Lead Information Security Engineer - Vulnerability Management
Company: Fifth Third Bank
Location: Remote (Remote)
Salary: $82,100 - $172,500 a year
Type: Full-time
Remote: Yes
Posted: 2026-05-08
About this role
Make banking a Fifth Third better®
We connect great people to great opportunities. Are you ready to take the next step? Discover a career in banking at Fifth Third Bank.
The Lead Information Security Engineer on the Enterprise Vulnerability Management (EVM) Remediation team will support the continuous vulnerability remediation process and reduce the Fifth Third Bank’s attack surface across infrastructure, endpoints, and applications on prem and in cloud environments.
The ideal candidate excels at deep investigative analysis into complex problems to identify risks and gaps before they can be exploited. They bring strong expertise across the full Vulnerability Management Lifecycle, including asset discovery, internal and external scanning, contextual and risk-based analysis, CVE triage, reporting, and remediation.
The position requires a solid foundation in security, with demonstrated broad prior experience in foundational roles such as help desk, system administration, networking, SOC operations, & software engineering.
The successful candidate will play a key role in maintaining a strong security posture through close collaboration with infrastructure, development, product, and other teams across Fifth Third Bank to embed security from design through deployment and into ongoing operations.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Vulnerability Mgt – Remediation – 60%
- Serve as the primary escalation point and subject matter expert for the most complex and high‑risk remediation issues across infrastructure, cloud, containers, applications, and code.
- Provide advanced technical guidance on remediation paths, exploitability assessment, scanning output interpretation, and multi‑layered False Positive evaluations.
- Stay up to date on the latest vulnerabilities, exploitation techniques, and exploits.
- Independently own intake, investigation, escalation, and mitigation reviews for high-impact items such as critical vulnerabilities, emerging threats, ...