Sr Engineer - Penetration Testing
Are you ready to make a difference in the world of cybersecurity? Then come join the T-Mobile team as a Sr. Engineer, Penetration Testing!
As a member of the Cybersecurity Trust and Protection's Penetration Testing team, the Sr. Engineer will focus on leading, scoping, and executing penetration test activities, bug bounty and responsible disclosure.
This is a hands-on penetration tester role; candidate must have a strong understanding and proven track of penetration testing. Candidate must have excellent interpersonal skills to work with technical subject matter experts and be able to communicate technical concepts to a non-technical audience.
What you'll do in your role.
Conduct formal security tests on web-based applications, infrastructure, APIs, mobile applications, and other types of computer systems on a regular basis using both manual and automated testing
Serve as a SME for pen test engagements
Help review and assign bug bounty and responsible disclosure submissions
Drive technical discussions around identified vulnerabilities, associated risk, and remediation options
Identify and execute attacker TTP in safely manner
Communicate technical vulnerabilities and remediation steps to developers and management
Investigate potential vulnerabilities reported by 3rd party security researchers
Build and manage relationships with peer, and partner organizations
Provide timely and relevant updates to the appropriate leaders and decision makers
Collaborate with other teams to develop and maintain security testing toolsets
Stay current with latest in the penetration testing methodologies and information security concepts
Enable stakeholder and customer satisfaction throughout the penetration testing lifecycle
Stay current with latest in the penetration testing methodologies and information security concepts
The experience you'll bring.
Desired :
5+ years' experience with increasing responsibility within the security organization of a large enterprise.
1+ years' experience leading projects or engagements.
Strong knowledge of tools utilized for pen testing different type of assets
Experience with penetration testing methodologies, vulnerability risk calculation and tools.
Experience with discussing technical items with technical and non-technical audience.
Knowledge of the IT technology stack and ability to interface the network, technology, application, and business representatives.
Understanding of information security and cloud (AWS/Azure/GCP) concepts.
Ability to understand network diagrams/architecture.
Excellent verbal and written communication skills.
Strong analytical problem solver.
Highly Preferred:
Experience in penetration testing enterprise systems or products.
Knowledge of OWASP and Mitre ATT&CK.
Certified Information Systems Security Professional (CISSP) or similar certification.
knowledge of federal & compliance regulations.
Available to work after normal business hours in exception cases.
*LI-KM3
Bachelor's Degree in Computer Science/Information Technology or equivalent work experience
A U.S. Citizen or a permanent resident of the United States
At least 18 years of age
Legally authorized to work in the United States
T-Mobile requires all employees in this position to be fully vaccinated for COVID-19 prior to starting work, unless precluded from doing so by applicable law. The CDC currently defines -fully vaccinated- as two weeks after the second dose for Pfizer and Moderna, and two weeks after the single dose of Johnson & Johnson. T-Mobile will require proof of vaccination prior to successful applicant's first day of work, and will consider requests for exemption from this requirement during the offer phase (1) as a reasonable accommodation for medical reasons or sincerely held religious beliefs where the accommodation would not cause T-Mobile undue hardship or pose a direct threat to the health and safety of others, or (2) for other reasons under applicable law.
Position details
Req ID: 193840BR
Department: Engineering
Travel Required: No
