Principal Platform Engineer

The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications. If you already have a profile with us, you can log in to check status.

Need Help?

If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries won't receive a response).

Regular or Temporary:

Regular

Language Fluency: English (Required)

Work Shift:

1st shift (United States of America)

Please review the following job description:

The Principal Cloud Security Design Engineer is responsible for defining, designing, and engineering the cloud security architecture for Truist’s Azure and AWS environments. This role serves as the technical authority for cloud security, partnering with platform, enterprise architecture, infrastructure, application, and DevOps teams to embed security by design across cloud-native workloads.

This is a deeply technical, hands-on role requiring strong architectural judgment, engineering expertise, and the ability to influence security outcomes at enterprise scale.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.

Cloud Security Architecture & Design

• Act as the primary security design engineer for Azure and AWS cloud platforms, defining secure reference architectures, patterns, and guardrails.
• Design and implement security controls for cloud-native services including compute, networking, storage, identity, containers, and managed services.
• Own cloud security architecture decisions across multi-account / multi-subscription environments.
• Ensure architectures align with zero trust principles, least privilege access, and defense-in-depth strategies.

Security Engineering & Implementation

• Engineer and integrate cloud security solutions directly into Azure and AWS environments.
• Design and implement identity and access management (IAM) strategies using Azure AD, AWS IAM, and federated identity models.
• Secure containerized and Kubernetes-based platforms (AKS, EKS) including workload identity, runtime security, and network segmentation.
• Provide hands-on support for complex security engineering challenges across application and infrastructure teams.

DevSecOps & CI/CD Security

• Embed security controls into CI/CD pipelines, enabling automated security testing and policy enforcement.
• Design secure pipelines using DevSecOps practices such as:
• Infrastructure as Code (IaC) security
• Secret management and rotation
• Automated policy-as-code enforcement
• Partner with engineering teams to shift security left while maintaining developer velocity.

Cloud Security Tooling & Visibility

• Lead the architecture and usage of cloud security posture and workload protection tools, including Wiz.
• Integrate security tooling with cloud-native services such as Azure Security Center / Defender and AWS Security Hub.
• Design security telemetry, alerting, and visibility strategies to support threat detection and incident response.

Governance, Risk & Compliance Enablement

• Translate security and regulatory requirements into actionable cloud security designs.
• Define security standards, patterns, and architectural guardrails for cloud adoption.
• Provide expert guidance during security reviews, threat modeling, and design assessments.

Technical Leadership & Influence

• Serve as a trusted advisor and technical leader across security, cloud, and engineering organizations.
• Mentor senior engineers and architects on cloud security best practices.
• Drive security architecture decisions through influence, not authority.

Cross Functional Collaboration & Stakeholder Engagement

• Partner closely with Cloud Platform Engineering teams to ensure security is embedded into Azure and AWS platform designs, landing zones, and shared services from inception.
• Collaborate with Security Architecture teams to align cloud security designs with enterprise security strategy, reference architectures, and risk posture.
• Work with Compliance, Risk, and Governance teams to translate regulatory and policy requirements into practical, scalable cloud security controls.
• Engage Application Engineering and DevOps teams to enable secure-by-default architectures while maintaining agility and developer velocity.
• Serve as the primary cloud security liaison across infrastructure, identity, networking, and application domains.
• Influence architectural decisions through technical expertise, design reviews, and threat modeling sessions.
• Communicate complex security concepts clearly to both technical and non-technical stakeholder