T-Mobile Principal CIRT Engineer, Cybersecurity in Overland Park, Kansas
Are you ready to make a difference in the world of wireless security? Then come join the T-Mobile team as a Principal Engineer, Cyber Incident Response!
The Principle Engineer, Cyber Incident Response role working in the Digital Security Organization will be responsible for monitoring, assessing, and responding to information security events in a large diverse enterprise environment. The best candidate for the role should have a strong comprehension of incident response, be team-oriented, strongly self-motivated, comfortable in a fast-paced work environment while continuously improving their professional knowledge and skills work well with other people, and have strong verbal and written communication skills. This position correlates security related data across the enterprise, performs Security Incident Response Handling and Incident containment/recovery and assists application owners to understand and implement the security aspects of their applications. Additionally, the candidate must have vast knowledge of system security design and network security best practices. Analytical and organizational skills, and the ability to effectively communicate and work independently and as part of a team are required. The person in this position will ideally work in the Overland Park, KS headquarters campus, but can be filled in any T-Mobile office location.
What you’ll do in your role.
Principle Cyber Incident Response Engineers are experienced incident responders for the proper handling of Information Security incidents, coordinate efforts of and provide timely updates to multiple business units during response as well as provide recommendations to the units as required. Engineers have experience in security aspects of multiple platforms, operating systems, software, communications, and network protocols providing the foundation to successfully:
Cyber Incident Detection and Response
Investigate, lead, and manage security incidents to ensure timely mitigation and remediation efforts are completed
Develop content to improve detective capabilities in SIEM, EDR, NDR, and other cyber defense tools
Analyze disparate data sources for security incidents
Respond to network security incidents promptly to mitigate damage or restore service
A champion for process, recommending tool, software development, or infrastructure changes to improve or enhance security
Lead escalated Security events serving as incident commander
Investigate network anomalies and other cyber security events to determine the cause and extent of exposure and overall risk to the environment
Provide coordination of significant incidents and supported entities to ensure proper analysis is performed and timely and accurate reporting of the incident is affected.
Effectively respond to case work relating to computer security vulnerabilities, phishing, malware, and forensic investigations
Participate in Cyber Incident Response Team (CIRT) rotation that may involve non-traditional working hours
Cybersecurity Forensics Analysis
Participate in forensic investigations as required, to include the collection, preservation of electronic evidence, analysis, and creation of a final report
Preserve and forensically analyze data from electronic data sources, including laptop and desktop computers, servers, and mobile devices
Preserve, harvest, and process electronic data according to company policies and regulatory requirements
Cybersecurity Malware Analysis
Cybersecurity Incident Analytics and Reporting
Develop and deliver metrics as requested
Perform quality assurance reviews of Cyber Incident Tickets
Perform quality assurance reviews of SIEM rules and Indicators of Compromise
Cyber Threat Hunting
Develop and Maintain Incident Response Plan and Playbook
Provide on-boarding training and coaching to/for lower-level consultants
Be familiar with current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy
Assist intrusion remediation and strategy development and implementation.
Recommend effective process changes to enhance defense and response procedures.
Development and upkeep of standard operating procedures with the insight to know when new ones need to be developed
Manage personal project work
Lead and Manage small to medium sized projects as directed
Work independently or among team members to ensure incident procedures address the objectives of the security incident response program, and review required documentation for adherence to the department standards and process
Ability to anticipate and respond to changing priorities, and operate effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness
Produce high quality oral and written work, presenting complex technical matters clearly and concisely with audiences ranging from peers to Sr. Management
The experience you’ll bring.
Cyber Incident Handling experience
High-level network troubleshooting ability
Ability to plan, organize and prioritize tasks to complete independently and within time frame established
Knowledge and experience with current cyber threats and landscape to Enterprise environments.
In-depth knowledge of security best practices in large-scale environments
In-depth knowledge of security technologies such as, but not limited to:
Intrusion Detection/Prevention systems
Security Information and Event Management (SIEM)
Network Windows/Linux forensics techniques
Endpoint Detection and Response Tools
Network Detection and Response Tools
Vulnerability scanning tools
In-depth knowledge of networking and OS technologies such as, but not limited to:
Diagnostic tools such as packet capture/decode and WAN probes
Operating Systems: Windows and UNIX – Solaris, HP/UX, or Linux operating systems administration
Networking components including routers, hubs, switches, etc.
Technical experience in reviewing and understand systems logs to include Sysmon logs.
The ability to ingest adversarial tactics, techniques, and procedures to remain flexible and functional.
OSI Seven Layer Model
Knowledge of state and Federal regulatory requirements PCI, PII, CPNI requirements
Strong verbal and written communication skills
5 years of information technology experience and a minimum of 2-3 years of Incident Response
Having at least one current form of following certifications is preferred: GCIH, GCIA, GCFA or GREM
You will be evaluated based on your level of competency in the following areas:
Knowledge of Information Technology
Knowledge of Incident Response Procedures
Knowledge of Digital Forensics
Knowledge of Packet Analysis
Knowledge of System Log Analysis (Windows and Linux)
Logical thinking and analytical ability
The ability to solve problems independently
Verbal and written communication ability
Sound decision-making ability
Bachelor’s degree in Computer Science, Information Technology, or related field from an accredited 4-year college or university, or equivalent experience
United States Citizenship and legally authorized to work in the United States
At least 18 years of age
High School Diploma or GED
T-Mobile requires all employees in this position to be fully vaccinated for COVID-19 prior to starting work. The CDC defines “fully vaccinated” as two weeks after the second dose for Pfizer and Moderna, and two weeks after the single dose of Johnson & Johnson. T-Mobile will require proof of vaccination and consider requests for exemption from this requirement during the offer phase as a reasonable accommodation for medical reasons or sincerely held religious beliefs where the accommodation would not cause T-Mobile undue hardship or pose a direct threat to the health and safety of others
At least 18 years of age
Legally authorized to work in the United States
High School Diploma or GED
T-Mobile requires all employees in this position to be fully vaccinated for COVID-19 prior to starting work. The CDC defines “fully vaccinated” as two weeks after the second dose for Pfizer and Moderna, and two weeks after the single dose of Johnson & Johnson. T-Mobile will require proof of vaccination and consider requests for exemption from this requirement during the offer phase as a reasonable accommodation for medical reasons or sincerely held religious beliefs where the accommodation would not cause T-Mobile undue hardship or pose a direct threat to the health and safety of others.
Req ID: 174786BR
Travel Required: No