Lead Vulnerability Remediation Engineer - Infrastructure Engineer
Company: Truist Bank
Location: Raleigh
Posted on: April 1, 2026
|
|
|
Job Description:
The position is described below. If you want to apply, click the
Apply Now button at the top or bottom of this page. After you click
Apply Now and complete your application, you'll be invited to
create a profile, which will let you see your application status
and any communications. If you already have a profile with us, you
can log in to check status. Need Help? If you have a disability and
need assistance with the application, you can request a reasonable
accommodation. Send an email to Accessibility (accommodation
requests only; other inquiries won't receive a response). Regular
or Temporary: Regular Language Fluency: English (Required) Work
Shift: 1st shift (United States of America) Please review the
following job description: The Lead Infrastructure Engineer within
Truist’s Digital Workplace organization is accountable for
enterprise governance, risk reduction, and lifecycle oversight of
endpoint vulnerabilities and configuration compliance across
physical and virtual (VDI) environments. This role partners across
engineering, operations, and security stakeholders to identify,
prioritize, remediate, and prevent endpoint security exposures
while producing defensible, repeatable, and scalable solutions
aligned to Truist standards. This position supports a proactive
operating model emphasizing automation, prevention, and measurable
outcomes. For this opportunity, Truist will not sponsor an
applicant for work visa status or employment authorization, nor
will we offer any immigration-related support for this position
(including, but not limited to H-1B, F-1 OPT, F-1 STEM OPT, F-1
CPT, J-1, TN-1 or TN-2, E-3, O-1, or future sponsorship for U.S.
lawful permanent residence status.) This position is office-centric
5 days a week in our Truist hubs. ESSENTIAL DUTIES AND
RESPONSIBILITIES Following is a summary of the essential functions
for this job. Other duties may be performed, both major and minor,
which are not mentioned below. Specific activities may change from
time to time. 1) Endpoint Vulnerability Management (Enterprise
Scale) Operate and mature the endpoint vulnerability lifecycle:
discovery ? prioritization ? remediation ? validation ? reporting.
Perform vulnerability identification and prioritization using
Qualys and or other security agents, including (but not limited to)
Microsoft Security Updates and major 3rd?party applications (e.g.,
Chrome, Edge, legacy dependencies where applicable). Drive
risk-based remediation workflows aligned to business impact,
exploitability, and fleet exposure. Validate remediation efficacy
and ensure vulnerability closure is auditable and reproducible. 2)
Secure Baseline Configuration (SBC) & Compliance (Windows 11 VDI)
Own Secure Baseline Configuration compliance outcomes for Windows
11 across physical devices and VDI. Detect and correct compliance
drift; build governance routines to prevent recurring deviation.
Translate policy intent into enforceable configuration standards
and operational guardrails. 3) Problem Management (Root Cause
Corrective Actions) Lead or co-lead root cause analysis for
recurring endpoint issues and systemic remediation failures.
Develop long-term corrective actions, workarounds, and knowledge
artifacts that reduce repeat incidents. Align problem practices to
Digital Workplace Problem Management goals, templates/artifacts,
tooling/automation, and metrics. 4) Configuration Management &
Deployment Enablement (SCCM / MECM) Leverage Microsoft Endpoint
Configuration Manager (SCCM/MECM) to support remediation delivery
at scale (packages, deployments, compliance baselines, reporting).
Troubleshoot deployment failures and endpoint state issues
impacting remediation timelines. Partner with endpoint engineering
and operations teams to harden delivery pipelines and reduce
rework. 5) Automation & Engineering Enablement (PowerShell
Workflows) Create and maintain PowerShell automation to reduce
manual effort, accelerate remediation, and improve consistency.
