Principal Platform Engineer

About The Position

Requirements

• A minimum of seven+ years in a combination of professional services and financial services industry
• Five+ years of product management experience
• Deep understanding of software development methodologies and best practices
• Deep and broad experience in digital banking, financial services, or other complex transactional services
• Experience leading complex, cross-functional initiatives and large scale projects
• Demonstrable understanding and application of digital concepts and technology
• Ability to lead initiatives throughout the software development lifecycle, including post implementation
• Bachelors' degree in business, engineering, design, or technology field; banking or financial management education or equivalent education and related training
• Strong strategic thinker, with ability to quickly assess complex problems, prioritize key issues, and focus on relevant facts
• Demonstrated experience in managing a varied team of professionals in a project-based environment and a proven ability to coach and develop a team
• Outstanding skills presenting/communicating ideas and data to Executive level leaders
• Sound business judgment and ability to build a business case around a product or service
• Expert relationship builder; developing open, effective, considerate, and productive working relationships. Can "work the matrix" and gain credibility quickly with internal and external constituents.
• High level of adaptability; responds appropriately and competently to the demands of work challenges when confronted with change, ambiguity, adversity, and other pressures.

Nice To Haves

• Deep hands-on experience securing Azure and AWS at enterprise scale.
• Strong understanding of:
• Cloud networking (VPC/VNet, routing, private endpoints, load balancing)
• Identity and access management
• Cloud-native security services and shared responsibility models
• Proven experience with Wiz or comparable cloud security posture/workload protection platforms.
• Strong knowledge of DevSecOps and CI/CD pipeline security.
• Experience securing:
• Containers and Kubernetes (AKS/EKS)
• Serverless and managed cloud services
• Infrastructure as Code (Terraform, ARM, CloudFormation)
• Demonstrated ability to design secure, scalable cloud architectures.
• Strong understanding of threat modeling, attack surfaces, and cloud threat vectors.
• Ability to move seamlessly between high-level architecture and low-level technical implementation.
• 10+ years in security engineering, cloud engineering, or security architecture roles.
• Prior experience in large-scale enterprise or regulated environments strongly preferred.
• Experience working closely with platform, DevOps, and application teams.
• Cloud security certifications (e.g., AWS Security Specialty, Azure Security Engineer).
• Experience in financial services or highly regulated industries.
• Strong scripting or automation skills (Python, PowerShell, Bash).
• Experience defining cloud security operating models and standards.

Responsibilities

• Cloud Security Architecture & Design
• Act as the primary security design engineer for Azure and AWS cloud platforms, defining secure reference architectures, patterns, and guardrails.
• Design and implement security controls for cloud-native services including compute, networking, storage, identity, containers, and managed services.
• Own cloud security architecture decisions across multi-account / multi-subscription environments.
• Ensure architectures align with zero trust principles, least privilege access, and defense-in-depth strategies.
• Security Engineering & Implementation
• Engineer and integrate cloud security solutions directly into Azure and AWS environments.
• Design and implement identity and access management (IAM) strategies using Azure AD, AWS IAM, and federated identity models.
• Secure containerized and Kubernetes-based platforms (AKS, EKS) including workload identity, runtime security, and network segmentation.
• Provide hands-on support for complex security engineering challenges across application and infrastructure teams.
• DevSecOps & CI/CD Security
• Embed security controls into CI/CD pipelines, enabling automated security testing and policy enforcement.
• Design secure pipelines using DevSecOps practices such as:
• Infrastructure as Code (IaC) security
• Secret management and rotation
• Automated policy-as-code enforcement
• Partner with engineering teams to shift security left while maintaining developer velocity.
• Cloud Security Tooling & Visibility
• Lead the architecture and usage of cloud security posture and workload protection tools, including Wiz.
• Integrate security tooling with cloud-native services such as Azure Security Center / Defender and AWS Security Hub.
• Design security telemetry, alerting, and visibility strategies to support threat detection and incident response.
• Governance, Risk & Compliance Enablement
• Translate security and regulatory requirements into actionable cloud security designs.
• Define security standards, patterns, and architectural guardrails for cloud adoption.
• Provide expert guidance during security reviews, threat modeling, and design assessments.
• Technical Leadership & Influence
• Serve as a trusted advisor and technical leader across security, cloud, and engineering organizations.
• Mentor senior engineers and architects on cloud security best practices.
• Drive security architecture decisions through influence, not authority.
• Cross Functional Collaboration & Stakeholder Engagement
• Partner closely with Cloud Platform Engineering teams to ensure security is embedded into Azure and AWS platform designs, landing zones, and shared services from inception.
• Collaborate with Security Architecture teams to align cloud security designs with enterprise security strategy, reference architectures, and risk posture.
• Work with Compliance, Risk, and Governance teams to translate regulatory and policy requirements into practical, scalable cloud security controls.
• Engage Application Engineering and DevOps teams to enable secure-by-default architectures while maintaining agility and developer velocity.
• Serve as the primary cloud security liaison across infrastructure, identity, networking, and application domains.
• Influence architectural decisions through technical expertise, design reviews, and threat modeling sessions.
• Communicate complex security concepts clearly to both technical and non-technical stakeholders.

Benefits

• All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position.
• Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates.
• Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays.
• Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan.