Job Description:

About the Company:

At AT&T, we’re connecting the world through the latest tech, top-of-the-line communications and the best in entertainment. Our groundbreaking digital solutions provide intuitive and integrated experiences for millions of customers across online, retail and care channels. Join our mission to deliver compelling communication and entertainment experiences to customers around the world as we continue to evolve as a technology-powered, human-centered organization. As part of our team, you’ll transform the way we deliver a seamless customer experience with digital at the center of all you do. In our world, digital is much larger than just an eCommerce channel, we are transforming all channels to digitally perform as one team to create a better customer experience. As we move into 2024, the digital transformation will revolutionize the digital space and you can build a career that will propel your future.

About the Job:

We are seeking an experienced Application security professional who will be accountable for supporting Chief Security Office stakeholders in improving the efficiency of risk remediation and prioritization of remediation resources by rationalizing the risk represented by vulnerabilities.

This professional must be highly organized and able to manage various stakeholder requests as they arise with strong multitasking skills and technical acumen. In addition, the professional must also be able to assist mentor team members in the designated areas of responsibility.

Experience Level: 12+ years

Location: Hyderabad /  Bengaluru

Responsibilities Include:

• Responsible for conducting both discrete and volumetric risk analysis of existing and emerging threats specifically identified through the Vulnerability Management Processes. 
• This work includes assess true risk of CVE's that have a large impact on AT&T's resources as well as highly critical applications with a high number of vulnerabilities. 
• Quickly triage vulnerabilities to provide detailed remediation/mitigation steps to reduce true risk to the business.  

Required skills:

• 12 years minimum experience in a Application Security
• 5 plus years of Vulnerability Management
• Advanced Vulnerability Management: Expertise in identifying, analyzing, and remediating complex vulnerabilities, including zero-day exploits. Extensive experience with security tools like Tenable, Veracode, and Shodan.
• Application Security (AppSec): In-depth knowledge of application security principles, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten). Experience in performing code reviews, penetration testing, and security assessments. 
• Threat Modeling and Risk Assessment: Proficiency in threat modeling techniques to anticipate and mitigate potential attack vectors. Expertise in evaluating and adjusting risk ratings for vulnerabilities to ensure accurate prioritization.
• Security Tools Configuration: Advanced skills in configuring and optimizing security tools to improve detection accuracy and reduce false positives. Experience with industry-standard risk calculations and ratings.
• Development Skills: Proficiency in scripting and automation to streamline vulnerability management processes. Experience with programming languages such as Python, Go, or similar for developing custom security tools.
• Data Analysis: Strong analytical skills for interpreting security data and identifying false positives. Ensuring the accuracy and reliability of vulnerability data through rigorous validation.

Desirable skills:

• Bachelors or Masters in Computer Sciences Engineering.
• Red Teaming and Penetration Testing: Experience in conducting red teaming exercises and penetration testing to identify and exploit vulnerabilities in a controlled environment. Ability to think like an attacker to uncover hidden weaknesses.
• Security Architecture and Engineering: Expertise in designing and implementing robust security architectures. Experience in building secure systems from the ground up, integrating security into every stage of development.
• Incident Response and Forensics: Advanced knowledge of incident response processes, including the ability to handle complex security incidents and conduct forensic investigations. Experience in building and leading incident response teams.
• DevSecOps Integration: Experience in integrating security into the DevOps pipeline, ensuring continuous security throughout the development lifecycle. Proficiency in using CI/CD tools to automate security testing and remediation.
• Advanced Threat Detection and Hunting: Skills in advanced threat detection techniques, including threat hunting and behavioral analysis. Experience with tools and methodologies for detecting sophisticated cyber threats.
• Innovation and Tool Development: Ability to develop innovative security tools and solutions to address emerging threats. Experience in creating custom scripts and applications to enhance security operations.

Technical Skills: Vulnerability management, Development skills, Appsec Skills, Data Analysis

Additional information (if any): Flexible to provide coverage in US morning hours.

Certification: CISSP, CCSP, GWAPT and/or other relevant certifications.

Weekly Hours:

Time Type:

Location:

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities.