Truist

Cybersecurity Engineer – Threat Engineering, Detection

Truist

full-time

Posted on:

Location Type: Hybrid

Location: Charlotte • North Carolina • 🇺🇸 United States

Visit company website
AI Apply
Apply

Job Level

Mid-LevelSenior

Tech Stack

DockerFirewallsKubernetesMySQLPostgresPythonSplunkSQL

About the role

  • Design, develop, and maintain high-fidelity detections across Splunk, Snowflake, and related platforms
  • Author SPL-based detections (Splunk) and SQL-based queries (Snowflake, MySQL, PostgreSQL, SQL Server)
  • Design and optimize queries within Snowflake for detection logic and threat hunting
  • Configure and maintain Snowpipe pipelines for real-time and batch ingestion of security-relevant data
  • Partner with data engineering to ensure schema design and ingestion pipelines support scalable detection use cases
  • Design and maintain integrations with Cribl/Databahn (or similar platforms) for log routing, transformation, and observability pipeline efficiency, telemetry enrichment, normalization, and cost-optimized data movement
  • Provide administrative expertise for Splunk and Snowflake environments, ensuring resilience, scalability, and performance
  • Map detections to the MITRE ATT&CK framework to ensure comprehensive threat coverage
  • Use detection-as-code workflows for structured creation, testing, and deployment of detections
  • Leverage Anvilogic content packs and extend/customize them for organization-specific threats
  • Orchestrate multi-platform detection deployment across Splunk, Snowflake, and other SIEM/data lake platforms
  • Apply coverage analytics within Anvilogic to identify detection gaps and validate against MITRE ATT&CK
  • Manage the full lifecycle of detections including creation, validation, deployment, tuning, and retirement within Anvilogic
  • Collaborate with SOC and IR teams to streamline workflows and reduce false positives using Anvilogic-driven integration
  • Engineer detection solutions with compliance in mind (e.g., PCI-DSS, HIPAA, SOX, GLBA)
  • Partner with SOC, IR, Threat Intel, Red/Purple, Continuous Security Validation, and Data Engineering teams to validate detections, minimize false positives, and strengthen visibility

Requirements

  • Bachelor’s degree and five years of experience in systems engineering or administration or an equivalent combination of education and work experience
  • In-depth knowledge in applied enterprise information security technologies including but not limited to firewalls, intrusion detection/prevention systems, network operating systems, identity management, database activity monitoring, encryption, content filtering, and Mainframe security
  • Previous experience in planning and managing IT projects
  • 3+ years of experience in detection engineering, threat engineering, or a related security role
  • Expertise in Splunk SPL and detection development
  • Proficiency with SQL (MySQL, PostgreSQL, SQL Server)
  • Hands-on experience with Snowflake, including: Authoring SQL-based detections and threat hunts
  • Designing and managing Snowpipe pipelines for security data ingestion
  • Proven Splunk and Snowflake administration experience
  • Demonstrated ability to align detections to the MITRE ATT&CK framework
  • Experience operating in highly regulated industries
  • Relevant certifications: Splunk Certified Architect, SnowPro Core/Advanced, GIAC (GCDA, GCED, etc.)
  • Experience with No-Code/Low-Code Security Detection Engineering tools
  • Hands-on experience with Anvilogic (detection-as-code, orchestration, coverage analytics, lifecycle management)
  • Hands-on experience with Cribl/Databahn or similar for log routing, enrichment, and observability pipelines cost-optimized telemetry and data engineering integration
  • Python development experience
  • Banking or financial services experience
  • Docker, Kubernetes, containerization pipeline, and deployment experience
  • Other security certifications (e.g. GSEC, GCED, GPPA, etc.)
Benefits
  • Medical
  • Dental
  • Vision
  • Life insurance
  • Disability
  • Accidental death and dismemberment
  • Tax-preferred savings accounts
  • 401k plan
  • 10 days of vacation
  • 10 sick days
  • Paid holidays

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
SPLSQLSnowflakeAnvilogicCriblDockerKubernetesdetection engineeringthreat engineeringdata ingestion
Soft skills
collaborationproject managementproblem-solvingcommunicationworkflow optimizationanalytical thinkingattention to detailadaptabilityleadershipteamwork
Certifications
Splunk Certified ArchitectSnowPro CoreSnowPro AdvancedGIAC GCDAGIAC GCEDGSECGPPA