Truist

Senior Cybersecurity Engineer – ASM

Truist

full-time

Posted on:

Location Type: Office

Location: CharlotteNorth CarolinaVirginiaUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AssemblyAWSDNSFirewallsJenkinsPythonTerraform

About the role

  • Lead EASM Validation and Engineering: Investigate and reproduce findings from EASM platforms (e.g., exposed services, misconfigurations, weak crypto, DNS issues, leaked assets)
  • Perform Active/Passive Reconnaissance: Familiarity with open-source techniques and tools for profiling attack surface
  • Advance EASM Capabilities: Develop tuning logic for discovery seeds and asset correlation. Continuously improve signal fidelity and automate common validation tasks
  • Design and Execute BAS Scenarios: Plan and conduct realistic cyberattack simulations that mirror real-world threat actor TTPs across enterprise environments.
  • Analyze Simulation Results: Assess BAS outcomes to identify security control gaps, vulnerabilities, and opportunities for improved detection and response.
  • Provide Actionable Recommendations: Develop and communicate prioritized recommendations to strengthen security policies, procedures, and technical controls.
  • Collaborate Across Teams: Work with red, blue, and purple teams, as well as incident response and threat intelligence groups, to adjust alerts, rules, and detection logic.
  • Threat Hunting and Intelligence: Leverage threat intelligence to inform EASM scenarios and proactively address emerging threats.
  • Vulnerability Management Support: Contribute to the identification, prioritization, and remediation of vulnerabilities based on simulation and testing results.
  • Documentation and Reporting: Maintain detailed documentation of ASM & BAS methodologies, procedures, and findings; communicate technical results clearly to both technical and non-technical stakeholders.
  • Continuous Integration/Continuous Deployment (CI/CD): Design, develop and maintain CI/CD Pipeline(s) (e.g., Gitlab, Terraform, AWS, Jenkins, Github)
  • Automation/Scripting: Design and Execute automation scripts (e.g., Python, Powershell, Bash, etc.)

Requirements

  • Bachelor’s degree and five years of experience in systems engineering or administration or an equivalent combination of education and work experience
  • In-depth knowledge in applied enterprise information security technologies including but not limited to firewalls, intrusion detection/prevention systems, network operating systems, identity management, database activity monitoring, encryption, content filtering, and Mainframe security
  • Previous experience in planning and managing IT projects
Benefits
  • medical, dental, vision, life insurance
  • disability, accidental death and dismemberment
  • tax-preferred savings accounts
  • 401k plan
  • no less than 10 days of vacation
  • 10 sick days
  • paid holidays
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
EASM ValidationActive ReconnaissancePassive ReconnaissanceBAS ScenariosThreat HuntingVulnerability ManagementCI/CDAutomation ScriptingPythonPowershell
Soft Skills
CollaborationCommunicationAnalytical ThinkingProblem SolvingProject Management