Principal Cybersecurity Engineer

Job Description:

As a Principal Cybersecurity Engineer specializing in Application Security, you will play a critical role in ensuring the security and integrity of our software applications. You will lead efforts to integrate security into the development lifecycle, implement security tools, and apply threat modeling principles to identify and mitigate risks.

Key Responsibilities:

• Secure Development: Lead the design and implementation of secure coding practices across the development teams. Conduct code reviews and provide guidance on secure coding standards.
• Security Tool Pipeline Integration: Develop and maintain security tools and processes within the CI/CD pipeline. Ensure seamless integration of security testing tools such as SAST, DAST, and IAST.
• Threat Modeling: Conduct threat modeling exercises to identify potential security threats and vulnerabilities. Collaborate with development teams to design and implement effective security controls.
• Security Assessments: Perform regular security assessments, including penetration testing and vulnerability scanning, to identify and address security weaknesses.
• Incident Response: Lead incident response efforts for application security incidents. Develop and maintain incident response plans and procedures.
• Training and Awareness: Provide training and mentorship to development teams on secure coding practices and application security principles. Promote a culture of security awareness within the organization.
• Collaboration: Work closely with cross-functional teams, including developers, DevOps, and IT, to ensure security is integrated into all stages of the software development lifecycle.
• Compliance: Ensure compliance with relevant security standards and regulations, such as OWASP, NIST, and GDPR.

Qualifications:

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.
• 8+ years of experience in cybersecurity, with a focus on application security.
• Strong knowledge of secure development practices, security tool integration, and threat modeling.
• Experience with security tools such as SAST, DAST, IAST, and vulnerability management platforms.
• Proficiency in programming languages such as Java, C#, Python, or JavaScript.
• Excellent problem-solving skills and the ability to think like an attacker.
• Strong communication and leadership skills.
• Relevant certifications such as CISSP, CEH, or OSCP are a plus.

Weekly Hours:

40

Time Type:

Regular

Location:

ISR:01:Lod / 2 Negev St; Airport City - Adm:2 Negev Street; Airport City

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made.