Principal-Cybersecurity at AT&T in Bedminster, New Jersey

Job Description:

Overall Purpose: This career step requires expert level experience. Responsible for cyber security areas across products, services, infrastructure, networks, and/or applications while providing protection for AT&T, our customers and our vendors/partners. Works with senior team members on various projects relating to the protection of devices, customers, assets, data, information technology, and networks. Supports innovation, strategic planning, technical proof of concepts, testing, lab work, and various other technical program management related tasks associated with the cyber security programs.

Key Roles and Responsibilities: Includes ideation, testing, proof of concept and support for various cyber related projects. Analysis, of complex security issues and the development and engineering activities to help mitigate risk. Analyzes various hardware and/or software solutions recommending purchases and identifying modifications to fit AT&T's cyber security needs and that of our managed services teams. Develops policies and procedures to minimize network intrusion, malware events and vulnerability issues for internal and external customers. Applies measures to block malicious code and applications. Includes forward looking research, planning and strategy to strengthen our stance against future cyber security threats, and enhance our mitigation techniques and technology solutions. Areas of work include, but are not limited to: Cyber Incident Response, cyber product testing, cyber risk & strategic analysis, cyber research, cyber awareness & training, cyber vulnerability detection & assessment, cyber intelligence & investigation, cyber networks & systems engineering, cyber security application testing, cyber digital forensics & forensics analysis, cyber software assurance, cyber business operations & support, cyber application development & testing, cyber operational support, cyber IoT planning & testing, cyber policy & requirements & standards.

The SOAR Engineer will be responsible for developing and implementing integrations to automate SOC processes and procedures. This will include writing scripts, working with APIs, and developing playbooks. The Security Engineer will work closely with the SOC to determine requirements and priorities.

The SOAR engineer will need to evaluate the current processes and then work to determine the best and most effective way to automate and streamline the workflow. The engineer will need to determine the best programming language be used for each automation, as well as the best and most effective way to integrate multiple security tools within the orchestration platform.

Responsibilities Include:

Development • Automate AT&T’s Security Operations Center processes and procedures providing analysts the ability to investigate, respond and close security events from the orchestration platform. The security engineer will accomplish this by integrating the SOAR platform with other security tools and APIs to execute automated workflows. • Write, test, and maintain automation scripts/workflows within SOAR platform. Author and maintain documentation for all scripts, integrations, and workflows. • Design, implement, and maintain efficient and reusable Python code or other programming language. • Review, debug, and resolve technical issues throughout all stages of SDLC. • Assist with playbook improvement by taking current SOAR playbooks and integrations and reviewing for effectiveness and modify as necessary. • Coordinate with appropriate business units to provision needed service accounts and permissions. • Interact with all levels of employees across the company in a professional manner.

Coordination with Security Operations Center and Incident Response Teams • Coordinate with SOC/IR leadership to gather their SOAR requirements and priorities. • Coordinate with SOC/IR teams to review in development integrations/workflows/scripts to ensure meeting expectations • Implement technical modifications to integration, script, workflow based on feedback from SOC/IR.

Training/Special Skills:

Experience with SOAR platforms, ie. Demisto/XSOAR, Phantom, Resilient Proficient in Python or Java scripting Experience working with regular expressions Working knowledge of REST APIs, JSON Experience working in a security operations center a plus Understanding of SOC processes and workflows Experience with other security tools, i.e. EDR, SIEM a plus

Job Contribution: Expert level technical professional. Advisor on technical knowledge and ATT technologies.

Education: Preferred Bachelors degree in Information Systems, Engineering, Mathematics or Cyber Security or equivalent experience.

Experience: Typically requires 8-10 years experience. Technical Career Pathway (TCP) role.

Supervisory: No.