Lead Cybersecurity

USA:GA:Alpharetta / 500 North Point Pkwy - Adm (Owned):500 North Point Pkwy

AT&T

Shop deals on new phones including iPhone 16, unlimited data plans, and home internet with AT&T Fiber. Get 24/7 support, pay your bills & manage your account online.

View all jobs at AT&T

Apply now Apply later

Job Description:

About the Company:

Join AT&T and reimagine the communications and technologies that connect the world. Our Consumer Technology experience team is delivering innovative and reliable technology solutions to power differentiated, simplified customer experiences. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won’t just imagine the future-you’ll create it.

About the Job:

Responsible for cybersecurity areas across products, services, infrastructure, networks, and/or applications while providing protection for AT&T, our customers and our vendors/partners. Works with senior team members on various projects relating to the protection of devices, customers, assets, data, information technology, and networks. Supports innovation, strategic planning, technical proof of concepts, testing, lab work, and various other technical program management related tasks associated with the cyber security programs.

Key Roles and Responsibilities:

  • Includes ideation, testing, proof of concept and support for various cyber related projects.

  • Analysis of complex security issues and the development and engineering activities to help mitigate risk.

  • Analyzes various hardware and/or software solutions recommending purchases and identifying modifications to fit AT&T's cyber security needs and that of our managed services teams.

  • Develops policies and procedures to minimize network intrusion, malware events and vulnerability issues for internal and external customers.

  • Applies measures to block malicious code and applications.

  • Includes forward looking research, planning and strategy to strengthen our stance against future cybersecurity threats and enhance our mitigation techniques and technology solutions.

  • Areas of work in this include, but are not limited to: Cyber Incident Response, cyber product testing, cyber risk & strategic analysis, cyber research, cyber awareness & training, cyber vulnerability detection & assessment, cyber intelligence & investigation, cyber networks & systems engineering, cybersecurity application testing, cyber digital forensics & forensics analysis, cyber software assurance, cyber application development & testing, cyber IoT planning & testing, cyber policy & requirements & standards.  

Responsibilities and Day to Day View:

•    Cybersecurity in Non-Production SDLC Environments: Lead cybersecurity initiatives across products, services, infrastructure, networks, and applications, ensuring robust protection for our enterprise, customers, and partners
•    Project Collaboration and Innovation: Partner with senior team members on projects aimed at safeguarding devices, data, IT assets, Software and networks. Drive innovation through strategic planning, technical proof of concepts, testing, and lab work.
•    Team Collaboration and Mentorship: Collaborate with and mentor team members, fostering a culture of continuous learning and improvement.
•    Ideation and Testing: lead ideation, testing, and proof of concept for various cybersecurity projects, ensuring cutting-edge solutions.
•    Threat Mapping and Analysis: Conduct threat mapping, threat modeling, and analysis of hardware, software, and services to develop comprehensive cybersecurity test plans and TTPs.
•    Ethical Hacking Leadership: Lead ethical hacking efforts in non-production environments to identify and remediate security vulnerabilities early in the SDLC lifecycle.
•    Staying Current with Industry Standards: Stay on top of cutting-edge security industry standards and best practices to ensure our security measures are always up-to-date and effective
•    Ethical Hacking Leadership: Lead ethical hacking efforts in non-production environments to identify and remediate security vulnerabilities early in the SDLC lifecycle
•    Comprehensive Reporting: Prepare detailed reports documenting security test findings, vulnerabilities, and their impacts. Conduct risk assessments and provide actionable remediation recommendations.
•    Clear Documentation: Ensure all documentation is clear, accurate, and accessible to relevant stakeholders
•    Solution Analysis and Recommendations: Analyze various hardware and software solutions, recommending purchases and modifications to meet our cybersecurity needs
•    Policy and Procedure Development: Develop and implement policies and procedures to minimize network intrusions, malware events, and vulnerabilities for internal and external customers
•    Vulnerability Lifecycle Management: Manage the cybersecurity vulnerability lifecycle, working with development and other teams to report, track, and lead remediation efforts across the SDLC
•    Forward-Looking Research and Strategy: Conduct forward-looking research and strategic planning to strengthen our defenses against future cybersecurity threats. Enhance mitigation techniques and technology solutions in areas such as Cyber Incident Response, cyber product testing, vulnerability reporting, cyber risk analysis, cyber research, cyber awareness and training, cyber vulnerability detection and assessment, cyber intelligence and investigation, cyber networks and systems engineering, cyber security application testing, cyber digital forensics, cyber software assurance, cyber application development and testing, cyber IoT planning and testing, and cyber policy and standards

Qualifications:

