Principal-Cybersecurity at AT&T in St Louis, Missouri

Job Description:

Overall Purpose: This career step requires expert level experience. Responsible for cyber security areas across products, services, infrastructure, networks, and/or applications while providing protection for AT&T, our customers and our vendors/partners. Works with senior team members on various projects relating to the protection of devices, customers, assets, data, information technology, and networks. Supports innovation, strategic planning, technical proof of concepts, testing, lab work, and various other technical program management related tasks associated with the cyber security programs.

Key Roles and Responsibilities: Includes ideation, testing, proof of concept and support for various cyber related projects. Analysis, of complex security issues and the development and engineering activities to help mitigate risk. Analyzes various hardware and/or software solutions recommending purchases and identifying modifications to fit AT&T's cyber security needs and that of our managed services teams. Develops policies and procedures to minimize network intrusion, malware events and vulnerability issues for internal and external customers. Applies measures to block malicious code and applications. Includes forward looking research, planning and strategy to strengthen our stance against future cyber security threats, and enhance our mitigation techniques and technology solutions. Areas of work include, but are not limited to: Cyber Incident Response, cyber product testing, cyber risk & strategic analysis, cyber research, cyber awareness & training, cyber vulnerability detection & assessment, cyber intelligence & investigation, cyber networks & systems engineering, cyber security application testing, cyber digital forensics & forensics analysis, cyber software assurance, cyber business operations & support, cyber application development & testing, cyber operational support, cyber IoT planning & testing, cyber policy & requirements & standards.

These positions will be the lead network security architects and strategists within the ACC Enterprise Security Architecture organization responsible for transforming the legacy “Conexus” network into a modernized segmented network. Resources will focus on identity/posture technologies to develop a target architecture for the domestic and international networks.  The positions will work with our partner organizations in Labs, ITO Network, and GTO to develop and realize strategies to achieve the target state architecture.  The scope will impact all employees of the company and all business units.

The Principal – Cybersecurity position is the lead security architecture and strategy position within the CSO ACC Enterprise Security Architecture organization.

Responsibilities Include:

50% Interact with vendors to establish vendor capabilities and determines security applicability for the AT&T Communications Enterprise networks, servers and systems. Focus will include but not limited to Zero Trust strategies, network segmentation strategies, identity/risk/posture-based network security controls, and on-demand VPN solutions. Select strategic vendors to incorporate into the target state architecture. Develop strategies to incorporate these capabilities into the existing enterprise networks as these networks transform in response to other initiatives underway. Collaborates with resources in the transformation efforts (Cloud adoption, data center consolidation, future state workforce support) to Influence and support their long-term roadmaps incorporating their paths into the future state security architecture. strategy for the enterprise networks.     

35% Develop standards for deployment of the capabilities identified as target state architecture. Modify ASPR as necessary to address the changes in security controls being introduced. Develop operations/monitoring guides and work to develop the support capabilities within the various support organizations. Ensure that the appropriate hardening, logging, and account management controls are in place and maintained for new technologies introduced. Partner with the STORM/Threat management organizations to establish data feed/monitoring configurations to maximize the benefits of the new capabilities.

15% Research new security threats, trends, risks, and solutions that are critical to securing AT&T enterprise networks. Perform independent research, industry collaboration, and cross-organizational collaboration with LABS, GTO, Network and other CSO operations groups. Represent AT&T positions to internal and industry groups and suppliers, and coordinates security architecture activities with peers in CSO, IT and the business units.

Accreditation, Certification, or Licenses:

Certified Information Systems Security Professional (CISSP) and / or other security industry specific certifications.  Technology specific certifications, such as CISCO certifications (CCIE, CCNA, CCNP)

Training/Special Skills:

Expert level security architecture knowledge and experience supporting networking technologies, firewall solutions, identity management, threat detection/mitigation.  Strong knowledge of AT&T enterprise networks.  Extensive knowledge of cloud security practices and technologies.

Accreditation, Certification, or Licenses:

Must have Security/Network certifications (eg. CCNA/CCNP/CCIE/CISSP/CCSP/CISM) OR 7+ years of experience in Network/Network Security.

Certified Information Systems Security Professional (CISSP) and / or other security industry specific certifications.  Technology specific certifications, such as CISCO certifications (CCIE, CCNA, CCNP)

Must have had direct Firewall management experience 5+ years(design/implementation)

Must have 3+ years network/security design and capacity planning experience.

Training/Special Skills:

Expert level security architecture knowledge and experience supporting networking technologies, firewall solutions, identity management, threat detection/mitigation.  Strong knowledge of AT&T enterprise networks.  Extensive knowledge of cloud security practices and technologies.