Sr. Engineer, Cybersecurity - Threat Response
T-Mobile · Overland Park, KS · 2 wk ago
Information TechnologyFull-time
Job Responsibilities
- Conduct analysis of security alerts, incidents, and threat intelligence to identify potential risks and assess impact to systems and business operations.
- Lead and support cybersecurity incident response activities, including detection, investigation, containment, eradication, recovery, and post-incident review.
- Serve as Incident Commander during cybersecurity incidents, coordinating multi-functional response efforts, driving decision-making, managing communications, and ensuring timely resolution of security events.
- Conduct proactive investigations to identify emerging threats, validate security controls, and improve detection and response capabilities.
- Develop and implement response procedures and mitigation strategies to reduce organizational risk.
- Collaborate with internal technology teams and business partners to investigate security events and drive remediation efforts.
- Partner closely with network, cloud, infrastructure, and application teams to investigate security incidents impacting enterprise and telecommunications environments.
- Document incident findings, root cause analysis, response actions, and lessons learned in accordance with company policies and regulatory requirements.
- Communicate incident status, technical findings, and remediation recommendations to leadership and key collaborators.
- Contribute to continuous improvement of detection and response capabilities through process enhancements, tuning opportunities, automation, and knowledge sharing.
- Monitor evolving threat activity and apply industry standards to improve organizational resilience.
- Provide technical guidance and mentoring to peers and junior team members.
- Participate in cybersecurity initiatives and projects assigned by management.
- Participate in an on-call rotation to provide after-hours support for cybersecurity incident escalations originating from the Security Operations Center (SOC).
- Bachelor's Degree plus 5 years of related work experience OR Advanced degree with 3 years of related experience. Acceptable areas of study include Computer Science or Information Technology. (required)
- 4-7 years experience with security related software and/or business process design.
- 4-7 years experience in technical project management and leading multi-functional solution design teams.
- 4-7 years experience in network information security, including firewall policy design, SSL certificate management, and vulnerability analysis and mitigation.
- Experience supporting cybersecurity operations, security investigations, or incident response activities.
- Experience with enterprise security technologies and security monitoring platforms.
- Experience serving as an Incident Commander, Incident Lead, or similar coordination role during major cybersecurity incidents or enterprise outages.
- Knowledge of telecommunications, carrier, service provider, or large-scale network environments, including core networking concepts, network protocols, and network security principles.
- Experience investigating network-based attacks, telecommunications infrastructure security events, or incidents involving enterprise and carrier-grade technologies.
- Experience conducting digital forensics investigations and knowledge of forensic tools such as Axiom, KAPE, EnCase, X-Ways, Cellebrite, or similar platforms.
- Experience with MITRE ATT&CK, Cyber Kill Chain, and NIST/SANS Incident Handling frameworks.
- Experience with SOAR platforms and security automation development.
- Knowledge of cloud security and enterprise-scale environments.
- Experience with SIEM, IDS/IPS, EDR, and security monitoring technologies.
- Solid understanding of network security, routing, switching, DNS, TCP/IP, telecommunications technologies, threat detection, and incident response methodologies.
- Strong knowledge of enterprise networking concepts, including TCP/IP, DNS, routing, switching, firewalls, network protocols, and network-based threat detection and response.
- Knowledge of adversary tactics, techniques, and procedures (TTPs), threat-informed defense methodologies, and proactive investigation techniques.
- Knowledge of scripting tools (Python, Perl, Shell, HTML, PHP).
- Strong analytical, troubleshooting, and problem-solving skills.
- Ability to communicate technical findings to both technical and non-technical audiences.