Kansas Works Veterans Jobs

Kansas Works Logo

Job Information

T-Mobile Principal CIRT Engineer, Cybersecurity in Overland Park, Kansas

Are you ready to make a difference in the world of wireless security? Then come join the T-Mobile team as a Principal Engineer, Cyber Incident Response!

The Principle Engineer, Cyber Incident Response role working in the Digital Security Organization will be responsible for monitoring, assessing, and responding to information security events in a large diverse enterprise environment. The best candidate for the role should have a strong comprehension of incident response, be team-oriented, strongly self-motivated, comfortable in a fast-paced work environment while continuously improving their professional knowledge and skills work well with other people, and have strong verbal and written communication skills. This position correlates security related data across the enterprise, performs Security Incident Response Handling and Incident containment/recovery and assists application owners to understand and implement the security aspects of their applications. Additionally, the candidate must have vast knowledge of system security design and network security best practices. Analytical and organizational skills, and the ability to effectively communicate and work independently and as part of a team are required. The person in this position will ideally work in the Overland Park, KS headquarters campus, but can be filled in any T-Mobile office location.

What you’ll do in your role.

Principle Cyber Incident Response Engineers are experienced incident responders for the proper handling of Information Security incidents, coordinate efforts of and provide timely updates to multiple business units during response as well as provide recommendations to the units as required. Engineers have experience in security aspects of multiple platforms, operating systems, software, communications, and network protocols providing the foundation to successfully:

  • Cyber Incident Detection and Response

  • Investigate, lead, and manage security incidents to ensure timely mitigation and remediation efforts are completed

  • Develop content to improve detective capabilities in SIEM, EDR, NDR, and other cyber defense tools

  • Analyze disparate data sources for security incidents

  • Respond to network security incidents promptly to mitigate damage or restore service

  • A champion for process, recommending tool, software development, or infrastructure changes to improve or enhance security

  • Lead escalated Security events serving as incident commander

  • Investigate network anomalies and other cyber security events to determine the cause and extent of exposure and overall risk to the environment

  • Provide coordination of significant incidents and supported entities to ensure proper analysis is performed and timely and accurate reporting of the incident is affected.

  • Effectively respond to case work relating to computer security vulnerabilities, phishing, malware, and forensic investigations

  • Participate in Cyber Incident Response Team (CIRT) rotation that may involve non-traditional working hours

  • Cybersecurity Forensics Analysis

  • Participate in forensic investigations as required, to include the collection, preservation of electronic evidence, analysis, and creation of a final report

  • Preserve and forensically analyze data from electronic data sources, including laptop and desktop computers, servers, and mobile devices

  • Preserve, harvest, and process electronic data according to company policies and regulatory requirements

  • Cybersecurity Malware Analysis

  • Cybersecurity Incident Analytics and Reporting

  • Develop and deliver metrics as requested

  • Perform quality assurance reviews of Cyber Incident Tickets

  • Perform quality assurance reviews of SIEM rules and Indicators of Compromise

  • Cyber Threat Hunting

  • Security Consulting

  • Develop and Maintain Incident Response Plan and Playbook

  • Provide on-boarding training and coaching to/for lower-level consultants

  • Be familiar with current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy

  • Assist intrusion remediation and strategy development and implementation.

  • Recommend effective process changes to enhance defense and response procedures.

  • Development and upkeep of standard operating procedures with the insight to know when new ones need to be developed

  • General Responsibilities

  • Manage personal project work

  • Lead and Manage small to medium sized projects as directed

  • Work independently or among team members to ensure incident procedures address the objectives of the security incident response program, and review required documentation for adherence to the department standards and process

  • Ability to anticipate and respond to changing priorities, and operate effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness

  • Produce high quality oral and written work, presenting complex technical matters clearly and concisely with audiences ranging from peers to Sr. Management

The experience you’ll bring.

  • Cyber Incident Handling experience

  • High-level network troubleshooting ability

  • Ability to plan, organize and prioritize tasks to complete independently and within time frame established

  • Knowledge and experience with current cyber threats and landscape to Enterprise environments.

  • In-depth knowledge of security best practices in large-scale environments

  • In-depth knowledge of security technologies such as, but not limited to:

  • Intrusion Detection/Prevention systems

  • Security Information and Event Management (SIEM)

  • Network Windows/Linux forensics techniques

  • Endpoint Detection and Response Tools

  • Network Detection and Response Tools

  • Vulnerability scanning tools

  • In-depth knowledge of networking and OS technologies such as, but not limited to:

  • Diagnostic tools such as packet capture/decode and WAN probes

  • Operating Systems: Windows and UNIX – Solaris, HP/UX, or Linux operating systems administration

  • Networking components including routers, hubs, switches, etc.

  • TCP/IP protocols

  • Technical experience in reviewing and understand systems logs to include Sysmon logs.

  • The ability to ingest adversarial tactics, techniques, and procedures to remain flexible and functional.

  • OSI Seven Layer Model

  • Knowledge of state and Federal regulatory requirements PCI, PII, CPNI requirements

  • Strong verbal and written communication skills

Desired:

  • 5 years of information technology experience and a minimum of 2-3 years of Incident Response

  • Having at least one current form of following certifications is preferred: GCIH, GCIA, GCFA or GREM

  • You will be evaluated based on your level of competency in the following areas:

  • Knowledge of Information Technology

  • Knowledge of Incident Response Procedures

  • Knowledge of Digital Forensics

  • Knowledge of Packet Analysis

  • Knowledge of System Log Analysis (Windows and Linux)

  • Logical thinking and analytical ability

  • The ability to solve problems independently

  • Verbal and written communication ability

  • Sound decision-making ability

Minimum Requirements:

  • Bachelor’s degree in Computer Science, Information Technology, or related field from an accredited 4-year college or university, or equivalent experience

  • United States Citizenship and legally authorized to work in the United States

  • At least 18 years of age

  • High School Diploma or GED

  • T-Mobile requires all employees in this position to be fully vaccinated for COVID-19 prior to starting work. The CDC defines “fully vaccinated” as two weeks after the second dose for Pfizer and Moderna, and two weeks after the single dose of Johnson & Johnson. T-Mobile will require proof of vaccination and consider requests for exemption from this requirement during the offer phase as a reasonable accommodation for medical reasons or sincerely held religious beliefs where the accommodation would not cause T-Mobile undue hardship or pose a direct threat to the health and safety of others

“Digital Security”

*LI-KM3

  • At least 18 years of age

  • Legally authorized to work in the United States

  • High School Diploma or GED

  • T-Mobile requires all employees in this position to be fully vaccinated for COVID-19 prior to starting work. The CDC defines “fully vaccinated” as two weeks after the second dose for Pfizer and Moderna, and two weeks after the single dose of Johnson & Johnson. T-Mobile will require proof of vaccination and consider requests for exemption from this requirement during the offer phase as a reasonable accommodation for medical reasons or sincerely held religious beliefs where the accommodation would not cause T-Mobile undue hardship or pose a direct threat to the health and safety of others.

Position details

Req ID: 174786BR

Department: Engineering

Travel Required: No

DirectEmployers