Cybersecurity Engineer – Threat Engineering Detection Team

Truist Bank-posted 9 days ago
Full-time • Mid Level
Charlotte, NC
5,001-10,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

Seeking a highly skilled Threat Detection Engineer to design, develop, and optimize enterprise-grade detection capabilities across our security platforms. This role demands expertise in detection engineering, data pipelines, and advanced analytics combined with proven experience working in highly regulated industries. A critical requirement for this position is the ability to learn and master Anvilogic, including detection-as-code, multi-platform orchestration, and coverage analytics. The role requires practical experience with Splunk, Snowflake for data ingestion and detection development, and forward-looking familiarity with Cribl /Databahn for scalable telemetry routing and enrichment. The ideal candidate will bring both technical mastery and a strategic mindset, helping our organization stay ahead of evolving adversary tactics.

  • Design, develop, and maintain high-fidelity detections across Splunk, Snowflake, and related platforms.
  • Author SPL-based detections (Splunk) and SQL-based queries (Snowflake, MySQL, PostgreSQL, SQL Server).
  • Design and optimize queries within Snowflake for detection logic and threat hunting.
  • Configure and maintain Snowpipe pipelines for real-time and batch ingestion of security-relevant data.
  • Partner with data engineering to ensure schema design and ingestion pipelines support scalable detection use cases.
  • Design and maintain integrations with Cribl/Databahn (or similar platforms) for log routing, transformation, and observability pipeline efficiency, telemetry enrichment, normalization, and cost-optimized data movement.
  • Provide administrative expertise for Splunk and Snowflake environments, ensuring resilience, scalability, and performance.
  • Map detections to the MITRE ATT&CK framework to ensure comprehensive threat coverage.
  • Use detection-as-code workflows for structured creation, testing, and deployment of detections.
  • Leverage Anvilogic content packs and extend/customize them for organization-specific threats.
  • Orchestrate multi-platform detection deployment across Splunk, Snowflake, and other SIEM/data lake platforms.
  • Apply coverage analytics within Anvilogic to identify detection gaps and validate against MITRE ATT&CK.
  • Manage the full lifecycle of detections including creation, validation, deployment, tuning, and retirement within Anvilogic.
  • Collaborate with SOC and IR teams to streamline workflows and reduce false positives using Anvilogic-driven integration.
  • Engineer detection solutions with compliance in mind (e.g., PCI-DSS, HIPAA, SOX, GLBA).
  • Partner with SOC, IR, Threat Intel, Red/Purple, Continuous Security Validation, and Data Engineering teams to validate detections, minimize false positives, and strengthen visibility.
  • Bachelor’s degree and five years of experience in systems engineering or administration or an equivalent combination of education and work experience
  • In-depth knowledge in applied enterprise information security technologies including but not limited to firewalls, intrusion detection/prevention systems, network operating systems, identity management, database activity monitoring, encryption, content filtering, and Mainframe security
  • Previous experience in planning and managing IT projects
  • 3+ years of experience in detection engineering, threat engineering, or a related security role
  • Expertise in Splunk SPL and detection development
  • Proficiency with SQL (MySQL, PostgreSQL, SQL Server)
  • Hands-on experience with Snowflake, including: Authoring SQL-based detections and threat hunts Designing and managing Snowpipe pipelines for security data ingestion
  • Proven Splunk and Snowflake administration experience
  • Demonstrated ability to align detections to the MITRE ATT&CK framework
  • Experience operating in highly regulated industries
  • Relevant certifications: Splunk Certified Architect, SnowPro Core/Advanced, GIAC (GCDA, GCED, etc.)
  • Deep specialized and/or broad functional knowledge in applied enterprise information security technologies
  • Previous experience in leading complex IT projects
  • Experience with No-Code/Low-Code Security Detection Engineering tools
  • Hands-on experience with Anvilogic (detection-as-code, orchestration, coverage analytics, lifecycle management)
  • Hands-on experience with Cribl/Databahn or similar for log routing, enrichment, and observability pipelines cost-optimized telemetry and data engineering integration
  • Python development experience
  • Banking or financial services experience
  • Docker, Kubernetes, containerization pipeline, and deployment experience
  • Other security certifications (e.g. GSEC, GCED, GPPA, etc.)
  • Experience operationalizing Cyber use cases with Large Language Models (LLMs)
  • Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates.
  • Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays.
  • Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan.
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Cybersecurity Engineer Resume Examples
Cybersecurity Engineer Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service