Job Description

Make banking a Fifth Third better®
We connect great people to great opportunities. Are you ready to take the next step? Discover a career in banking at Fifth Third Bank.

The Lead Information Security Engineer on the Enterprise Vulnerability Management (EVM) Remediation team will support the continuous vulnerability remediation process and reduce the Fifth Third Bank’s attack surface across infrastructure, endpoints, and applications on prem and in cloud environments.

The ideal candidate excels at deep investigative analysis into complex problems to identify risks and gaps before they can be exploited. They bring strong expertise across the full Vulnerability Management Lifecycle, including asset discovery, internal and external scanning, contextual and risk-based analysis, CVE triage, reporting, and remediation.

The position requires a solid foundation in security, with demonstrated broad prior experience in foundational roles such as help desk, system administration, networking, SOC operations, & software engineering.

The successful candidate will play a key role in maintaining a strong security posture through close collaboration with infrastructure, development, product, and other teams across Fifth Third Bank to embed security from design through deployment and into ongoing operations.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

Vulnerability Mgt – Remediation – 60%

• Serve as the primary escalation point and subject matter expert for the most complex and high‑risk remediation issues across infrastructure, cloud, containers, applications, and code.
• Provide advanced technical guidance on remediation paths, exploitability assessment, scanning output interpretation, and multi‑layered False Positive evaluations.
• Stay up to date on the latest vulnerabilities, exploitation techniques, and exploits.
• Independently own intake, investigation, escalation, and mitigation reviews for high-impact items such as critical vulnerabilities, emerging threats, and executive escalations.
• Drive and own sophisticated remediation planning that includes dependency mapping, coordinated timelines, and long-term fixes.
• Perform analytical reviews of large datasets to identify meaningful trends and shape targeted remediation campaigns for the highest areas of risk.
• Conduct proactive follow-up on stalled plans and escalate appropriately when remediation does not progress.
• Deliver expert-level communication to technical and non-technical stakeholders to ensure clarity of risk, urgency, and remediation requirements.
• Oversee False Positive determinations, Exception requests, and Risk Acceptance submissions to ensure accuracy, thoroughness, and adherence to governance standards.
• Partner with teams across Information Security and application teams across the Bank to ensure complex issues are addressed correctly and efficiently.

Metrics, Reporting & Dashboards – 25%

• Report and track vulnerability metrics, KPIs, and KRIs with proactive escalations to maintain risk within acceptable appetite.
• Create impactful presentations to deliver key metrics and data to senior leadership.
• Conceptualize, design, and update dashboards and workflows utilizing scripting, Power Automate, PowerBI, ServiceNOW, Brinqa, and/or other tools/processes as appropriate.
• Utilize macros, scripting, formulas, and optimizations for workflows in Excel.

Process Improvement & Documentation – 15%

• Work within Agile framework to deliver incremental value.
• Proactively identify opportunities for, and volunteer to, improve EVM processes and demonstrate measurable impact towards reducing inefficiencies.
• Build and maintain standards, playbooks, and repeatable processes to improve the efficiency and maturity of the vulnerability management program
• Mentor junior and mid‑level engineers through hands-on support, structured coaching, and direct involvement in complex cases.
• Contribute to the evolution of the Program and contribute to additional duties and projects as appropriate.

MINIMUM KNOWLEDGE, SKILLS AND ABILITIES REQUIRED:

• At least 6 years of related and recent hands-on experience in Vulnerability Management, IS Engineering or similar Information Security domains.
• Strong attention to detail, and advanced understanding of security architecture, networking, operating systems, identity, and cloud services.
• Demonstrated experience in risk articulation, and remediation strategies across common technology stacks.
• Experience with threat intelligence inputs and applying exploitability context to remediation prioritization.
• Demonstrated experience triaging and prioritizing complex findings from scanning tools and translating technical findings into actionable remediation guidance
• Strong written and verbal communication skills, including the ability to communicate effectively with senior leaders and with deeply technical teams.
• Proven analytical and problem-solving skills, including the ability to interpret large datasets and identify meaningful trends.
• Experience collaborating across multiple teams and influencing outcomes without direct authority.
• Bachelor’s degree in computer science/information systems or equivalent combination of education and experience.
• Certifications such as Security+, CISSP, CISM, GIAC, or cloud certifications (AWS preferred).

PREFERRED KNOWLEDGE, SKILLS AND ABILITIES:

• Experience supporting at least one of the following: cloud security, container security, application security, or code scanning programs.
• Experience building in, and maintaining enterprise workflow and reporting platforms such as ServiceNow, Brinqa, Power BI, and Power Automate.
• Working knowledge of scripting (for example Python, PowerShell, SQL) to support data analysis and workflow automation.
• Demonstrated experience in sysadmin, networking, or SOC roles.
• Experience embedding security controls into CI/CD pipelines and DevSecOps workflows.
• Hands-on experience implementing cybersecurity frameworks such as NIST CSF, NIST 800-53, CIS Controls, ISO 27001, and PCI DSS, including practical work aligning controls, assessing gaps, and guiding teams through remediation and compliance activities.

#LI-CB2

Please note that this position is not available for immigration sponsorship.

Lead Information Security Engineer - Vulnerability ManagementTotal Base Pay Range 82,100.00 - 172,500.00 USD Annual

At Fifth Third, we understand the importance of recognizing our employees for the role they play in improving the lives of our customers, communities and each other. Our Total Rewards include comprehensive benefits and differentiated compensation offerings to give each employee the opportunity to be their best every day.

The base salary for this position is reflective of the range of salary levels for all roles within this pay grade across the U.S. Individual salaries within this range will vary based on factors such as role, relevant skillset, relevant experience, education and geographic location. In addition to the base salary, this role is eligible to participate in an incentive compensation plan, with any such payment based upon company, line of business and/or individual performance.

Our extensive benefits programs are designed to support the individual needs of our employees and their families, encompassing physical, financial, emotional and social well-being. You can learn more about those programs on our 53.com Careers page at: https://www.53.com/content/fifth-third/en/careers/benefits.html or by consulting with your talent acquisition partner.

LOCATION -- Virtual, Ohio 00000

Attention search firms and staffing agencies: do not submit unsolicited resumes for this posting. Fifth Third does not accept resumes from any agency that does not have an active agreement with Fifth Third. Any unsolicited resumes – no matter how they are submitted – will be considered the property of Fifth Third and Fifth Third will not be responsible for any associated fee.

Fifth Third Bank, National Association is proud to have an engaged and inclusive culture and to promote and ensure equal employment opportunity in all employment decisions regardless of race, color, gender, national origin, religion, age, disability, sexual orientation, gender identity, military status, veteran status or any other legally protected status.