Cybersecurity Engineer (ASM)

About The Position

Requirements

• Bachelor’s degree and five years of experience in systems engineering or administration or an equivalent combination of education and work experience
• Knowledge in applied enterprise information security technologies including but not limited to firewalls, intrusion detection/prevention systems, network operating systems, identity management, database activity monitoring, encryption, content filtering, and Mainframe security
• Previous experience in planning and managing IT projects
• Experience in designing and executing Attack Scenarios: Plan and conduct realistic cyberattack simulations that mimic real-world threat actor tactics, techniques, and procedures (TTPs).
• Analyze Simulation Results: Evaluate the outcomes of BAS, identifying weaknesses in security controls, vulnerabilities, and gaps in detection and response capabilities.
• Provide Actionable Recommendations: Develop and present recommendations to improve security policies, procedures, and technologies based on simulation findings.
• Document and Communicate: Maintain documentation of BAS methodologies, procedures, and results, and communicate findings to technical and non-technical stakeholders.
• Collaborate with Security Teams: Work with security analysts and engineers to adjust alerts, rules, and controls based on simulation results.
• Advanced Threat Hunting and Intelligence: Utilize threat intelligence to inform attack scenarios and identify emerging threats.
• Vulnerability Management: Identify, prioritize, and recommend remediation of high-risk vulnerabilities.
• Red Teaming and Blue Teaming: May also participate in red, purple, and blue team exercises to further evaluate security posture.
• Strong understanding of cybersecurity concepts, including attack vectors, TTPs, and security controls.
• Hands-on experience with architecting, maturing, and automation - CI/CD pipeline end to end lifecycle
• Experience with penetration testing, vulnerability management, and security tools.
• Proficiency in scripting for automation, data wrangling and enrichment (e.g., Python, PowerShell).
• Knowledge of common threat intelligence sources and frameworks.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work independently and as part of a team.
• Experience with cybersecurity frameworks and standards (e.g., NIST, MITRE ATT&CK and D3FEND).
• Experience with GRC engineering
• Strong knowledge of cloud security (AWS/Azure), PKI/TLS hygiene, DNS hardening, and external service posture.
• Hands-on experience with EASM platforms (e.g., Defender EASM, Cortex Xpanse, CyCognito, etc.) and strong understanding of internet-scale asset discovery
• Hands-on experience with vulnerability engineering or external attack surface security, with proven leadership in complex environments
• Experience with commercial BAS tools: AttackIQ, SafeBreach, Cymulate, etc.
• Experience with detection engineering and SOAR

Nice To Haves

• Experience with Breach and Attack (BAS) or Continuous Security Validation (CSV) tool(s)
• Bachelor’s degree and five years of experience or an equivalent combination of education and work experience
• Banking or financial services experience

Responsibilities

• Investigate and reproduce findings from EASM platforms (e.g., exposed services, misconfigurations, weak crypto, DNS issues, leaked assets)
• Perform Active/Passive Reconnaissance: Familiarity with open-source techniques and tools for profiling attack surface
• Develop tuning logic for discovery seeds and asset correlation. Continuously improve signal fidelity and automate common validation tasks
• Plan and conduct realistic cyberattack simulations that mirror real-world threat actor TTPs across enterprise environments.
• Assess BAS outcomes to identify security control gaps, vulnerabilities, and opportunities for improved detection and response.
• Develop and communicate prioritized recommendations to strengthen security policies, procedures, and technical controls.
• Work with red, blue, and purple teams, as well as incident response and threat intelligence groups, to adjust alerts, rules, and detection logic.
• Leverage threat intelligence to inform EASM scenarios and proactively address emerging threats.
• Contribute to the identification, prioritization, and remediation of vulnerabilities based on simulation and testing results.
• Maintain detailed documentation of ASM & BAS methodologies, procedures, and findings; communicate technical results clearly to both technical and non-technical stakeholders.
• Design, develop and maintain CI/CD Pipeline(s) (e.g., Gitlab, Terraform, AWS, Jenkins, Github)
• Design and Execute automation scripts (e.g., Python, Powershell, Bash, etc.)

Benefits

• Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates.
• Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays.
• Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan.