Lead Vulnerability Remediation Engineer - Infrastructure Engineer
Listed on 2026-07-11
-
IT/Tech
Cybersecurity, Systems Engineer
Lead Infrastructure Engineer
The Lead Infrastructure Engineer within Truist's Digital Workplace organization is accountable for enterprise governance, risk reduction, and lifecycle oversight of endpoint vulnerabilities and configuration compliance across physical and virtual (VDI) environments. This role partners across engineering, operations, and security stakeholders to identify, prioritize, remediate, and prevent endpoint security exposures while producing defensible, repeatable, and scalable solutions aligned to Truist standards. This position supports a proactive operating model emphasizing automation, prevention, and measurable outcomes.
For this opportunity, Truist will not sponsor an applicant for work visa status or employment authorization, nor will we offer any immigration-related support for this position (including, but not limited to H-1B, F-1 OPT, F-1 STEM OPT, F-1 CPT, J-1, TN-1 or TN-2, E-3, O-1, or future sponsorship for U.S. lawful permanent residence status.)
This position is office-centric 5 days a week in our Truist hubs.
General Essential Duties and Responsibilities Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
Specific job Function:
1) Endpoint Vulnerability Management (Enterprise Scale)
Operate and mature the endpoint vulnerability lifecycle: discovery → prioritization → remediation → validation → reporting.
Perform vulnerability identification and prioritization using Qualys and or other security agents, including (but not limited to) Microsoft Security Updates and major 3rd‑party applications (e.g., Chrome, Edge, legacy dependencies where applicable).
Drive risk-based remediation workflows aligned to business impact, exploitability, and fleet exposure.
Validate remediation efficacy and ensure vulnerability closure is auditable and reproducible.
2) Secure Baseline Configuration (SBC) & Compliance (Windows 11 + VDI)
Own Secure Baseline Configuration compliance outcomes for Windows 11 across physical devices and VDI.
Detect and correct compliance drift; build governance routines to prevent recurring deviation.
Translate policy intent into enforceable configuration standards and operational guardrails.
3) Problem Management (Root Cause + Corrective Actions)
Lead or co-lead root cause analysis for recurring endpoint issues and systemic remediation failures.
Develop long-term corrective actions, workarounds, and knowledge artifacts that reduce repeat incidents.
Align problem practices to Digital Workplace Problem Management goals, templates/artifacts, tooling/automation, and metrics.
4) Configuration Management & Deployment Enablement (SCCM / MECM)
Leverage Microsoft Endpoint Configuration Manager (SCCM/MECM) to support remediation delivery at scale (packages, deployments, compliance baselines, reporting).
Troubleshoot deployment failures and endpoint state issues impacting remediation timelines.
Partner with endpoint…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).