Are you ready to make a difference in the world of Wireless Security? Then come join the team as T-Mobile's next Sr Manager, Cybersecurity - Vulnerability Management.
This Senior Manager, Cybersecurity leads the T-Mobile USA (TMUS) Vulnerability Management Team within the Cyber Defense organization. In this role, you will oversee a 247 function and teams comprised of full-time employee managers and individual contributors, managed services, and external partners. The functions you will lead include vulnerability scanning infrastructure and operations, penetration testing, responsible disclosure, bug bounty, vulnerability analysis and response services.
What you'll do in your role.
As T-Mobile's Vulnerability Management leader, you will:
Build and mentor high performing teams with a passion for creating positive culture founded on integrity and equity
Develop and implement the TMUS Vulnerability Management vision, strategy, road map, and operations playbooks in partnership with appropriate teams across technology and business units
Serve as the escalation point and executive liaison for major or high-profile vulnerability prevention and remediation, including validation of likelihood/impact, coordinating plans, facilitating information sharing, and reporting
Provide timely and relevant updates to appropriate leaders and decision makers
Manage third party contracts and engagements
Establish meaningful measures and metrics for team performance and SLAs/OLAs.
Apply demonstrated practical and management experience to optimization of processes and tools for vulnerability scanning, penetration testing, bug bounty, responsible disclosure and vulnerability response services.
Facilitate operational decisions to mobilize staff to triage and facilitate remediation and/or mitigation of externally discovered vulnerabilities
Enterprise Core Competencies:
Requires competency in vulnerability management, technical assessments with strong customer focus, change and innovation, strategic thinking, relationship building and influencing, talent management, results focus and inspirational leadership.
The experience you'll bring.
Minimum Requirements:
BA/BS in Engineering, Computer Science, Information Security, or Information Systems or equivalent work experience
7+ years in large enterprise Cyber Security Operations, with understanding of security fundamentals and common vulnerability frameworks, penetration testing leading practices, and practical experience leading responsible disclosure and/or bug bounty programs.
5+ years of technical experience, preferably with broad exposure to technologies related to wireless services, networking, and application development
3+ years managing a team of full-time direct reports, responsible for your team's employee development, performance evaluations and coaching
A deep understanding of cyber-security threats, vulnerabilities, controls and remediation strategies in global enterprise environments
Experience implementing and operating vulnerability scanning tools (i.e. Tenable, Qualys, etc.)
An ability to communicate complex and technical issues to diverse audiences, verbally and in writing, in an easily-understood, authoritative, and actionable manner
Strong organizational skills with ability to handle multiple high visibility issues simultaneously
Experience with large scale and complex incidents of various types, such as Advanced Persistent Threats, DDoS, insider, web and mobile applications, data ex-filtration etc.
Extremely organized, with strong project and resources capacity management experience
Federal and industry regulations understanding (e.g. PCI, SOX, CPNI, ISO)
Fluent in common cybersecurity domains such as data protection, access control, encryption, identity management, security operations, application security, penetration tests, endpoint security, vulnerability management, threat intelligence, risk assessments
Detail oriented, results driven, fast learner
Preferred:
Knowledge of MITRE ATT&CK and the cyber kill chain frameworks
Scripting/programming skills (e.g., Python, Ruby, Java, JS, etc.)
Network and web-related protocol knowledge (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
CISSP, CISM certifications
Additional Minimum Requirements:
At least 18 years of age
Legally authorized to work in the United States
High School Diploma or GED
T-Mobile requires all employees in this position to be fully vaccinated for COVID-19 prior to starting work, unless precluded from doing so by applicable law. The CDC currently defines -fully vaccinated- as two weeks after the second dose for Pfizer and Moderna, and two weeks after the single dose of Johnson & Johnson. T-Mobile will require proof of vaccination prior to successful applicant's first day of work, and will consider requests for exemption from this requirement during the offer phase (1) as a reasonable accommodation for medical reasons or sincerely held religious beliefs where the accommodation would not cause T-Mobile undue hardship or pose a direct threat to the health and safety of others, or (2) for other reasons under applicable law.
Position details
Req ID: 193459BR
Department: Information Technology
Travel Required: No
