Are you ready to make a difference in the world of wireless security? Then come join the T-Mobile team as an Engineer, Cybersecurity - Vuln Mgmt Compliance Scanning!
The Team:
This position is an individual contributor role reporting to the Manager of Vulnerability Management.
Our Vulnerability Management team - is in the business of trust and reliability. We create, maintain the Scanning Infrastructure & Operations function within the Vulnerability Management organization team comprised of full-time employee individual contributors, managed services, and external partners. The functions include operating and maintaining T-Mobile's vulnerability scanning infrastructure, as well as assisting vulnerability response and remediation tasks with partner and vendor teams.
What you'll do in your role.
Responsibilities:
Evaluate control effectiveness and providing input to establish plans of actions for remediation of risk
Provide backup support for coordination of vulnerability remediation activities
Interface regularly with external customers for continuous monitoring program reviews
Manage Policy Compliance scans by gathering logistics across product environments and track remediation of findings
Assist in the automation compliance scanning and assessment functions
Integrate telemetry from various source systems (technical assessment tools, inventory and configuration management systems) to measure Vulnerability Management program effectiveness and control gaps
Breakdown problems to re-engineer processes. Provide direction to others to design solutions to automate capabilities
Maintain expert knowledge of Vulnerability Management products/services, industry/regulatory standards, Vulnerability Management requirements and assessments
Align with the Trust and Security initiatives that drive scale and operational excellence
Maintain strong relationships based on trust and transparency with primary stakeholders
Establish automated audit policies (CIS/STIG) based on defined baselines, including custom STIG policies
Negotiate appropriate trade-offs and ensure clear accountability, targets, timelines and deliverables for each major initiative
The experience you'll bring.
Basic Qualifications:
Cybersecurity or IT BS degree or equivalent work experience
4+ years of industry experience
Experience in establishing and managing Continuous Monitoring programs for FedRamp, IL4
Experience in establishing and managing PCI compliance technical assessments (ASV, Pen Tests, Segmentation testing) and coordinating remediation efforts to demonstrate compliance
Experience mapping compliance requirements to technical controls
Experience of industry scan tools to provide assessment evidence related to control requirements (Nessus, Rapid7, NMAP)
Demonstrated knowledge of technical security controls and how they apply to on-premises, segmented, and cloud environments
Understanding of network and operational processes to drive scalable architecture and workflow solutions
Perform risk assessments using a variety of tools and processes (Threat Intelligence, Exploit Analysis, Threat Modeling, Nessus Scanners, Container Security Tools, Cloud telemetry)
Experience with cloud solutions (i.e., AWS, Azure, GCP)
Preferred Qualifications:
BS in Computer Science or CISM/CISSP
3+ years of Cybersecurity industry experience at enterprise scale
Comfortable with ambiguity and fast change with an ability to adapt as needed
Bachelors' Degree in Computer Science, Cybersecurity or related degree, or equivalent experience
At least 18 years of age
Legally authorized to work in the United States
High School Diploma or GED
T-Mobile requires all employees in this position to be fully vaccinated for COVID-19 prior to starting work, unless precluded from doing so by applicable law. The CDC currently defines -fully vaccinated- as two weeks after the second dose for Pfizer and Moderna, and two weeks after the single dose of Johnson & Johnson. T-Mobile will require proof of vaccination prior to successful applicant's first day of work, and will consider requests for exemption from this requirement during the offer phase (1) as a reasonable accommodation for medical reasons or sincerely held religious beliefs where the accommodation would not cause T-Mobile undue hardship or pose a direct threat to the health and safety of others, or (2) for other reasons under applicable law.
Position details
Req ID: 193849BR
Department: Engineering
Travel Required: No
