Senior-Technology Security (DevSecOps)
Posted on Dec 9, 2018 by AT&T
This position will review & analyze security requirements and develop integrated plans to protect customer & employee data, AT&T assets, and comply with AT&T Security Requirements, government, and industry regulations. This positional will partner with other business units to implement short term and long-term plans to build industry leading security measures. This position's primary role will focus on building and enhancing security standards across retail and call center applications.
Key Roles and Responsibilities:
* Researching, recommending, documenting, and coordinating implementation of changes to policies, procedures, facilities, and systems to enhance security as well as developing and delivering corporate security awareness training for users and technical security training for system administrators.
* Facilitates compliance with company security policies, practices and legal requirements. May provide support to non-management employees, including coaching, on-the-job and formal training, reference materials, procedures and system documentation.
* Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information.
* Utilize automated tools like Fortify, WebInspect, Veracode, IBM AppScan and implements processes to conduct system vulnerability assessments and determine security postures of systems.
* Analyze security scans of information systems to identify and assess vulnerabilities.
* Coordinate with delivery teams, operations teams, and Chief Security Office, to identify and mitigate or remediate security vulnerabilities, implement security controls and/or frameworks.
* Work with software engineers and operations teams to remediate vulnerability alerts issued by Chief Security Office.
* Serve as a liaison between Chief Security Office and application delivery teams.
* Interface with other stakeholders including vendors, application development and technical support staff, and clients.
* May provide inventory and asset management resources to security operation, including administrative supplies, security specific resources such as SecurID cards or cryptographic key management, and specialized security software.
Required Experience and Skills:
* Senior level industry experience in Cyber Security.
* At least of one of CISSP, CompTIA Security+, GIAC Certification is preferred.
* Hands on experience with security testing tools like Fortify, WebInspect, Veracode, IBM AppScan.
* Hands on Threat Modeling experience for web and mobile applications utilizing OWASP, NIST, SANS and other industry standard frameworks.
* Prior development experience in J2EE and other web technologies is desired.
* Vulnerability management and reporting.
* PCI-DSS assessment experience.
* Deep understanding of industry standard cryptography technologies.
* DevSecOps experience is a plus.
Education: Bachelor of Science degree in the field of Computers, Engineering, or Security preferred.
Experience: Typically has 5-8 years of relevant experience.
Job ID Date posted 11/05/2018 SDL2017