Apply on Employer Site

Truist · 1 month ago

Cybersecurity Senior Engineer – Threat Engineering Detection Team

Raleigh NC - 3201 Beechleaf Court

Full-time

Onsite

Senior Level, Lead/Staff

8+ years exp

Truist Bank is seeking a highly skilled Senior Threat Detection Engineer to enhance their security platforms. This role focuses on designing and optimizing detection capabilities while collaborating with various teams to ensure comprehensive threat coverage and compliance.

BankingFinanceFinancial Services

H1B Sponsor Likely

Responsibilities

Design, develop, and maintain high-fidelity detections across Splunk, Snowflake, and related platforms

Author SPL-based detections (Splunk) and SQL-based queries (Snowflake, MySQL, PostgreSQL, SQL Server)

Design and optimize queries within Snowflake for detection logic and threat hunting

Configure and maintain Snowpipe pipelines for real-time and batch ingestion of security-relevant data

Partner with data engineering to ensure schema design and ingestion pipelines support scalable detection use cases

Design and maintain integrations with Cribl/Databahn (or similar platforms) for log routing, transformation, and observability pipeline efficiency, telemetry enrichment, normalization, and cost-optimized data movement

Provide administrative expertise for Splunk and Snowflake environments, ensuring resilience, scalability, and performance

Map detections to the MITRE ATT&CK framework to ensure comprehensive threat coverage

Use detection-as-code workflows for structured creation, testing, and deployment of detections

Leverage Anvilogic content packs and extend/customize them for organization-specific threats

Orchestrate multi-platform detection deployment across Splunk, Snowflake, and other SIEM/data lake platforms

Apply coverage analytics within Anvilogic to identify detection gaps and validate against MITRE ATT&CK

Manage the full lifecycle of detections including creation, validation, deployment, tuning, and retirement within Anvilogic

Collaborate with SOC and IR teams to streamline workflows and reduce false positives using Anvilogic-driven integration

Engineer detection solutions with compliance in mind (e.g., PCI-DSS, HIPAA, SOX, GLBA)

Partner with SOC, IR, Threat Intel, Red/Purple, Continuous Security Validation, and Data Engineering teams to validate detections, minimize false positives, and strengthen visibility

Qualification

Detection EngineeringSplunk SPLSnowflakeAnvilogicSQLMITRE ATT&CKCribl/DatabahnCybersecurity CertificationsPythonDockerKubernetesBanking Experience

Required

Bachelor's degree and eight years of experience in systems engineering or administration or an equivalent combination of education and work experience

Deep specialized and/or broad functional knowledge in applied enterprise information security technologies including but not limited to firewalls, intrusion detection/prevention systems, network operating systems, identity management, database activity monitoring, encryption, content filtering, and Mainframe security

Previous experience in leading complex IT projects

Preferred

5+ years of experience in detection engineering, threat engineering, or a related security role

Strong expertise in Splunk SPL and detection development

Proficiency with SQL (MySQL, PostgreSQL, SQL Server)

Hands-on experience with Snowflake, including: Authoring SQL-based detections and threat hunts, Designing and managing Snowpipe pipelines for security data ingestion

Proven Splunk and Snowflake administration experience

Demonstrated ability to align detections to the MITRE ATT&CK framework

Experience operating in highly regulated industries

Hands-on experience with Anvilogic (detection-as-code, orchestration, coverage analytics, lifecycle management)

Hands-on experience with Cribl/Databahn or similar for log routing, enrichment, and observability pipelines cost-optimized telemetry and data engineering integration

Relevant certifications: Splunk Certified Architect, SnowPro Core/Advanced, GIAC (GCDA, GCED, etc.)

Deep specialized and/or broad functional knowledge in applied enterprise information security technologies

Previous experience in leading complex IT projects

Experience with No-Code/Low-Code Security Detection Engineering tools

Python development experience

Banking or financial services experience

Docker, Kubernetes, containerization pipeline, and deployment experience

Other security certifications (e.g. GSEC, GCED, GPPA, etc.)

Experience operationalizing Cyber use cases with Large Language Models (LLMs)

Benefits

Medical

Dental

Vision

Life insurance

Disability

Accidental death and dismemberment

Tax-preferred savings accounts

401k plan

Vacation

Sick days

Paid holidays

Defined benefit pension plan

Restricted stock units

Deferred compensation plan

Company

Truist

Glassdoor3.3

Truist is the sixth-largest commercial bank in the U.S.

Founded in 2019

Charlotte, North Carolina, USA

10001+ employees

https://www.truist.com

H1B Sponsorship

Truist has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (313)

2024 (247)

2023 (288)

2022 (275)

2021 (278)

2020 (270)

Funding

Current Stage

Late Stage

Total Funding

unknown

2021-01-01Seed

Leadership Team

Michael Maguire

Chief Financial Officer

James Cordovana

SVP of Cloud Security Enterprise Architect

Recent News

Maryland Daily Record

T.J. HUGHES

2026-01-03

MarketScreener

Ramaco Resources Inc. Announces Substantial Increase In Size of Revolving Credit Facility and Extension of Its Term

2025-12-30

PR Newswire

Truist streamlines digital account opening with direct deposit switching

2025-12-18

Company data provided by crunchbase