Lead Information Security Engineer - Vulnerability Management

Make banking a Fifth Third better®

We connect great people to great opportunities. Are you ready to take the next step? Discover a career in banking at Fifth Third Bank.

The Lead Information Security Engineer on the EVM Remediation team will be supporting the continuous vulnerability remediation process and reduce Fifth Third Bank’s attack surface across cloud and traditional infrastructure, endpoints, and applications. This role is responsible for managing vulnerabilities from various scanning tools, analyzing, prioritizing, and communicating relevant, actionable information across the bank and our lines of business (LOBs). This role will also undertake project deliverables as needed to contribute to the maturity of the Enterprise Vulnerability Management program.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Act as technical lead for squad.
• Mentor junior members of the team and provide guidance/expertise as needed.
• Manage reporting and timely remediation for vulnerabilities from infrastructure scans, cloud, containers, penetration testing, source code (SAST/SCA) and Bug Bounty.
• Report and track metrics, KPIs and KRIs with proactive escalations to maintain risk within acceptable appetite.
• Communicate effectively to engage and collaborate with key stakeholders on remediation, provide guidance, perform escalations, and follow through vulnerability closure.
• Perform data analysis at scale and drive informed decisions with vulnerability prioritization and remediation campaigns.
• Design and improve dashboards to enable Self-Service for remediation teams.
• Manage requests for False Positives, Exceptions and Risk Acceptance for vulnerabilities.
• Prioritize emerging threats and 0days as they surface through Threat Intelligence
• Consistently seek opportunities to improve EVM processes and demonstrate measurable impact towards reducing inefficiencies through implementation of Lean practices.
• Stay abreast of emerging technologies, actively engage in continuous learning to master new skills, and contribute to culture of continuous improvement and professional growth.
• If local to office, collaborate in-person periodically to build network and drive Information Security awareness.

MINIMUM KNOWLEDGE, SKILLS AND ABILITIES REQUIRED:

• At least 6 years of related hands-on experience in Vulnerability Management or IS Engineering.
• Ability to self-manage time, manage assigned workload, and drive tasks with minimal to no oversight.
• Ability to translate business requirements and strategic goals into project plans with well-defined engineering tasks to ensure execution.
• Strong technical expertise in Information Security with demonstrated experience in researching and triaging emerging threats, assessing asset impacts, and communicating criticality effectively.
• Strong understanding of security concepts, best practices, and risk assessments.
• Skilled in effective oral and written communication, including presentations to Senior management, various levels of business and IT stakeholders, and technical resources.
• Strong documentation and governance skills which can be leveraged to create runbooks, respond to audit requests, and create broadcast communications for dissemination to application teams.
• Strong analytical and proactive problem-solving skills to identify and address issues before they escalate.
• Bachelor’s degree in computer science/information systems.
• Experience working with scripting (Python) is a plus.
• Broad IT and Networking work experience is a plus.
• Industry Standard Certifications such as, but not limited to: CompTIA Security+, CISSP, CISM, GIAC and AWS are preferred.

Fifth Third Bank, National Association is proud to have an engaged and inclusive culture and to promote and ensure equal employment opportunity in all employment decisions regardless of race, color, gender, national origin, religion, age, disability, sexual orientation, gender identity, military status, veteran status or any other legally protected status.