At&T Chicago , IL 60602

Posted 2 months ago

Overall Purpose: This career step requires senior level experience.

Responsible for cyber security areas across products, services, infrastructure, networks, and/or applications while providing protection for AT&T, our customers and our vendors/partners. Works with senior team members on various projects relating to the protection of devices, customers, assets, data, information technology, and networks. Supports innovation, strategic planning, technical proof of concepts, testing, lab work, and various other technical program management related tasks associated with the cyber security programs.

Key Roles and Responsibilities:
Includes ideation, testing, proof of concept and support for various cyber related projects.

Analysis, of complex security issues and the development and engineering activities to help mitigate risk. Analyzes various hardware and/or software solutions recommending purchases and identifying modifications to fit AT&T's cyber security needs and that of our managed services teams. Develops policies and procedures to minimize network intrusion, malware events and vulnerability issues for internal and external customers.

Applies measures to block malicious code and applications. Includes forward looking research, planning and strategy to strengthen our stance against future cyber security threats, and enhance our mitigation techniques and technology solutions. Areas of work include, but are not limited to: Cyber Incident Response, cyber product testing, cyber risk & strategic analysis, cyber research, cyber awareness & training, cyber vulnerability detection & assessment, cyber intelligence & investigation, cyber networks & systems engineering, cyber security application testing, cyber digital forensics & forensics analysis, cyber software assurance, cyber business operations & support, cyber application development & testing, cyber operational support, cyber IoT planning & testing, cyber policy & requirements & standards.

Summary of Work: (Please briefly describe the scope of work) This position is research developing SaaS providers and technologies. Primary responsibilities include assisting with the development of a centralized asset repository including design, development, testing, rollout, and subsequent monitoring of asset data quality to drive cybersecurity monitoring processes.

Tasks may include developing security requirements, building queries and other reports and creating test scripts to guarantee assets correlations required to assess security posture and drive downstream remediation workflow are maintained. This role will also provide direction and oversight on internal and external assessments required to meet contract cybersecurity requirements. Tasks may include monitoring of internal or external teams conducting these engagements to ensure adherence to testing expectation and managing engagement schedules and funding.

Required Skills:
Public Cloud, Business Orientation, Consulting Expertise, External Resource Management, Industry Knowledge, Network and Internet Security, Network Architecture, Network Operations, Network Performance Management, Network Technology Insertion, Process Management, Project Management,Quality Assurance and Testing, Quality Management, Regulatory Environment,Technical Excellence, Technology Advising, Technology Architecture; Software Development, Vulnerability Assessment

Desired Skills:
Conducting Security Assessments, Development of mitigating security controls, Self-motivated and results oriented. Ability to engage across cross-functional boundaries with a sense of urgency for problem resolution.

Job Contribution: Senior level technical expertise. Deep technical knowledge and subject matter expert on ATT technologies.

Education: Preferred bachelor's degree in information systems, Engineering, Mathematics or Cyber Security or equivalent experience.

Experience: Typically requires 5-8 years' experience. Technical Career Pathway (TCP) role.

Supervisory: No.

Job ID 2043081-2 Date posted 11/04/2020

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Principal Product Cybersecurity Integration Engineer Remote/Virtual

Johnson Controls, Inc.

