Principal Engineer - Penetration Testing
Are you ready to make a difference in the world of cybersecurity? Then come join the T-Mobile team as a Principal Engineer, Penetration Testing!
As a member of the Cybersecurity Trust and Protection's Penetration Testing team, the Pr. Engineer will focus on leading, scoping, and executing penetration test activities, bug bounty and responsible disclosure.
This is a hands-on penetration tester role; candidate must have a strong understanding and proven track of penetration testing. Candidate must have excellent interpersonal skills to work with technical subject matter experts and be able to communicate technical concepts to a non-technical audience.
What you'll do in your role.
Lead and conduct formal security tests on web-based applications, infrastructure, APIs, mobile applications, and other types of computer systems on a regular basis using both manual and automated testing
Serve as a SME for complex pen test engagements
Identify and execute attacker TTP in safely manner
Manage relationships and quality expectation with our vendor partners
Develop and contribute to existing ethical hacking methodologies and procedures
Collaborate with other teams to develop and maintain security testing toolsets
Communicate technical vulnerabilities and remediation steps to developers and management
Drive solutions that are consistent with scope
Support the development of secure SDLC methodologies
Develop and mentor junior team members
Enable stakeholder and customer satisfaction throughout the penetration testing lifecycle
Anticipate and champion needed communication to the team, key customers, and partner teams
Escalate issues timely, objectively and with sensitivity to team dynamics
Investigate potential vulnerabilities reported by 3rd party security researchers
Provide a high standard of reporting that includes KPIs (measures & measurements)
Communicate potential risk and risk treatment options to business owners
Proactively identify opportunities for improving enterprise processes and work with the business leaders to prioritize opportunities
Stay current with latest in the penetration testing methodologies and information security concepts
The experience you'll bring.
Desired :
7+ years' experience with penetration testing enterprise systems or products and increasing responsibility within the security organization.
Proven abilities in leading and directing teams.
3+ years' experience leading projects or teams.
Strong knowledge of tools utilized for pen testing different type of assets
Define, maintain, and execute on a plan that is in line with our company strategy.
Experience with penetration testing, vulnerability risk calculation and tools.
Ability to effectively facilitate meetings with project team members, various business groups and senior leadership.
Ability to interact and communicate professionally with all levels of staff and management as required to coordinate project deliverables, deliver status reports, and facilitate meetings.
Ability to present persuasively and effectively to executives.
Ability to effectively manage time, prioritize work, and multi-task across several pen test assignments.
Knowledge of the IT technology stack and ability to interface the network, technology, application, and business representatives.
In-depth knowledge of cloud security (AWS/Azure/GCP).
Ability to understand network diagrams/architecture.
Excellent verbal and written communication skills.
Strong analytical problem solver.
Preferred:
In-depth knowledge of OWASP and Mitre ATT&CK.
Knowledge of federal & compliance regulations.
Background with languages such as C, C++, C#, JAVA, J2EE, AngularJS
Vulnerability and Risk Management experience Compliance and security framework experience, e.g., PCI, SOX, NIST, ISO Experience with automated tools, e.g., Appscan, Fortify, Appscan Source, Burp Suite, Qualys, Nessus, Kali Linux
Ability to follow established policies and procedures.
Available to work after normal business hours in exception cases.
*LI-KM3
Bachelor's Degree in Computer Science/Information Technology or equivalent work experience
A U.S. Citizen or a permanent resident of the United States
At least 18 years of age
Legally authorized to work in the United States
T-Mobile requires all employees in this position to be fully vaccinated for COVID-19 prior to starting work, unless precluded from doing so by applicable law. The CDC currently defines -fully vaccinated- as two weeks after the second dose for Pfizer and Moderna, and two weeks after the single dose of Johnson & Johnson. T-Mobile will require proof of vaccination prior to successful applicant's first day of work, and will consider requests for exemption from this requirement during the offer phase (1) as a reasonable accommodation for medical reasons or sincerely held religious beliefs where the accommodation would not cause T-Mobile undue hardship or pose a direct threat to the health and safety of others, or (2) for other reasons under applicable law.
Position details
Req ID: 193839BR
Department: Engineering
Travel Required: No
