Lead Cybersecurity - AppSec Vulnerability Test Manager

Job Description:

About the Company:

At AT&T, we’re connecting the world through the latest tech, top-of-the-line communications and the best in connectivity. Our groundbreaking digital solutions provide intuitive and integrated experiences for millions of customers across online, retail and care channels. Join our mission to deliver compelling communication and entertainment experiences to customers around the world as we continue to evolve as a technology-powered, human-centered organization. As part of our team, you’ll transform the way we deliver a seamless customer experience with digital at the center of all you do. In our world, digital is much larger than just an eCommerce channel, we are transforming all channels to digitally perform as one team to create a better customer experience. As we move into 2024, the digital transformation will revolutionize the digital space and you can build a career that will propel your future.

About the Job:

This position is a Lead Cyber Security to perform Application Security Testing Management in Chief Security Office. This profile will be help in preventing risk by orchestrating the application security testing projects. The role needs to demonstrate understanding of AppSec Vulnerability principles and methodologies to create and manage test schedules, communicate with development teams to answer questions/provide feedback, capture credentials and establish approved scan windows.

Experience Level: 12+ years

Location: Hyderabad or Bengaluru

Roles and Responsibilities:

• First Point of contact for app teams who have security scanning questions – Customer Facing
• Provide guidelines, oversight, and best practices for:
  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Software Composition Analysis (SCA)
• Provide guidance to development teams on how to properly integrate application scans into their pipelines.
• Gather and analyze threat intelligence for security issues and vulnerabilities.
• Develop specifications for application security and mitigation techniques.
• Coordinate mitigation and remediation of detected vulnerabilities to maintain a high-security standard and a hardened environment that satisfies AT&T remediation guidelines (facilitate remediation activities between app team and security testers)
• Research security enhancements and make recommendations to management.
• Perform other duties of a similar nature or level.
• Establish and manage program status reporting structure and cadence.
• Credential gathering/management to facilitate efficient scan scheduling.
• Process improvements, automation, and innovation that improve both security scanning activities as well as efficient handling of vulnerability reporting and remediation.
• Establish and manage reporting, escalation, and tracking to ensure adherence to scan schedules.
• Establish and manage program metrics and measurements.

Primary / Mandatory skills:

Overall – 12+ years of IT experience

• 9+ years of Project management/BA/QA experience
• 4+ years of Application Security Experience
• Bachelor's degree required
• Deep familiarity with the OWASP Top 10 and other security concerns for web applications
• Familiarity with OWASP Application Security Verification Standards (ASVS)
• Familiarity with SAST, DAST, SCA Scanning practices
• Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) as found by scanning tools
• Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications
• Excellent verbal and written communication skills
• Team-oriented thinking with demonstrated ability to produce high-quality work as part of a fast-paced, dynamic team
• Proven ability to communicate, collaborate, and present effectively with teams and individuals in different disciplines or areas (English language proficiency required)

Technical Skills: Project Management, Scheduling, Appsec Domain understanding.

Additional information (if any): Flexible to provide coverage in US morning hours.

Certification: CSSLP, PMP or equivalent

Weekly Hours:

Time Type:

Location:

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities.