This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
At T-Mobile, we invest in YOU! Our Total Rewards Package ensures that employees get the same big love we give our customers. All team members receive a competitive base salary and compensation package - this is Total Rewards. Employees enjoy multiple wealth-building opportunities through our annual stock grant, employee stock purchase plan, 401(k), and access to free, year-round money coaches. That’s how we’re UNSTOPPABLE for our employees! T-Mobile is America’s supercharged Un-carrier, delivering an advanced 4G LTE and transformative nationwide 5G network that will offer reliable connectivity for all. Sr. Engineers, Cybersecurity is located in Overland Park, KS will lead security, compliance, and risk assessments on projects throughout project lifecycle.
Job Responsibility
Improve process efficiency by creating and implementing creative and sustainable changes to existing deployment methodologies
Lead the identification of security needs & recommends plans/resolutions
Implements, tests & monitors info security improvements
Maintain visibility inside & outside of information security at the People management level
Interfaces with groups such as application support, engineering ops, finance, privacy, risk management, etc
Lead information security policy lifecycle throughout, including intake, creation, review, approval, implementation, publishing, communication & maintenance
Execute security projects driven by groups both internal and external to info security
Mentor peers and junior team members in security technologies, enterprise solution design and facilitation and effective customer interaction
Act as Subject Matter Expert in multiple facets of network & information security, including Firewall policy design, SSL Certificate management, vulnerability analysis & mitigation, and other topics as assigned
Lead the design and integration of IP/Security solutions within wireless network architectures, ensuring alignment with advanced cybersecurity standards and best practices
Analyze core technologies to identify threats and risks, and create detailed threat models outlining trust boundaries, threat agents, attack vectors, and safeguards to protect individuals, assets, data, and the T-Mobile brand
Requirements
Master’s degree in Computer Science, Information Technology, or related field, and 3 years of relevant work experience
Bachelor’s degree in Computer Science, Information Technology, or related field, and 5 years of relevant work experience
Managing and configuring Web Application Firewall (WAF) using Akamai and Imperva WAF to secure business-critical web applications against Open Web Application Security Project (OWASP) Top 10 vulnerabilities, Distributed Denial of Service (DDoS) attacks, volumetric attacks and other cyber threats
Monitoring realtime traffic patterns to identify anomalies and Advanced Persistent Threat (APT) with Akamai Web Security Analytics and iteratively fine-tuning WAF security configurations to minimize false positives while enhancing both performance and security
Performing security assessment using Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Interactive Application Security Testing (IAST), Runtime Application Self-Protection (RASP) and Software Composition Analysis (SCA) through Burp Suite, ZAP, Postman, SonarQube, Contrast Security and OWASP Dependency-Check
Conducting mobile application security assessments by performing threat modeling using OWASP Mobile Application Security Verification Standard (MASVS) to uncover security flaws utilizing Mobile Security Framework (MobSF), NowSecure Platform, Frida, Android Studio and JADX
Managing cybersecurity platforms HackerOne and Bugcrowd, including setting up the program policies and scope, handling bug triage, validation, severity assessment via the Common Vulnerability Scoring System (CVSS) and overseeing bounty payments
Developing automation scripts on demand to streamline security processes related to WAF management and vulnerability detection using Bash, Go, Python, PHP, HTML and Postman
Implementing threat modeling techniques, including STRIDE, PASTA, TRIKE, ATTACK TREE, DREAD, KILL CHAIN, CAPEC, Mobile Application threat models, Cyber Threat Tree, or data flow diagrams to identify, assess and reduce security risks