This job listing has expired and the position may no longer be open for hire.

Senior-Technology Security at AT&T

Posted in Other 30+ days ago.

Location: Bedminster, New Jersey





Job Description:

At AT&T, we push the boundaries of innovation, bringing the world together in unimaginable ways.  As technology is further integrated into all aspects of our lives, protecting and securing our data is now more important than ever. Our Software Engineering teams are dedicated to building innovative and secure solutions to protect what’s important to our customers and employees. From enabling better security to designing and implementing process automation, here’s your chance to bring proactive solutions to our rapidly changing industry. 

Our Flex Force team at AT&T is the largest and fastest growing organization in Technology Development. We invest in our most valuable resource, our people, to drive mission critical software delivery efforts for our business partners across AT&T.  Whether building out our 5G software defined network, transforming an advertising business, analyzing data to predict network performance, improving our world class digital experiences for Mobility, or driving our Entertainment business to an over the top model, AT&T and Flex Force is leading the way. 

The Security and Resiliency Engineering team is seeking Security Engineers to develop and implement a world-class security maturity model and systematic penetration testing process for large scale/complex systems.  This would consist of developing threat models and publishing remediation and mitigation patterns for common vulnerabilities.  The candidate would have to quickly come up to speed on applications, so that they can define and preform penetration testing, complete threat modeling and make recommendations to close the security gaps identified.  The candidate would have to consult with the application team to ensure understanding of the recommendations and remediation techniques.  The candidate would have to effectively communication with executive management on aggregate threats and remediation plans which require urgent closure.  

The qualified candidate must be a self-starter, customer-focused, team player, and be able to coordinate and collaborate on multiple issues simultaneously with many stakeholders. 

Key Roles and Responsibilities

  • Understand the existing industry security taxonomy and be able to leverage and build from it to optimize to ATTs complexity and scale.
  • Be able to define risks, rate the risks and make recommendations as to how to mitigate risks leveraging a combination of industry risk scoring tools and ATTs unique risk assessment score.
  • Be able to autonomously structure, execute, interpret, facilitate and report on penetration testing with the goal of driving recommendations to close the most critical vulnerabilities.
  • Develop amalgamated patterns that will be used to address complex system vulnerabilities.
  • Partner with other architecture and security teams and stakeholders to develop security road map.
  • Be able to understand and assess many different application security situations and understand how they comply or deviate from the standardized security model.
  • Contribute to the development of security training for developers and application management teams.
  • Refine the security component of a DevSecOps tactical dashboard
  • Successful candidates yearn to dig in to understand problems and then propose solutions. Above all, the role requires someone with the drive to learn new things and always go above and beyond what is required
Requirements
  • Bachelors degree preferably in Computer Science or related technology
  • Software development experience with strong knowledge and experience in security  
  • Communicate and collaborate among different application teams
  • Quickly understand application structure when doing a security review
  • Self-starter willing to define the role to meet the needs of an ever changing security portfolio
  • Penetration Testing development and execution
  • Threat Models development and auditing
  • Risk scoring methods and tools
  • Security maturity model enhancement and auditing
  • Log management tools such as ELK and Splunk
  • SAST And DAST security tools use and analysis
  • CWE and CVE structure and use
  • OWASP and SANS mission as it applies to the industry
  • NIST mission as it applies to the industry
  • Infrastructure knowledge (internal network, Database, Cloud etc.) with regard to platform penetration testing and threat modeling.