Sr Security Engineer - Vulnerability, Analysis and Response

Company: T-mobile
Location: Bellevue
Posted on: August 5, 2022

Job Description:

Be unstoppable with us!T-Mobile is synonymous with innovation-and you could be part of the team that disrupted an entire industry! We reinvented customer service, brought real 5G to the nation, and now we're shaping the future of technology in wireless and beyond. Our work is as exciting as it is rewarding, so consider the career opportunity below as your invitation to grow with us, make big things happen with us, above all, #BEYOU with us. Together, we won't stop!Are you ready to make a difference in the world of wireless security? Then come join the T-Mobile team as a Sr. Engineer, Cybersecurity - (Vulnerability Mgmt. Analysis and Response). The Sr Security Engineer will help ensure that our software, systems, and infrastructure are designed and implemented to the highest security standards. Performs technical security assessments, code reviews and vulnerability testing to highlight risk and remediate associated findings while helping T-Mobile teams and partners improve security. Works closely with other T-Mobile Engineers to design and build proactive methods to enhance our security posture. This position is responsible for overseeing auditing, analyzing, coordinating, and implementingsecurity measures to enhance security posture within mobile device, IoT device, enterprise line of business applications, cloud, big data, and core and carrier network technologies as well as other business units as needed. Collaborate with Security, Engineering & Operations Teams to address security vulnerabilities (to drive and support network security best practices). Perform detailed analysis to determine risk levels, associated with security concerns/vulnerabilities, and lead efforts to ensure a proper response is conducted; mitigating risk to ensure the Security of the T-Mobile Enterprise. Desired:

• 5+ years technical engineering experience
• At least 3 years' experience in performing vulnerability assessments, analysis, and response
• CISSP or closely related security certifications preferred
• Prior experience creating custom scripts to discover, fingerprint and detect ports/services as well as vulnerabilities/weaknesses using Python, Shell scripts, Nmap scripts, etc.
• In-depth experience supporting enterprise vulnerability management across IaaS, PaaS, and/or SaaS and mitigation techniques
• Firm understanding of Application vulnerabilities. Familiarity with vulnerabilities in Open Source and 3rd party libraries
• Basic knowledge of Security Frameworks such as NIST, HIPAA, PCI, GDPR, ISO 27001 27002
• Expert Knowledge of server hardening and best practices to ensure secure configurations. Also, an expert knowledge in vulnerabilities of various operating systems, databases, and networks
• Knowledge of industry standards relating to Vulnerability Management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP), etc.
• Strong knowledge of security control design and solution planning at the enterprise level.
• Able to work with minimal direction to determine solutions to cyber security concerns and issues
• Strong understanding of vulnerability management and security testing practices and methodologies including remote scans, credential scans, Agent based scans
• Understanding of networking concepts, network security architecture and common modern operating systems, including Windows, Mac OS X, Linux, Unix, and mobile device platforms including Android and iOS
  • Conduct vulnerability assessments at the network, operating system, database, and application levels
  • Consult with the scanning/detection team on custom scripts and detection methods to identify vulnerabilities when no automated identification method exists
  • Identifying the right combination of people, process, and technology to improve our detection capabilities (compensating controls)
  • Perform detailed Analysis to determine risk levels associated with security concerns/vulnerabilities, and lead efforts to ensure a proper response is conducted: to mitigate risk and ensure the Security of T-Mobile
  • Provide guidance/expertise in a wide range of security topics/issues including architecture, networking, server administration/operations, cloud, defense-in-depth
  • Drive Security projects. Expected to oversee/train other engineers as needed. Develops procedures to validate, enhance & optimize network. Creates validation tests & documents results. Able to prepare executive summaries and clearly communicate opportunities
  • Develops, designs, and implements new ideas which improve an existing and new system/process/service
  • Sense of urgency for critical security concerns
  • Ability and desire to work cooperatively with others on a team. Good communication skills a must Develop, maintain, and strengthen partnerships to provide information, assistance, and support. The ability to enhance others' commitment to their work*LI-KM3Minimum Requirements:
    • Bachelor's Degree in Computer Science, Information Technology, or related field from an accredited 4-year college or university, or related work experience
    • At least 18 years of age
    • Legally authorized to work in the United States
    • High School Diploma or GED
    • T-Mobile requires all employees in this position to be fully vaccinated for COVID-19 prior to starting work, unless precluded from doing so by applicable law. The CDC currently defines 'fully vaccinated' as two weeks after the second dose for Pfizer and Moderna, and two weeks after the single dose of Johnson & Johnson. T-Mobile will require proof of vaccination prior to successful applicant's first day of work, and will consider requests for exemption from this requirement during the offer phase (1) as a reasonable accommodation for medical reasons or sincerely held religious beliefs where the accommodation would not cause T-Mobile undue hardship or pose a direct threat to the health and safety of others, or (2) for other reasons under applicable lawNever stop growing!T-Mobile doesn't have a corporate ladder-it's more like a jungle gym of possibilities! We love helping our employees grow in their careers, because it's that shared drive to aim high that drives our business and our culture forward.If you'd like to receive more information about careers at T-Mobile, sign up for the T-Mobile Talent Community today! T-Mobile USA, Inc. is an Equal Opportunity Employer. All decisions concerning the employment relationship will be made without regard to age, race, ethnicity, color, religion, creed, sex, sexual orientation, gender identity or expression, national origin, religious affiliation, marital status, citizenship status, veteran status, the presence of any physical or mental disability, or any other status or characteristic protected by federal, state, or local law. Discrimination, retaliation or harassment based upon any of these factors is wholly inconsistent with how we do business and will not be tolerated.Talent comes in all forms at the Un-carrier. If you are an individual with a disability and need reasonable accommodation at any point in the application or interview process, please let us know by emailing ApplicantAccommodation@t-mobile.com or calling 1-844-873-9500. Please note, this contact channel is not a means to apply for or inquire about a position and we are unable to respond to non-accommodation related requests.by Jobble

Keywords: T-mobile, Bellevue , Sr Security Engineer - Vulnerability, Analysis and Response, Engineering , Bellevue, Washington