AT&T Principal-Cybersecurity in Trenton, New Jersey
Overall Purpose: This career step requires expert level experience. Responsible for cyber security areas across products, services, infrastructure, networks, and/or applications while providing protection for AT&T, our customers and our vendors/partners. Works with senior team members on various projects relating to the protection of devices, customers, assets, data, information technology, and networks. Supports innovation, strategic planning, technical proof of concepts, testing, lab work, and various other technical program management related tasks associated with the cyber security programs.
Key Roles and Responsibilities: Includes ideation, testing, proof of concept and support for various cyber related projects. Analysis, of complex security issues and the development and engineering activities to help mitigate risk. Analyzes various hardware and/or software solutions recommending purchases and identifying modifications to fit AT&T's cyber security needs and that of our managed services teams. Develops policies and procedures to minimize network intrusion, malware events and vulnerability issues for internal and external customers. Applies measures to block malicious code and applications. Includes forward looking research, planning and strategy to strengthen our stance against future cyber security threats and enhance our mitigation techniques and technology solutions. Areas of work include, but are not limited to: Cyber Incident Response, cyber product testing, cyber risk & strategic analysis, cyber research, cyber awareness & training, cyber vulnerability detection & assessment, cyber intelligence & investigation, cyber networks & systems engineering, cyber security application testing, cyber digital forensics & forensics analysis, cyber software assurance, cyber business operations & support, cyber application development & testing, cyber operational support, cyber IoT planning & testing, cyber policy & requirements & standards.
This position's primary focus will be on securing Mobility and Purpose-Built Applications and will provide end to end security for a variety of large-scale, large-impact projects including Emerging Devices, Mobility, Cloud Computing, Video/Entertainment, IoT, Connected Car and Connected Home. As a member of the Data and Information Protection Security organization, the Principal-Cybersecurity will provide the following support associated with these initiatives: Security Design/Integration and Planning/Strategy, Application Security Design/Assessments, Security Research/Design and Security Testing and Prototyping, Security Risk Assessment/Management. In addition, the Principal-Cybersecurity will contribute toward the organization’s strong drive in the area of technology innovation through the generation of patentable ideas.
Required Skills: BS in EE, Computer Science, Systems Engineering, Mathematics or equivalent degree; Strong analytical skills; Experience with requirements generation; Ability to understand and troubleshoot test security solutions; Experience with problem determination, resolution, root cause analysis; Experience in security models and architecture. Working knowledge of Security Management Practices including Risk Management, Policies and Procedures, Information Classification, Roles and Responsibilities and Information Security Awareness. Understanding of Internet security threats and mitigation techniques. Strong technical writing skills; Good written and verbal communication skills
Desired Skills: Mobile app development on iOS, Android; Mobile app testing, static analysis tools, dynamic analysis tools; Experience conducting mobile application/network security assessments, security research, reverse engineering. Experience rooting/jailbreaking mobile devices. Working knowledge/experience of ServiceNow platform, Frida; Understanding of TCP/UDP ports and protocols and web requests including POST, GET, HTTP headers, user agents, request parameters, cookies, etc.; Proficient Microsoft Office experience including Visio or other diagramming / documenting tool; Familiarity with any of the following program languages to assist in assessment of application security architectures is a plus: Java, C/C++, Objective C, C Sharp, HTML5, .NET, Brightscript, Unity, IIS Web Server, SQL Server, Oracle VB, Unix Scripts, Perl, XML or UML, Python; Basic knowledge of command line interfaces or scripting tools, script/develop to scale automatable tasks; Understanding of the Software Development Lifecycle, Agile; Platform security skills in Unix/Linux, Window/Intel; Understanding of mobile device platforms, supporting infrastructure and management systems; Data network and traffic analysis experience including packet captures and proxies; Firewalls, Intrusion Detection Service, Intrusion Prevention Service, URL/Content screening, Anti-Virus, Anti-Spam, VLANS, Network Address Translation, and Virtual Private Networks; Understanding of Public Key Infrastructure, Encryption and Digital Rights Management; Knowledge of Routing Protocols, multicast routing and MPLS; Working knowledge of digital TV related standards such as MPEG, ATSC and IPTV; Video over IP, Voice over IP experience is a plus; security consulting experience; Experience with creation of metrics/dashboard type tools; Security certifications such as CISSP, OSCP, CEH, GIAC.
Job Contribution: Expert level technical professional. Advisor on technical knowledge and ATT technologies.
Education: Preferred Bachelors degree in Information Systems, Engineering, Mathematics or Cyber Security or equivalent experience.
Experience: Typically requires 8-10 years experience. Technical Career Pathway (TCP) role.
We expect employees to be honest, trustworthy, and operate with integrity. Discrimination and all unlawful harassment (including sexual harassment) in employment is not tolerated. We encourage success based on our individual merits and abilities without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, disability, marital status, citizenship status, military status, protected veteran status or employment status.