Cyber Security Engineer

About The Position

Requirements

• 3–5 years of hands-on experience in security engineering or operations within enterprise or financial services environments.
• Demonstrated experience with:
• File Integrity Management (FIM) concepts and tools.
• Vulnerability management scanning, prioritization, and remediation workflows.
• Configuration management and secure baseline enforcement (CIS/STIG).
• Incident response, evidence handling, and containment/eradication practices.
• Cloud security fundamentals and cloud incident response (AWS, Azure, and/or M365).
• Phishing response and email security controls.
• Malware triage, IOC development, and EDR/EPP tuning.
• Proficiency with SIEM/XDR/SOAR platforms and log analysis.
• Scripting/automation skills (PowerShell and/or Python) to improve efficiency and response.
• Strong communication skills; ability to translate technical risk for non-technical stakeholders and collaborate effectively with associates across teams.

Nice To Haves

• Certifications such as Security+, CySA+, GSEC, GCIH, GCIA, GCED, Azure/AWS Security Specialty, or equivalent experience.
• Experience with tools such as Splunk/Microsoft Sentinel, CrowdStrike/Carbon Black, Sentinel 1, M365 Defender, Tenable/Qualys/Rapid7, Qualys/SolarWinds/Tripwire, GuardDuty/Defender for Cloud, and ServiceNow CMDB.
• Familiarity with zero trust principles, identity security (MFA, PAM, conditional access), and data protection (DLP, encryption, tokenization).

Responsibilities

• File Integrity Management (FIM)
• Deploy, tune, and administer FIM solutions (e.g., Qualys, SolarWinds, Tripwire) for critical servers, endpoints, and cloud workloads.
• Define baselines, reduce noise through policy tuning, and operationalize alerts and reporting.
• Vulnerability and Configuration Management
• Run continuous vulnerability management (e.g., Tenable, Qualys, Rapid7), coordinate remediation with platform/engineering teams, and track SLAs.
• Establish and enforce secure configuration baselines (CIS benchmarks/STIGs). Measure configuration drift and advise teams that are out of compliance.
• Partner with patch management owners to prioritize risk-based patching.
• Incident Response (IR) and Threat Operations
• Triage, investigate, and contain security incidents across endpoint, network, identity, email, and cloud; participate in on-call rotation.
• Develop and maintain playbooks and runbooks; contribute to post-incident reviews and corrective actions.
• Leverage SIEM/XDR/SOAR to correlate telemetry and automate high-confidence response actions.
• Cloud Security and Cloud Incident Response
• Monitor and investigate alerts across AWS/Azure/M365 (e.g., GuardDuty, Security Hub, Defender for Cloud/M365, Sentinel 1).
• Implement guardrails, logging, and detections for cloud identities, APIs, storage, and workloads; assist in hardening IaC patterns.
• Phishing Defense and Email Security
• Triage phishing submissions, coordinate takedowns, improve detections, and drive user awareness improvements.
• Malware Analysis and Endpoint Protection
• Perform initial malware triage, threat intel enrichment, sandboxing, and IOC extraction.
• Tune EDR policies, develop custom detections, and reduce false positives.
• Collaboration, Risk, and Compliance
• Partner with associates across IT, risk, audit, and compliance to align controls with policies and regulatory expectations (e.g., GLBA, FFIEC, PCI DSS).
• Work with managed service providers where applicable; ensure timely, high-quality incident handoffs and remediation.
• Contribute metrics and reporting on vulnerabilities, incidents, and control effectiveness.

Benefits

• Medical with wellness incentives, dental, and vision
• HSA with company match
• Maternity and parental leave
• Tuition reimbursement
• Mentor program
• 401(k) with 6% match
• More -- FirstHorizon.com/First-Horizon-National-Corporation/Careers/Our-Benefits