Senior Security Engineer - Proxy & Cloud Security Platform

Senior Security Engineer

The Senior Security Engineer on the Proxy Team is responsible for evolving and sustaining the enterprise secure access platform to meet a rapidly changing security landscape driven by AI, cloud-native architectures, and advanced threat techniques. This role focuses on modernizing internet access and traffic control capabilities, integrating next-generation security features, and leveraging automation to improve visibility, security posture, scalability, and operational efficiency across the enterprise.

The role also ensures consistent policy enforcement across encrypted, non-HTTP, and real-time traffic patterns. This position is onsite, office-centric (5 days a week), based in a Truist core location:
North Carolina:
Charlotte/Raleigh Georgia:
Atlanta

Essential Duties And Responsibilities Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.

• Lead the design, implementation, and continuous improvement of the enterprise secure access platform, ensuring alignment with emerging threats, AI-driven workloads, and evolving business requirements.
• Design and govern traffic steering strategies, including proxy, bypass, and direct-to-cloud patterns, ensuring optimal handling of Microsoft 365, real-time, and non-HTTP traffic flows.
• Drive adoption of advanced and emerging security capabilities that modernize the platform and enable rapid response to evolving business and threat landscape demands.
• Evaluate, test, and integrate new security features and technologies through proof-of-concept (POC) and proof-of-value (POV) initiatives.
• Architect and implement automation to eliminate manual tasks, improve operational consistency, and increase team efficiency using scripting, APIs, and orchestration tools.
• Develop automation and policy-as-code approaches for the enterprise secure access platform configuration management, enabling consistent deployment, validation, and compliance enforcement across environments.
• Perform threat modeling and security design reviews across application and network architectures, with emphasis on cloud, SaaS, AI-enabled environments, and emerging protocols such as HTTP/3 and QUIC.
• Evaluate the impact of encrypted traffic, TLS inspection, and modern protocols on security controls and user experience.
• Provide expert-level operational support and troubleshooting for secure web gateway and cloud-delivered security platforms, including analysis of encrypted, proxied, and non-proxied traffic flows.
• Lead medium-complexity initiatives and projects while coordinating with cross-functional partners to deliver scalable security solutions.
• Mentor junior engineers and provide technical guidance to promote platform maturity and operational excellence.
• Serve as a technical leader and delegated team lead as required, supporting system documentation, approvals, attestations, and audits.
• Provide leadership in complex, multi-disciplinary and cross-functional troubleshooting meetings, including ownership and the ability to drive resolution.

Qualifications Required Qualifications The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Bachelor's degree or equivalent education, training, and work-related experience.
• Minimum of 7 years of experience in security engineering or related cybersecurity roles.
• Deep specialized knowledge in cybersecurity principles, theories, and concepts.
• Proven experience in software development lifecycle security practices.
• Deep knowledge of threat modeling, security testing, and penetration testing.
• Experience implementing and managing complex information security technologies.

Preferred Qualifications

• Strong cybersecurity engineering background with expertise in proxy, firewall, and network security, including advanced traffic routing, tunneling, and secure forwarding architectures (DLP, GRE, IPSec, PAC).
• Hands-on experience engineering and operating cloud-delivered security platforms, including Zscaler, with a deep understanding of Zero Trust (SSE/ZTNA) architectures.
• Expert-level troubleshooting in complex enterprise environments with experience in log analysis and monitoring tools (e.g., Splunk).
• Experience with modern identity and access integrations, including Entra  (Azure AD), SAML, SSO, and SCIM.
• Proficiency in automation and platform engineering using Python, Power Shell, APIs, orchestration frameworks, Git Lab SaaS, and CI/CD or Infrastructure-as-Code practices.
• Experience integrating security platforms (e.g., Crowd Strike) and enterprise systems such as Service Now.
• Knowledge of Microsoft 365 network optimization and traffic handling (proxy vs bypass), including TLS inspection strategies, certificate management, and encrypted traffic visibility challenges.
• Familiarity with modern internet…