Lead Information Security Engineer - Vulnerability Management

Fifth Third Bank

1d•Remote

About The Position

Make banking a Fifth Third better® We connect great people to great opportunities. Are you ready to take the next step? Discover a career in banking at Fifth Third Bank. The Lead Information Security Engineer on the Enterprise Vulnerability Management (EVM) Remediation team will support the continuous vulnerability remediation process and reduce the Fifth Third Bank’s attack surface across infrastructure, endpoints, and applications on prem and in cloud environments. The ideal candidate excels at deep investigative analysis into complex problems to identify risks and gaps before they can be exploited. They bring strong expertise across the full Vulnerability Management Lifecycle, including asset discovery, internal and external scanning, contextual and risk-based analysis, CVE triage, reporting, and remediation. The position requires a solid foundation in security, with demonstrated broad prior experience in foundational roles such as help desk, system administration, networking, SOC operations, & software engineering. The successful candidate will play a key role in maintaining a strong security posture through close collaboration with infrastructure, development, product, and other teams across Fifth Third Bank to embed security from design through deployment and into ongoing operations.

Requirements

At least 6 years of related and recent hands-on experience in Vulnerability Management, IS Engineering or similar Information Security domains.
Strong attention to detail, and advanced understanding of security architecture, networking, operating systems, identity, and cloud services.
Demonstrated experience in risk articulation, and remediation strategies across common technology stacks.
Experience with threat intelligence inputs and applying exploitability context to remediation prioritization.
Demonstrated experience triaging and prioritizing complex findings from scanning tools and translating technical findings into actionable remediation guidance
Strong written and verbal communication skills, including the ability to communicate effectively with senior leaders and with deeply technical teams.
Proven analytical and problem-solving skills, including the ability to interpret large datasets and identify meaningful trends.
Experience collaborating across multiple teams and influencing outcomes without direct authority.
Bachelor’s degree in computer science/information systems or equivalent combination of education and experience.
Certifications such as Security+, CISSP, CISM, GIAC, or cloud certifications (AWS preferred).

Nice To Haves

Experience supporting at least one of the following: cloud security, container security, application security, or code scanning programs.
Experience building in, and maintaining enterprise workflow and reporting platforms such as ServiceNow, Brinqa, Power BI, and Power Automate.
Working knowledge of scripting (for example Python, PowerShell, SQL) to support data analysis and workflow automation.
Demonstrated experience in sysadmin, networking, or SOC roles.
Experience embedding security controls into CI/CD pipelines and DevSecOps workflows.
Hands-on experience implementing cybersecurity frameworks such as NIST CSF, NIST 800-53, CIS Controls, ISO 27001, and PCI DSS, including practical work aligning controls, assessing gaps, and guiding teams through remediation and compliance activities.

Responsibilities

Serve as the primary escalation point and subject matter expert for the most complex and high‑risk remediation issues across infrastructure, cloud, containers, applications, and code.
Provide advanced technical guidance on remediation paths, exploitability assessment, scanning output interpretation, and multi‑layered False Positive evaluations.
Stay up to date on the latest vulnerabilities, exploitation techniques, and exploits.
Independently own intake, investigation, escalation, and mitigation reviews for high-impact items such as critical vulnerabilities, emerging threats, and executive escalations.
Drive and own sophisticated remediation planning that includes dependency mapping, coordinated timelines, and long-term fixes.
Perform analytical reviews of large datasets to identify meaningful trends and shape targeted remediation campaigns for the highest areas of risk.
Conduct proactive follow-up on stalled plans and escalate appropriately when remediation does not progress.
Deliver expert-level communication to technical and non-technical stakeholders to ensure clarity of risk, urgency, and remediation requirements.
Oversee False Positive determinations, Exception requests, and Risk Acceptance submissions to ensure accuracy, thoroughness, and adherence to governance standards.
Partner with teams across Information Security and application teams across the Bank to ensure complex issues are addressed correctly and efficiently.
Report and track vulnerability metrics, KPIs, and KRIs with proactive escalations to maintain risk within acceptable appetite.
Create impactful presentations to deliver key metrics and data to senior leadership.
Conceptualize, design, and update dashboards and workflows utilizing scripting, Power Automate, PowerBI, ServiceNOW, Brinqa, and/or other tools/processes as appropriate.
Utilize macros, scripting, formulas, and optimizations for workflows in Excel.
Work within Agile framework to deliver incremental value.
Proactively identify opportunities for, and volunteer to, improve EVM processes and demonstrate measurable impact towards reducing inefficiencies.
Build and maintain standards, playbooks, and repeatable processes to improve the efficiency and maturity of the vulnerability management program
Mentor junior and mid‑level engineers through hands-on support, structured coaching, and direct involvement in complex cases.
Contribute to the evolution of the Program and contribute to additional duties and projects as appropriate.