Overall Purpose: This career step requires intermediate level experience. Responsible for cyber security areas across products, services, infrastructure, networks, and/or applications while providing protection for AT&T, our customers and our vendors/partners. Works with senior team members on various projects relating to the protection of devices, customers, assets, data, information technology, and networks. Supports innovation, strategic planning, technical proof of concepts, testing, lab work, and various other technical program management related tasks associated with the cyber security programs.
Key Roles and Responsibilities: Includes ideation, testing, proof of concept and support for various cyber related projects. Analysis, of complex security issues and the development and engineering activities to help mitigate risk. Analyzes various hardware and/or software solutions recommending purchases and identifying modifications to fit AT&T’s cyber security needs and that of our managed services teams. Develops policies and procedures to minimize network intrusion, malware events and vulnerability issues for internal and external customers. Applies measures to block malicious code and applications. Includes forward looking research, planning and strategy to strengthen our stance against future cyber security threats, and enhance our mitigation techniques and technology solutions. Areas of work include, but are not limited to: Cyber Incident Response, cyber product testing, cyber risk & strategic analysis, cyber research, cyber awareness & training, cyber vulnerability detection & assessment, cyber intelligence & investigation, cyber networks & systems engineering, cyber security application testing, cyber digital forensics & forensics analysis, cyber software assurance, cyber business operations & support, cyber application development & testing, cyber operational support, cyber IoT planning & testing, cyber policy & requirements & standards.
Summary of Work: This position will be responsible for gathering and translating business requirements from Public Cloud, Network Cloud, and other teams into technical details that the Milestone 0 team can develop from. Since Milestone 0 provides application teams tailored security solution architectures driven by policy requirements, application characteristics, and deployment environments, the resource is expected to have an interest in learning and championing security to all applications. In addition to gathering requirements, the resource will also be responsible for testing the application. Other responsibilities include writing test plans and validating requirements once in the development and prod environment. This role is expected to have previous experience with the software development lifecycle and strong knowledge of Agile practices. Additionally, this position will be responsible for managing the data for the Milestone 0 platform and expected to have strong interest/knowledge in information security. Milestone 0 provides application teams tailored security solution architectures driven by policy requirements, application characteristics, and deployment environments. A major goal of Jeremy Legg’s transformation initiative is to take the combined policy bases of WM and AT&T called one security policy and requirements (1 SPR) and integrate it into M0. Primary responsibilities would be to read, analyze, and categorize the new policy base as feasible input for Milestone 0. In addition to managing the categorization and upkeep of the policy data, this position will be responsible for determining the proper security tools to satisfy the security requirement. Other responsibilities entail periodic review of policy and security tooling as well as incorporation of other policies such as First Net’s J10 and the Unified Compliance Framework that maps to numerous external security policy sources.