Sr. Engineer, Cybersecurity

Job Description

The Senior Security Engineer is a key member of the 24×7 Cyber Security Operations Center (CSOC); responding to real-time alerts and incidents in order to contain and mitigate risk to T-Mobile’s systems, services and information assets. This is a high profile, fast-paced role that interfaces across the entire company and at all levels of the organization.

Responsibilities

The role of a CSOC Senior Security Engineer is the detailed and repeatable execution of all operational tasks as documented in processes and subordinate procedures, specifically:

  • Perform incident handling and response for escalated incidents from Level 1-2 in collaboration with partner teams
  • Assist in the development of new security operations processes as well as the refinement or improvement of existing processes
  • Provide input to existing use cases and lead design of new use cases
  • Perform and lead hunting activities using environmental telemetry and the kill chain framework
  • Design automation workflows and capabilities in support of data collection, investigations, and incident response
  • Maintain CSOC shift logs with relevant activity from current shift
  • Update CSOC knowledge management repository as necessary for changes to CSOC processes and procedures and ingest
  • CSOC daily intelligence reports and previous shift pass downs
  • Collect and organize alert, event and triage data to produce reports to provide feedback to existing content, inform new content, and measure relevant KPIs
  • Utilize threat intelligence indicators of compromise to scope and respond proactively to emerging threats

Qualifications

Minimum Education Level: Bachelor's

Minimum Required

  • US Citizenship required
  • 5+ years of experience as a SOC or Incident Response investigator or equivalent work experience
  • 2-4 years of technical project management
  • Expert understanding of security incident investigation techniques and log analysis procedures
  • Strong experience investigating enterprise cyber security incidents, threats, and vulnerabilities
  • Demonstrable knowledge of networking (TCP/IP, topology, OSI model and network forensics), operating systems (Windows/MacOS/Linux), and web technologies (web applications, database security, web servers)
  • Ability to plan, organize and prioritize tasks to complete independently; Ability to meet tight timelines
  • High degree of attention to detail
  • Strong verbal & written communication skills with diverse multi-functional groups & the ability to present effectively to small & large groups

Desired

  • Experience supporting Cyber Security Operations in a large enterprise environment
  • Experience with SIEM & Log Management solutions
  • Experience with cloud security, telecom security, data protection
  • Experience with enterprise systems or network administration
  • SANS GCIA, GCFA, GCIH or other related security certifications

Minimum Required Education

  • Bachelor’s Degree in Computer Science, Information Technology, or equivalent work experience
  • Course work in Cyber Security is strongly preferred

General/Physical Requirements

  • Must sit for extended periods of time. Extensive computer and telephone utilization.
  • Shift work in a 24×7 Cyber Security Operations Center
  • Participation in on-call rotation will be required
Posted: December 27, 2020
<< Back to Job-Board