•    Senior-Level Ethical Hacking Expertise: Extensive experience in ethical hacking using both manual and automated TTPs
•    Team Leadership and Mentoring: Proven ability to mentor and lead team members, fostering a collaborative and innovative work environment
•    Strong Understanding of Security Concepts: Deep knowledge of cybersecurity principles, including common attack vectors, security protocols, encryption techniques, and best practices
•    Technical Proficiency: Proficiency in using various security tools and technologies such as vulnerability scanners (e.g., Nessus, OpenVAS), network sniffers, penetration testing tools (e.g., Metasploit), OWASP ZAP, and packet analyzers
•    Operating System Knowledge: In-depth understanding of various operating systems (e.g., Windows, Linux, Unix) and their vulnerabilities, with hands-on experience in securing them
•    Networking Knowledge: Familiarity with networking protocols, services, and infrastructure components (e.g., TCP/IP, DNS, DHCP, firewalls, routers) to understand potential vulnerabilities in networked environments
•    Programming and Scripting Skills: Ability to write scripts and automate tasks using languages like Python, PowerShell, or Bash, which is crucial for customizing security tools, analyzing data, and developing exploits
•    Critical Thinking and Problem-Solving: Strong analytical skills to assess complex systems, identify vulnerabilities, and propose effective solutions to mitigate risks
•    Attention to Detail: Thoroughness and attention to detail are essential for conducting comprehensive vulnerability assessments and ensuring no potential weaknesses are overlooked
•    Communication Skills: Ability to effectively communicate technical information to both technical and non-technical stakeholders, including writing clear and concise vulnerability assessment reports and providing recommendations for remediation
•    Continuous Learning: Cybersecurity is a rapidly evolving field, so a willingness to continuously learn and stay updated on the latest security trends, tools, and techniques is crucial for success in this role
•    Web Application Security: Knowledge of web application security concepts, common vulnerabilities (e.g., OWASP Top 10), and techniques for testing web applications, including manual testing and using automated scanners like Burp Suite or OWASP ZAP
•    Secure Development Practices: Understanding secure coding practices, the ability to review code for security flaws, and give guidance to developers on writing secure code
•    Technical Proficiency: Proficiency in using various security tools and technologies such as vulnerability scanners (e.g., Nessus, OpenVAS), network sniffers, penetration testing tools such as Metasploit, OWASP ZAP and packet analyzers
 

Understanding of Vulnerability Concepts:  
•    Definition of Vulnerability: A vulnerability is a weakness or flaw in a system, network, application, or process that could be exploited by threat actors to compromise the confidentiality, integrity, or availability of data or resources
•    Vulnerability Classification: Vulnerabilities can manifest in various forms, including software bugs, misconfigurations, design flaws, human errors, and inadequate security controls. Common types of vulnerabilities include buffer overflows, SQL injection, cross-site scripting (XSS), authentication bypass, and insecure direct object references
•    Common Vulnerability Scoring System (CVSS): CVSS is a standardized framework for assessing the severity and impact of vulnerabilities. It provides a numerical score based on factors such as exploitability, impact, and remediation level to help prioritize and manage vulnerabilities effectively
•    Zero-Day Vulnerabilities: Zero-day vulnerabilities are vulnerabilities that are actively exploited by threat actors before a patch or mitigation is available from the vendor. These vulnerabilities pose a significant risk because organizations have no advance notice or protection against them
•    Business Impact:  Evaluating the potential consequences of disruptions to critical business operations, helping organizations understand the financial, operational, and reputational impacts of such events
•    Exploitability:  Evaluating the feasibility and potential impact of exploiting vulnerabilities within systems or applications, aiding in determining the level of risk posed by these vulnerabilities and guiding prioritization of mitigation efforts

Education:

Preferred Bachelors degree in Information Systems, Engineering, or Cyber Security.

Experience:

Typically requires 5-8 years experience. Technical Career Pathway (TCP) role.

Supervisory:

No.

Our Lead Cybersecurity, earns between $128,400.00-$192,600.00 USD Annual, Not to mention all the other amazing rewards that working at AT&T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.

 

Joining our team comes with amazing perks and benefits:

· Medical/Dental/Vision coverage.

· 401(k) plan

· Tuition reimbursement program.

· Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)

· Paid Parental Leave.

· Paid Caregiver Leave.

· Additional sick leave beyond what state and local law require may be available but is unprotected.

· Adoption Reimbursement.

· Disability Benefits (short term and long term)

· Life and Accidental Death Insurance.

· Supplemental benefit programs: critical illness/accident hospital indemnity/group legal.

· Employee Assistance Programs (EAP)

· Extensive employee wellness programs.

· Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone.

 

AT&T is leading the way to the future – for customers, businesses and the industry. We're developing new technologies to make it easier for our customers to stay connected to their world. Together, we’ve built a premier integrated communications and entertainment company and an amazing place to work and grow. Team up with industry innovators every time you walk into work, creating the world you always imagined. Ready to #transformdigital with us?

Apply now!

#ConsumerTechnologyeXperience

Weekly Hours:

40

Time Type:

Regular

Location:

Alpharetta, Georgia

Salary Range:

$128,400.00 - $215,800.00

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities.

Apply now Apply later
Job stats:  0  0  0
Category: Leadership Jobs

Tags: Application security Bash Burp Suite CVSS DNS Encryption Ethical hacking Exploits Firewalls Forensics Incident response IoT Linux Malware Metasploit Nessus OpenVAS OWASP Pentesting PowerShell Python Risk analysis Risk assessment Scripting SDLC SQL SQL injection Strategy TCP/IP TTPs UNIX Vulnerabilities Windows XSS Zero-day

Perks/benefits: Career development Health care Insurance Medical leave Parental leave Team events Wellness

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.