Created Oct 29, 2020

Are you ready to make a difference in the world of wireless security? Then come join the T-Mobile team as a Manager, Cybersecurity - Penetration Testing!

This Manager, Cybersecurity leads the T-Mobile USA (TMUS) Penetration Testing, Bug Bounty & Responsible Disclosure function within the Vulnerability Management organization, and reports to the Senior Manager, Vulnerability Management. In this role, you will oversee the delivery of application and network vulnerability assessment and remediation consultation, leading a team comprised of full-time employee individual contributors, managed services, and external partners. The functions you will lead include internal and external penetration testing, and operating T-Mobile's Bug Bounty and Responsible Disclosure program.

Responsibilities
As T-Mobile's Penetration Testing leader, you will:

• Build and mentor high performing team with a passion for creating positive culture founded on integrity and equity
• Develop and implement the TMUS Penetration Testing vision, strategy, road map, and operations playbooks in partnership with appropriate teams across technology and business units
• Serve as the escalation point and executive liaison for major or high-profile vulnerability prevention and remediation, including validation of likelihood/impact, coordinating plans, facilitating information sharing, and reporting
• Provide timely and relevant updates to appropriate leaders and decision makers
• Manage third party contracts and engagements
• Establish meaningful measures and metrics for team performance and SLAs/OLAs
• Apply demonstrated practical and management experience to optimization of processes and tools for vulnerability disclosure, test automation and vulnerability remediation services
• Provide briefings to enterprise technology and security leadership and executive leaders
• Perform research to stay current with latest penetration testing tools and methodologies

Qualifications

• A deep understanding of cyber-security threats, vulnerabilities, controls and remediation strategies in global enterprise environments
• An ability to communicate complex and technical issues to diverse audiences, verbally and in writing, in an easily-understood, authoritative, and actionable manner
• Strong organizational skills with ability to handle multiple high visibility issues simultaneously
• Extremely organized, with strong project and resources capacity management experience
• Fluent in common cybersecurity domains such as data protection, access control, encryption, identify management, security operations, application security, penetration tests, endpoint security, vulnerability management, threat intelligence,
• A deep understanding of cyber-security threats, vulnerabilities, controls and remediation strategies in global enterprise environments
• An ability to communicate complex and technical issues to diverse audiences, verbally and in writing, in an easily-understood, authoritative, and actionable manner
• Strong organizational skills with ability to handle multiple high visibility issues simultaneously
• Extremely
• risk assessments
• Detail oriented, results driven, fast learner

Minimum Requirements:

• 4+ years in large enterprise Penetration Testing or Cyber Security Operations function, with understanding of security fundamentals and common vulnerability frameworks, leading practices, and practical experience leading similar programs
• 2+ years managing a team of full-time direct reports, responsible for your team's employee development, performance evaluations and coaching
• Familiarity with reverse engineering tools, debuggers, and dynamic analysis techniques
• Understanding of application protocols, development, and common attack vectors
• Strong secure web application development skills
• Familiarity with Systems Lifecycle Development (SDLC) best practices
• Experienced with penetration testing and scanning tools (Kali, Nessus, NMAP, Metasploit, Burp Suite, etc.)
• BA/BS in Engineering, Computer Science, Information Security, or Information Systems

Preferred:

• Knowledge of OWASP, Mitre ATT&CK and the cyber kill chain frameworks
• Experience with multiple programming languages (such as, Java, C++, Ruby, Python, Perl, etc.)
• Network and web-related protocol knowledge (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• OSCP, CISSP, CISM certifications or equivalent

"Digital Security"
*LI-KM3


Company Profile
As America's Un-carrier, T-Mobile USA, Inc. (NASDAQ: "TMUS") is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The company's advanced nationwide 4G and 4G LTE network delivers outstanding wireless experiences for customers who are unwilling to compromise on quality and value. Based in Bellevue, Washington, T-Mobile USA. Inc. provides services through its subsidiaries and operates its flagship brands, T-Mobile and Metro by T-Mobile. For more information, please visit http://www.t-mobile.com

Applicant Privacy Policy

We are committed to maintaining your trust by respecting and protecting your privacy. For more information about how T-Mobile processes the personal data of job applicants, please visit Applicant Privacy Policy.

EOE Statement
Equal Employment Opportunity

We take equal opportunity seriously-by choice.

T-Mobile USA, Inc. is an Equal Opportunity Employer. All decisions concerning the employment relationship will be made without regard to age, race, ethnicity, color, religion, creed, sex, sexual orientation, gender identity or expression, national origin, religious affiliation, marital status, citizenship status, veteran status, the presence of any physical or mental disability, or any other status or characteristic protected by federal, state, or local law. Discrimination, retaliation or harassment based upon any of these factors is wholly inconsistent with how we do business and will not be tolerated.