Sr Engineer – Cybersecurity – Cyber Operations Process & Analytics
| Company | T-Mobile |
|---|---|
| Location | Frisco, TX, USA, Reston, VA, USA, Bellevue, WA, USA, Overland Park, KS, USA |
| Salary | $103400 – $186400 |
| Type | Full-Time |
| Degrees | Bachelor’s |
| Experience Level | Mid Level, Senior |
Requirements
- Bachelor’s Degree in Computer Science or Information Technology or equivalent work experience
- 4-7 years of experience in info security technology or related field
- Experience with incident handling for security breaches
- Expert in security subject areas
- 2-4 years of technical project management
- Experience with high level design architecture, security technologies, networking, web services and SOA
- Understanding of encryption, obfuscation, tokenization technologies
- Medium to advanced knowledge of scripting tools (Python/Perl/Shell/HTML/PHP)
- Knowledge of federal & compliance regulations e.g. SOX, PCI & CPNI
- Familiarity with load balancers (ex – A10, F5), firewalls (ex – CheckPoint), Venafi, MDM (ex – Mobile Iron), Cloud (ex – AWS, Azure), Malware Protection (ex -FireEye), Advanced Persistent Threats (ex – Damballa), Privileged Accounts (ex – CyberArk), SIEM (ex – ArcSight), Log & Event (ex – Splunk), Intrusion IDS/IPS (ex – Symantec), Cloud Platform (ex – PCF, Docker), Scanning (ex – Qualys), AppSec (ex – Veracode)
- Solid understanding of T-Mobile’s network elements and how they work together (EIT, Engineering & 3rd Party)
- Strong presentation skills to large and small audiences
- In-depth knowledge of security standard processes in large-scale environments
- Strong problem solving / troubleshooting skills
- Dedicated and able to work under timelines
- Strong verbal and communication skills with diverse multi-functional groups & the ability to communicate effectively to small & large groups
- Knowledge of information security policies and regulatory controls (per team function)
- Demonstrable knowledge of current technological trends and developments in the area of info security
- Ability to plan, organize and prioritize tasks to complete independently; Ability to work under stress and meet tight timelines
- Authority in many facets of network & information security, including Firewall policy design, SSL Certificate management, vulnerability analysis & mitigation, and other topics as assigned.
Responsibilities
- Leads security, compliance, and risk assessments on projects throughout project lifecycle.
- Improves process efficiency by creating and implementing creative and sustainable changes to existing deployment methodologies.
- Leads the identification of security needs & recommends plans/resolutions.
- Implements, tests & monitors info security improvements.
- Maintains transparency inside & outside of information security at the People management level.
- Communicates with groups such as application support, engineering ops, finance, privacy, risk management, etc.
- Leads information security policy lifecycle throughout, including intake, creation, review, approval, implementation, publishing, communication & maintenance.
- Implements security projects driven by groups both internal and external to info security.
- Mentors peers and junior team members in security technologies, enterprise solution design and facilitation and effective customer interaction.
- Experience with implementation of various threat modeling approaches pertaining to one or more of the following STRIDE, PASTA, TRIKE, ATTACK TREE, DREAD, KILL CHAIN, CAPEC, Mobile Application threat model, Cyber Threat Tree, and data flow diagram.
- Authority in multiple facets of network & information security, including Firewall policy design, SSL Certificate management, vulnerability analysis & mitigation, and other topics as assigned.
- Sophisticated understanding of IP/Security solutions & technologies applicable to the Wireless Network Architecture.
- Experience with the analysis of underlying technologies that form the solution vital for the application of threat identification, analysis, and thread model design.
- The threat model depicts trust boundary, threat agent(s), threat vector(s), and safeguard(s) necessary to protect person, asset, data, and T-Mobile brand.
- Also responsible for other Duties/Projects as assigned by business management as needed.
Preferred Qualifications
- Certified Information Systems Security Professional (CISSP) CISSP and/or CCSK and/or CCSP and/or CISA/CISM certification a plus (Preferred)
- Certified Information Security Manager (CISM) (Preferred)
- Certified Information Systems Auditor (CISA) (Preferred)