. Truist is a Drug Free Workplace.

EEO is the Law (

E-Verify (

IER Right to Work (