Lead Vulnerability Remediation Engineer - Infrastructure Engineer
Top focus
The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications.
If you already have a profile with us, you can log in to check status. Need Help? If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries won't receive a response).
Regular or Temporary: Regular Language Fluency: English (Required) Work Shift: 1st shift (United States of America) Please review the following job description: The Lead Infrastructure Engineer within Truist’s Digital Workplace organization is accountable for enterprise governance, risk reduction, and lifecycle oversight of endpoint vulnerabilities and configuration compliance across physical and virtual (VDI) environments.
This role partners across engineering, operations, and security stakeholders to identify, prioritize, remediate, and prevent endpoint security exposures while producing defensible, repeatable, and scalable solutions aligned to Truist standards.
This position supports a proactive operating model emphasizing automation, prevention, and measurable outcomes. For this opportunity, Truist will not sponsor an applicant for work visa status or employment authorization, nor will we offer any immigration-related support for this position (including, but not limited to H-1B, F-1 OPT, F-1 STEM OPT, F-1 CPT, J-1, TN-1 or TN-2, E-3, O-1, or future sponsorship for U.S. lawful permanent residence status.) This position is office-centric 5 days a week in our Truist hubs.
GENERAL ESSENTIAL DUTIES AND RESPONSIBILITIES Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time. 1.
Builds and designs enterprise infrastructure technology platforms and systems across various environments, such as cloud, network, database, storage, platform, computing, and/or middleware domains. 2. Applies automation, monitoring, and optimization techniques to ensure high availability and performance of infrastructure. 3.
Collaborates with cross-functional teams to integrate new technologies and continuously improve infrastructure standards and processes. 4. Troubleshoots and resolves moderately complex technical issues impacting infrastructure performance and reliability. 5.
Supports compliance with technology strategies, standards, and governance to mitigate risks and ensure regulatory adherence. 6. Deploys infrastructure designs, configurations, and procedures to support operational consistency and knowledge sharing. 7.
Proactively contributes to technical innovation efforts and advancement of infrastructure capabilities. 8. Works with technical project teams to support infrastructure deliverables and solutions. 9. Makes adjustments or recommends enhancements in technical systems and processes to improve effectiveness of area of responsibility.
Specific job Function: 1) Endpoint Vulnerability Management (Enterprise Scale) Operate and mature the endpoint vulnerability lifecycle: discovery → prioritization → remediation → validation → reporting. Perform vulnerability identification and prioritization using Qualys and or other security agents, including (but not limited to) Microsoft Security Updates and major 3rd‑party applications (e.g., Chrome, Edge, legacy dependencies where applicable).
Drive risk-based remediation workflows aligned to business impact, exploitability, and fleet exposure. Validate remediation efficacy and ensure vulnerability closure is auditable and reproducible. 2) Secure Baseline Configuration (SBC) & Compliance (Windows 11 + VDI) Own Secure Baseline Configuration compliance outcomes for Windows 11 across physical devices and VDI.
Detect and correct compliance drift; build governance routines to prevent recurring deviation. Translate policy intent into enforceable configuration standards and operational guardrails. 3) Problem Management (Root Cause + Corrective Actions) Lead or co-lead root cause analysis for recurring endpoint issues and systemic remediation failures.
Develop long-term corrective actions, workarounds, and knowledge artifacts that reduce repeat incidents. Align problem practices to Digital Workplace Problem Management goals, templates/artifacts, tooling/automation, and metrics. 4) Configuration Management & Deployment Enablement (SCCM / MECM) Leverage Microsoft Endpoint Configuration Manager (SCCM/MECM) to support remediation delivery at scale (packages, deployments, compliance baselines, reporting).
Troubleshoot deployment failures and endpoint state issues impacting remediation timelines. Partner with endpoint engineering and operations teams to harden delivery pipelines and reduce rework. 5) Automation & Engineering Enablement (PowerShell + Workflows) Create and maintain PowerShell automation to reduce manual effort, accelerate remediation, and improve consistency.
Build automation patterns for detection, enforcement, validation, and reporting (including safe failure handling and rollback considerations). Integrate automation into operational workflows (e.g., Service Management processes) to increase throughput and reduce friction. 6) Data, Reporting, and Decision Support (Databases) Use SQL and relational database concepts to support remediation tracking, compliance analytics, trend analysis, and operational reporting.
Define data-quality expectations (integrity, lineage, reproducibility) and produce metrics that support governance and executive visibility. Translate raw findings into actionable insights for stakeholders. 7) Documentation, Communication, and Governance Produce clear, structured documentation (standards, runbooks, decision records, remediation guides) suitable for audit and cross-team reuse.
Communicate tradeoffs, constraints, edge cases, and operational impacts with precision and transparency. Maintain a forward-looking view of risk exposure, compliance drift, and control sustainability. Qualifications Required Qualifications The requirements listed below are representative of the knowledge, skill and/or ability required.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 1. Bachelor’s degree in Computer Science, Engineering, Information Systems, or related field. 2. Minimum of 3 years of professional experience in infrastructure engineering. 3.
Understanding of enterprise infrastructure technologies including cloud, network, database, storage, platform, computing, and middleware. Preferred Qualifications 1. Bachelor's degree and six years of experience or an equivalent combination of education and work experience. 2.
Banking or financial services experience. 3. Experience in VDI environments and their unique compliance/remediation constraints. 4. Familiarity with endpoint configuration governance methods (e.g., baselines, policy-as-code concepts, drift monitoring). 5.
Experience integrating security remediation with service management tooling and workflows. 6. ITIL / Problem Management background and comfort operating within structured ITSM practices. 7. Security or endpoint-focused certifications (examples: Security+, vendor tooling certs, or equivalent experience). 8.
Security-first mindset with strong attention to data integrity and reproducibility. 9. Structured communication: crisp problem statements, explicit decision logic, and documented tradeoffs. 10. Anticipates edge cases, failure modes, and operational constraints (bandwidth, maintenance windows, change risk). 11.
Designs solutions for scale and sustainability, not one-off fixes. 12. Automation and prevention focused, aligned to the Digital Workplace direction. General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position.
Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays.
For more details on Truist’s generous benefit plans, please visit our Benefits site . Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan.
As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work. Truist is an Equal Opportunity Employer that does not discriminate on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status, or other classification protected by law.
Truist is a Drug Free Workplace. EEO is the Law E-Verify IER Right to Work