Posted 4 days ago

VIEW JOBS 1/14/2021 12:00:00 AM 2021-04-14T00:00 What you will do * This is a remote/virtual position that will consider candidates located within the United States or Canada. The future is being built today, and Johnson Controls is making that future more productive, more secure and more sustainable. We are harnessing the power of cloud, data analytics, the Internet of Things, and user design thinking to deliver on the promise intelligent buildings and smart cities that connect communities in ways that make people's lives - and the world - better. In this career defining opportunity within the Global Product Security organization, you will be a hands-on leader of security integration and automation initiatives aimed at making our products more resilient to cyber threats and our company more effective at managing risk. You will lead efforts to build, deploy, maintain and continuously improve a fully integrated security tool chain that embeds security, privacy, and policy controls within the product development lifecycle. You will play a critical role in enhancing the developer and customer experience making cybersecurity and risk management a foundational component of the product development process. Through a combined skill set and proficiency in business analysis, software development, systems integration, DevOps and security, you will work to advance our product security maturity infusing best-in-class security tools across the full lifecycle of our products, platforms, and service offerings. How you will do it * Utilize system integration and DevOps best practices in leading hands-on technical expertise for the design, development, deployment and adoption of an integrated security tool chain. * Understand overall security program policies and standards, and associated governance, risk and compliance in identifying and evaluating security tool integration and automation needs within and across business units, including sales channels and field engineering. * Guide security tool integration and automation strategies and roadmaps. * Provide subject matter expertise in developing solutions that optimize cybersecurity product development processes and accelerate the build out, operationalization, orchestration and adoption of the integrated security tool chain. * Engage with global product security stakeholders to advance security governance, risk, and compliance, security engineering and innovation, security operations and incident response that promote software risk reduction and business success. * Design hands-on security tool and service proof-of-concepts and pilot efforts performing objective due diligence analysis in evaluating best-in-class tools and automation solutions. * Collaborate with stakeholders to capture and understand tool data composition, storage, accessibility and reporting needs across the cybersecurity program. Ensure data needs are a critical factor in performing security automation due diligence and evaluation. * Apply effective data management principles and techniques in designing and developing secure, reliable, responsive integrated security tool chain data stores. Implement secure data connections and flow automation for each security tool introduced into the tool chain. * Establish workflow and automated processes within the integrated security tool chain to provide ETL data capabilities to supply data feeds for dashboard creation and reporting on security program health and maturity, cybersecurity risks, risk mitigations, and trends. * Work with product security marketing and communications to develop communication plans in regard to awareness, training, rollout and adoption of product security tools and automation. * Educate and train security architects, security champions, developers, and engineers on security tools and automation capabilities integrated into the product development process. * Assist in cybersecurity risk and technology assessment(s) of M&A opportunities. * Support customer-driven cybersecurity audits and inquiries via automated and/or self-service security tool chain reporting. Establish data feeds for advanced analytics and customization. * Champion continuous improvement through ingenuity, creativity and innovative thinking. What we look for Required * Technical and operational excellence, thought leadership, integrative and innovative thinking. * Self-starter highly motivated to achieve superior results in integrating advanced and emerging technologies to develop a scalable, sustainable, distributed integrated security tool chain. * Experience in integrating diverse, complex software systems and tools, and implementing operational workflows, processes and procedures to deploy capabilities across large organizations including experience in scaling distributed systems. * Proven ability to capture functional concepts and requirements and apply them to architecting integrated solutions and technical designs. * Strong ability to influence people and drive consensus, especially from other organizations. * Product development and software security experience, including secure SDLC practices, security and privacy by design architectures, and secure by default configurations. * Solid understanding of software security governance, risk and compliance activities i.e. metrics, assessments, audits, exercises, risk frameworks, and maturity models. * Experience with Continuous Integration, testing and Continuous Deployment technologies and the build out of CI/CD pipelines including build tools such as Jenkins, TeamCity, and Bamboo and CI/CD configuration tools such as Puppet, Chef, Ansible, and Salt. * Understanding of cloud, embedded, web and mobile platforms and associated architectures. * Knowledge of current software security threats, attack vectors, Common Vulnerabilities and Enumerations, along with the associated secure development practices. * Experience in the use of application security tools for security requirements, design, development, testing, deployment and execution (SAST, DAST, SCA, DB security scanning, MAST, IAST, STaaS, penetration testing, code diversity, ASTO, etc.) * Extensive understanding and experience in API development. * Exceptional problem-solving and troubleshooting skills to analyze system integration and automation operational and support issues. * Data management experience preferably at the enterprise level. * Proven ability to deliver results using agile methodologies and tools (e.g. Scrum/Kanban, JIRA.) * Excellent interpersonal, organizational, written/verbal communication, and presentation skills. * Ability to provide consulting, mentorship and training at the technical level. * Ability to build trust with stakeholders and explain tool configuration/setup, interoperability and automation security topics to all audiences. * Familiarity with technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, SOC 2 or other comparable a plus. * Bachelor's degree in Computer Science, Engineering, Information Systems, Cybersecurity or related technical degree. Master's degree preferred. * CISSP, CSSLP, CCSP or related security and PMP project management certifications are a plus. * Minimum of 14 years of experience; at least 7 years in software development and cybersecurity. * Travel is occasional at approximately 10%; including international. Johnson Controls is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit Johnson Controls, Inc. Chicago IL