Build automation patterns for detection, enforcement, validation,
and reporting (including safe failure handling and rollback
considerations). Integrate automation into operational workflows
(e.g., Service Management processes) to increase throughput and
reduce friction. 6) Data, Reporting, and Decision Support
(Databases) Use SQL and relational database concepts to support
remediation tracking, compliance analytics, trend analysis, and
operational reporting. Define data-quality expectations (integrity,
lineage, reproducibility) and produce metrics that support
governance and executive visibility. Translate raw findings into
actionable insights for stakeholders. 7) Documentation,
Communication, and Governance Produce clear, structured
documentation (standards, runbooks, decision records, remediation
guides) suitable for audit and cross-team reuse. Communicate
tradeoffs, constraints, edge cases, and operational impacts with
precision and transparency. Maintain a forward-looking view of risk
exposure, compliance drift, and control sustainability.
QUALIFICATIONS Required Qualifications: The requirements listed
below are representative of the knowledge, skill and/or ability
required. Reasonable accommodations may be made to enable
individuals with disabilities to perform the essential functions.
1. Bachelor's degree and five years of experience in development or
application support or an equivalent combination of education and
work experience. 2. In- depth knowledge in information systems and
ability to identify, apply, and implement best practices. 3.
Understanding of key business processes and competitive strategies
related to the IT function. 4. Ability to plan and manage projects.
5. Ability to solve complex problems by applying best practices. 6.
Ability to provide direction and mentor less experienced teammates.
7. Ability to interpret and convey complex, difficult, or sensitive
information. Preferred Qualifications: 1. Bachelor's degree and six
years of experience or an equivalent combination of education and
work experience. 2. Banking or financial services experience. 3.
Experience in VDI environments and their unique
compliance/remediation constraints. 4. Familiarity with endpoint
configuration governance methods (e.g., baselines, policy-as-code
concepts, drift monitoring). 5. Experience integrating security
remediation with service management tooling and workflows. 6. ITIL
/ Problem Management background and comfort operating within
structured ITSM practices. 7. Security or endpoint-focused
certifications (examples: Security, vendor tooling certs, or
equivalent experience). 8. Security-first mindset with strong
attention to data integrity and reproducibility. 9. Structured
communication: crisp problem statements, explicit decision logic,
and documented tradeoffs. 10. Anticipates edge cases, failure
modes, and operational constraints (bandwidth, maintenance windows,
change risk). 11. Designs solutions for scale and sustainability,
not one-off fixes. 12. Automation and prevention focused, aligned
to the Digital Workplace direction. OTHER JOB REQUIREMENTS /
WORKING CONDITIONS Sitting Frequently (25% - 50% of the time)
Lifting Up to 25 lbs. Visual / Audio / Speaking Able to access and
interpret client information received from the computer and able to
hear and speak with individuals in person and on the phone. Manual
Dexterity / Keyboarding Able to work standard office equipment,
including PC keyboard and mouse, copy/fax machines, and printers.
Availability Able to work all hours scheduled, including overtime
as directed by manager/supervisor and required by business need.
Travel Up to 25% General Description of Available Benefits for
Eligible Employees of Truist Financial Corporation: All regular
teammates (not temporary or contingent workers) working 20 hours or
more per week are eligible for benefits, though eligibility for
specific benefits may be determined by the division of Truist
offering the position. Truist offers medical, dental, vision, life
insurance, disability, accidental death and dismemberment,
tax-preferred savings accounts, and a 401k plan to teammates.
Teammates also receive no less than 10 days of vacation (prorated
based on date of hire and by full-time or part-time status) during
their first year of employment, along with 10 sick days (also
prorated), and paid holidays. For more details on Truist’s generous
benefit plans, please visit our Benefits site . Depending on the
position and division, this job may also be eligible for Truist’s
defined benefit pension plan, restricted stock units, and/or a
deferred compensation plan. As you advance through the hiring
process, you will also learn more about the specific benefits
available for any non-temporary position for which you apply, based
on full-time or part-time status, position, and division of work.
Truist is an Equal Opportunity Employer that does not discriminate
on the basis of race, gender, color, religion, citizenship or
national origin, age, sexual orientation, gender identity,
disability, veteran status, or other classification protected by
law. Truist is a Drug Free Workplace. EEO is the Law E-Verify IER
Right to Work
Keywords: Truist Bank, High Point , Lead Vulnerability Remediation Engineer - Infrastructure Engineer, IT / Software / Systems , Raleigh, North Carolina
