Job Description

Job Description

No Sponsorship will be provided for this role.

Location: On Site in Memphis, TN; Maryville, TN; Birmingham, AL; Lafayette,LA; New Orleans,LA; Charlotte, NC; Raleigh, NC or Dallas, TX

Weekly Schedule: Monday- Friday, 9am-5pm

About the role First Horizon Bank is seeking a mid-level Cyber Security Engineer to strengthen our security controls and incident response capabilities across on-prem and cloud environments. You will help safeguard our associates, our clients, and the data and systems they rely on by building, operating, and continuously improving core security technologies and processes.

What you'll do

• File Integrity Management (FIM)

• Deploy, tune, and administer FIM solutions (e.g., Qualys, SolarWinds, Tripwire) for critical servers, endpoints, and cloud workloads.

• Define baselines, reduce noise through policy tuning, and operationalize alerts and reporting.

• Vulnerability and Configuration Management

• Run continuous vulnerability management (e.g., Tenable, Qualys, Rapid7), coordinate remediation with platform/engineering teams, and track SLAs.

• Establish and enforce secure configuration baselines (CIS benchmarks/STIGs). Measure configuration drift and advise teams that are out of compliance.

• Partner with patch management owners to prioritize risk-based patching.

• Incident Response (IR) and Threat Operations

• Triage, investigate, and contain security incidents across endpoint, network, identity, email, and cloud; participate in on-call rotation.

• Develop and maintain playbooks and runbooks; contribute to post-incident reviews and corrective actions.

• Leverage SIEM/XDR/SOAR to correlate telemetry and automate high-confidence response actions.

• Cloud Security and Cloud Incident Response

• Monitor and investigate alerts across AWS/Azure/M365 (e.g., GuardDuty, Security Hub, Defender for Cloud/M365, Sentinel 1).

• Implement guardrails, logging, and detections for cloud identities, APIs, storage, and workloads; assist in hardening IaC patterns.

• Phishing Defense and Email Security

• Triage phishing submissions, coordinate takedowns, improve detections, and drive user awareness improvements.

• Malware Analysis and Endpoint Protection

• Perform initial malware triage, threat intel enrichment, sandboxing, and IOC extraction.

• Tune EDR policies, develop custom detections, and reduce false positives.

• Collaboration, Risk, and Compliance

• Partner with associates across IT, risk, audit, and compliance to align controls with policies and regulatory expectations (e.g., GLBA, FFIEC, PCI DSS).

• Work with managed service providers where applicable; ensure timely, high-quality incident handoffs and remediation.

• Contribute metrics and reporting on vulnerabilities, incidents, and control effectiveness.

What you'll bring

• 3-5 years of hands-on experience in security engineering or operations within enterprise or financial services environments.

• Demonstrated experience with:

• File Integrity Management (FIM) concepts and tools.

• Vulnerability management scanning, prioritization, and remediation workflows.

• Configuration management and secure baseline enforcement (CIS/STIG).

• Incident response, evidence handling, and containment/eradication practices.

• Cloud security fundamentals and cloud incident response (AWS, Azure, and/or M365).

• Phishing response and email security controls.

• Malware triage, IOC development, and EDR/EPP tuning.

• Proficiency with SIEM/XDR/SOAR platforms and log analysis.

• Scripting/automation skills (PowerShell and/or Python) to improve efficiency and response.

• Strong communication skills; ability to translate technical risk for non-technical stakeholders and collaborate effectively with associates across teams.

Preferred qualifications

• Certifications such as Security+, CySA+, GSEC, GCIH, GCIA, GCED, Azure/AWS Security Specialty, or equivalent experience.

• Experience with tools such as Splunk/Microsoft Sentinel, CrowdStrike/Carbon Black, Sentinel 1, M365 Defender, Tenable/Qualys/Rapid7, Qualys/SolarWinds/Tripwire, GuardDuty/Defender for Cloud, and ServiceNow CMDB.

• Familiarity with zero trust principles, identity security (MFA, PAM, conditional access), and data protection (DLP, encryption, tokenization).

Work style and schedule

• Position is onsite only

• Participation in an on-call rotation is required.

Why First Horizon Bank

• Make a direct impact protecting our clients' trust and the resilience of our financial services.

• Join a collaborative security team focused on measurable outcomes, continuous improvement, and career growth.

About Us

First Horizon Corporation is a leading regional financial services company, dedicated to helping our clients, communities and associates unlock their full potential with capital and counsel. Headquartered in Memphis, TN, the banking subsidiary First Horizon Bank operates in 12 states across the southern U.S. The Company and its subsidiaries offer commercial, private banking, consumer, small business, wealth and trust management, retail brokerage, capital markets, fixed income, and mortgage banking services. First Horizon has been recognized as one of the nation's best employers by Fortune and Forbes magazines and a Top 10 Most Reputable U.S. Bank. More information is available at .

Benefit Highlights

• Medical with wellness incentives, dental, and vision

• HSA with company match

• Maternity and parental leave

• Tuition reimbursement

• Mentor program

• 401(k) with 6% match

• More -- FirstHorizon.com/First -Horizon-National- Corporation/Careers/Our -Benefits

Follow Us

Facebook

X formerly Twitter

LinkedIn

Instagram

YouTube

Job Tags

Monday to Friday

Similar Jobs