Job Description
The Senior Security Engineer is a key member of the 24×7 Cyber Security Operations Center (CSOC); responding to real-time alerts and incidents in order to contain and mitigate risk to T-Mobile’s systems, services and information assets. This is a high profile, fast-paced role that interfaces across the entire company and at all levels of the organization.
Responsibilities
The role of a CSOC Senior Security Engineer is the detailed and repeatable execution of all operational tasks as documented in processes and subordinate procedures, specifically:
- Perform incident handling and response for escalated incidents from Level 1-2 in collaboration with partner teams
- Assist in the development of new security operations processes as well as the refinement or improvement of existing processes
- Provide input to existing use cases and lead design of new use cases
- Perform and lead hunting activities using environmental telemetry and the kill chain framework
- Design automation workflows and capabilities in support of data collection, investigations, and incident response
- Maintain CSOC shift logs with relevant activity from current shift
- Update CSOC knowledge management repository as necessary for changes to CSOC processes and procedures and ingest
- CSOC daily intelligence reports and previous shift pass downs
- Collect and organize alert, event and triage data to produce reports to provide feedback to existing content, inform new content, and measure relevant KPIs
- Utilize threat intelligence indicators of compromise to scope and respond proactively to emerging threats
Qualifications
Minimum Education Level: Bachelor's
Minimum Required
- US Citizenship required
- 5+ years of experience as a SOC or Incident Response investigator or equivalent work experience
- 2-4 years of technical project management
- Expert understanding of security incident investigation techniques and log analysis procedures
- Strong experience investigating enterprise cyber security incidents, threats, and vulnerabilities
- Demonstrable knowledge of networking (TCP/IP, topology, OSI model and network forensics), operating systems (Windows/MacOS/Linux), and web technologies (web applications, database security, web servers)
- Ability to plan, organize and prioritize tasks to complete independently; Ability to meet tight timelines
- High degree of attention to detail
- Strong verbal & written communication skills with diverse multi-functional groups & the ability to present effectively to small & large groups
Desired
- Experience supporting Cyber Security Operations in a large enterprise environment
- Experience with SIEM & Log Management solutions
- Experience with cloud security, telecom security, data protection
- Experience with enterprise systems or network administration
- SANS GCIA, GCFA, GCIH or other related security certifications
Minimum Required Education
- Bachelor’s Degree in Computer Science, Information Technology, or equivalent work experience
- Course work in Cyber Security is strongly preferred
General/Physical Requirements
- Must sit for extended periods of time. Extensive computer and telephone utilization.
- Shift work in a 24×7 Cyber Security Operations Center
- Participation in on-call rotation will be required
Posted: December 27, 2020
<< Back to Job-Board
