Principal Platform Engineer

The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications. If you already have a profile with us, you can log in to check status.

Need Help?

If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries won't receive a response).

Regular or Temporary:
Regular

Language Fluency: English (Required)

Work Shift:
1st shift (United States of America)

Please review the following job description:

The Principal Cloud Security Design Engineer is responsible for defining, designing, and engineering the cloud security architecture for Truist's Azure and AWS environments. This role serves as the technical authority for cloud security, partnering with platform, enterprise architecture, infrastructure, application, and DevOps teams to embed security by design across cloud-native workloads.

This is a deeply technical, hands-on role requiring strong architectural judgment, engineering expertise, and the ability to influence security outcomes at enterprise scale.

ESSENTIAL DUTIES AND RESPONSIBILITIES
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.

Cloud Security Architecture & Design

• Act as the primary security design engineer for Azure and AWS cloud platforms, defining secure reference architectures, patterns, and guardrails.
• Design and implement security controls for cloud-native services including compute, networking, storage, identity, containers, and managed services.
• Own cloud security architecture decisions across multi-account / multi-subscription environments.
• Ensure architectures align with zero trust principles, least privilege access, and defense-in-depth strategies.

Security Engineering & Implementation

• Engineer and integrate cloud security solutions directly into Azure and AWS environments.
• Design and implement identity and access management (IAM) strategies using Azure AD, AWS IAM, and federated identity models.
• Secure containerized and Kubernetes-based platforms (AKS, EKS) including workload identity, runtime security, and network segmentation.
• Provide hands-on support for complex security engineering challenges across application and infrastructure teams.

DevSecOps & CI/CD Security

• Embed security controls into CI/CD pipelines, enabling automated security testing and policy enforcement.
• Design secure pipelines using DevSecOps practices such as:
• Infrastructure as Code (IaC) security
• Secret management and rotation
• Automated policy-as-code enforcement
• Partner with engineering teams to shift security left while maintaining developer velocity.

Cloud Security Tooling & Visibility

• Lead the architecture and usage of cloud security posture and workload protection tools, including Wiz.
• Integrate security tooling with cloud-native services such as Azure Security Center / Defender and AWS Security Hub.
• Design security telemetry, alerting, and visibility strategies to support threat detection and incident response.

Governance, Risk & Compliance Enablement

• Translate security and regulatory requirements into actionable cloud security designs.
• Define security standards, patterns, and architectural guardrails for cloud adoption.
• Provide expert guidance during security reviews, threat modeling, and design assessments.

Technical Leadership & Influence

• Serve as a trusted advisor and technical leader across security, cloud, and engineering organizations.
• Mentor senior engineers and architects on cloud security best practices.
• Drive security architecture decisions through influence, not authority.

Cross Functional Collaboration & Stakeholder Engagement

• Partner closely with Cloud Platform Engineering teams to ensure security is embedded into Azure and AWS platform designs, landing zones, and shared services from inception.
• Collaborate with Security Architecture teams to align cloud security designs with enterprise security strategy, reference architectures, and risk posture.
• Work with Compliance, Risk, and Governance teams to translate regulatory and policy requirements into practical, scalable cloud security controls.
• Engage Application Engineering and DevOps teams to enable secure-by-default architectures while maintaining agility and developer velocity.
• Serve as the primary cloud security liaison across infrastructure, identity, networking, and application domains.
• Influence architectural decisions through technical expertise, design reviews, and threat modeling sessions.
• Communicate complex security concepts clearly to both technical and non-technical stakeholders.

QUALIFICATIONS
Required Qualifications:
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• A minimum of seven+ years in a combination of professional services and financial services industry
• Five+ years of product management experience
• Deep understanding of software development methodologies and best practices
• Deep and broad experience in digital banking, financial services, or other complex transactional services
• Experience leading complex, cross-functional initiatives and large scale projects
• Demonstrable understanding and application of digital concepts and technology
• Ability to lead initiatives throughout the software development lifecycle, including post implementation
• Bachelors' degree in business, engineering, design, or technology field; banking or financial management education or equivalent education and related training
• Strong strategic thinker, with ability to quickly assess complex problems, prioritize key issues, and focus on relevant facts
• Demonstrated experience in managing a varied team of professionals in a project-based environment and a proven ability to coach and develop a team
• Outstanding skills presenting/communicating ideas and data to Executive level leaders
• Sound business judgment and ability to build a business case around a product or service
• Expert relationship builder; developing open, effective, considerate, and productive working relationships. Can "work the matrix" and gain credibility quickly with internal and external constituents.
• High level of adaptability; responds appropriately and competently to the demands of work challenges when confronted with change, ambiguity, adversity, and other pressures.

Preferred Qualifications:

Technical Expertise

• Deep hands-on experience securing Azure and AWS at enterprise scale.
• Strong understanding of:
  • Cloud networking (VPC/VNet, routing, private endpoints, load balancing)
  • Identity and access management
  • Cloud-native security services and shared responsibility models
• Proven experience with Wiz or comparable cloud security posture/workload protection platforms.
• Strong knowledge of DevSecOps and CI/CD pipeline security.
• Experience securing:
  • Containers and Kubernetes (AKS/EKS)
  • Serverless and managed cloud services
  • Infrastructure as Code (Terraform, ARM, CloudFormation)

Architecture & Engineering Skills

• Demonstrated ability to design secure, scalable cloud architectures.
• Strong understanding of threat modeling, attack surfaces, and cloud threat vectors.
• Ability to move seamlessly between high-level architecture and low-level technical implementation.

Professional Experience

• 10+ years in security engineering, cloud engineering, or security architecture roles.
• Prior experience in large-scale enterprise or regulated environments strongly preferred.
• Experience working closely with platform, DevOps, and application teams.

Preferred Experience

• Cloud security certifications (e.g., AWS Security Specialty, Azure Security Engineer).
• Experience in financial services or highly regulated industries.
• Strong scripting or automation skills (Python, PowerShell, Bash).
• Experience defining cloud security operating models and standards.

What Success Looks Like

• Cloud platforms are secure by design, not secured after the fact.
• Security controls are automated, scalable, and developer-friendly.
• Engineering teams trust and actively seek out security architecture guidance.
• Cloud security enables innovation while reducing risk.

OTHER JOB REQUIREMENTS / WORKING CONDITIONS

Sitting
Constantly (More than 50% of the time)
Standing
Frequently (25% - 50% of the time)
Walking
Frequently (25% - 50% of the time)
Visual / Audio / Speaking
Able to access and interpret client information received from the computer and able to hear and speak with individuals in person and on the phone.
Manual Dexterity / Keyboarding
Able to work standard office equipment, including PC keyboard and mouse, copy/fax machines, and printers.
Availability
Able to work all hours scheduled, including overtime as directed by manager/supervisor and required by business need.
Travel
Minimal and up to 10%

General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist's generous benefit plans, please visit our Benefits site. Depending on the position and division, this job may also be eligible for Truist's defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work.

Truist is an Equal Opportunity Employer that does not discriminate on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status, or other classification protected by law. Truist is a Drug Free Workplace.

EEO is the Law E-Verify IER Right to Work