Fifth Third BankRemote
Lead Information Security Engineer - Vulnerability Management
United States of America
Full Time
6 days ago
$82,000 - $172,000 USD
No H1B
Key skills
PythonSQLPowerShellBIPower BIAWSServiceNowAgileCI/CDLeadershipCommunicationCloud Security
About this role
Fifth Third Bank is committed to improving customer experiences and is seeking a Lead Information Security Engineer for their Enterprise Vulnerability Management team. The role focuses on supporting vulnerability remediation processes and collaborating with various teams to maintain a strong security posture across the bank's infrastructure and applications.
Responsibilities:
- Serve as the primary escalation point and subject matter expert for the most complex and high‑risk remediation issues across infrastructure, cloud, containers, applications, and code
- Provide advanced technical guidance on remediation paths, exploitability assessment, scanning output interpretation, and multi‑layered False Positive evaluations
- Stay up to date on the latest vulnerabilities, exploitation techniques, and exploits
- Independently own intake, investigation, escalation, and mitigation reviews for high-impact items such as critical vulnerabilities, emerging threats, and executive escalations
- Drive and own sophisticated remediation planning that includes dependency mapping, coordinated timelines, and long-term fixes
- Perform analytical reviews of large datasets to identify meaningful trends and shape targeted remediation campaigns for the highest areas of risk
- Conduct proactive follow-up on stalled plans and escalate appropriately when remediation does not progress
- Deliver expert-level communication to technical and non-technical stakeholders to ensure clarity of risk, urgency, and remediation requirements
- Oversee False Positive determinations, Exception requests, and Risk Acceptance submissions to ensure accuracy, thoroughness, and adherence to governance standards
- Partner with teams across Information Security and application teams across the Bank to ensure complex issues are addressed correctly and efficiently
- Report and track vulnerability metrics, KPIs, and KRIs with proactive escalations to maintain risk within acceptable appetite
- Create impactful presentations to deliver key metrics and data to senior leadership
- Conceptualize, design, and update dashboards and workflows utilizing scripting, Power Automate, PowerBI, ServiceNOW, Brinqa, and/or other tools/processes as appropriate
- Utilize macros, scripting, formulas, and optimizations for workflows in Excel
- Work within Agile framework to deliver incremental value
- Proactively identify opportunities for, and volunteer to, improve EVM processes and demonstrate measurable impact towards reducing inefficiencies
- Build and maintain standards, playbooks, and repeatable processes to improve the efficiency and maturity of the vulnerability management program
- Mentor junior and mid‑level engineers through hands-on support, structured coaching, and direct involvement in complex cases
- Contribute to the evolution of the Program and contribute to additional duties and projects as appropriate
Requirements:
- At least 6 years of related and recent hands-on experience in Vulnerability Management, IS Engineering or similar Information Security domains
- Strong attention to detail, and advanced understanding of security architecture, networking, operating systems, identity, and cloud services
- Demonstrated experience in risk articulation, and remediation strategies across common technology stacks
- Experience with threat intelligence inputs and applying exploitability context to remediation prioritization
- Demonstrated experience triaging and prioritizing complex findings from scanning tools and translating technical findings into actionable remediation guidance
- Strong written and verbal communication skills, including the ability to communicate effectively with senior leaders and with deeply technical teams
- Proven analytical and problem-solving skills, including the ability to interpret large datasets and identify meaningful trends
- Experience collaborating across multiple teams and influencing outcomes without direct authority
- Bachelor's degree in computer science/information systems or equivalent combination of education and experience
- Certifications such as Security+, CISSP, CISM, GIAC, or cloud certifications (AWS preferred)
- Experience supporting at least one of the following: cloud security, container security, application security, or code scanning programs
- Experience building in, and maintaining enterprise workflow and reporting platforms such as ServiceNow, Brinqa, Power BI, and Power Automate
- Working knowledge of scripting (for example Python, PowerShell, SQL) to support data analysis and workflow automation
- Demonstrated experience in sysadmin, networking, or SOC roles
- Experience embedding security controls into CI/CD pipelines and DevSecOps workflows
- Hands-on experience implementing cybersecurity frameworks such as NIST CSF, NIST 800-53, CIS Controls, ISO 27001, and PCI DSS, including practical work aligning controls, assessing gaps, and guiding teams through remediation and compliance activities