דרושים Assoc Director–cybersecurity–dynamic Defense ב-Att ב-India, Bengaluru

:

• Minimum of 6 years of experience in Certificate Management.
• Strong background in managing and troubleshooting the certificate Key Pairs, Including Public and Private Keys.
• Solid understanding of Identity and Access Management (IAM) and Apache/Tomcat best practices, and a passion for staying up to date with the latest industry trends in performing the SSL handshakes.
• Strong analytical and problem-solving skills, with the ability to troubleshoot and resolve Certificate related issues.

Technical Skills & Responsibilities:

• Experience with Certificate Tools : Proficiency in using certificate management tools such as Keyman.
• Certificate Management: Strong knowledge of certificate lifecycle management, including issuance, renewal, and revocation.
• Deep Understanding of Certificate Key Pairs : Expertise in managing and troubleshooting certificate key pairs, including public and private keys.
• Automation of Certificate Management : Ability to automate certificate management processes using tools like Ansible/Custom Scripts.
• Certificate Installation : Installing and configuring certificates using automation tools, ensuring seamless integration with existing systems.
• Inventory Maintenance : Maintaining an accurate inventory of all certificates, ensuring timely renewals and compliance with security policies.
• Certificate Configuration : Configuring and managing SSL/TLS certificates for ISVA/Tomcat servers, ensuring secure communication.
• Automating Certificate Renewals : Developing and implementing automated workflows for certificate renewal to minimize downtime and enhance Security.
• Certificate Discovery and Monitoring : Implementing and managing tools for discovering and monitoring certificates across the network to ensure no certificate goes unnoticed or expires unexpectedly.
• Compliance and Reporting : Ensuring compliance with industry standards and internal policies by generating regular reports on certificate status and usage.
• Incident Response : Developing and maintaining procedures for responding to certificate-related incidents, such as compromised keys or expired certificates.
• Collaboration: Collaborate with stakeholders to gather and understand business requirements and translate them into technical specifications.
• Provide technical guidance and support to team members.
• Ability to work both independently and in various team settings.
• Ability to work under pressure with a strong sense of setting priorities.
• Flexible to accommodate time-zones as teams are geographically dispersed.
• Collaborate with cross-functional teams, including IT, Security, and Compliance, to ensure alignment and integration of security processes within the IAM Platform.

Preferred

• Collaborate with cross-functional teams, including IT, Security, and Compliance, to ensure alignment and integration of security processes within the IAM.
• Experience in Creating/Installing/Renewing and Revoking the Server/Wildcard Certificates.
• Expertise in managing and troubleshooting certificate key pairs, including public and private keys.
• Ability to automate certificate management processes using tools like Ansible/Custom Scripts.
• Ability to provide hands-on support and troubleshooting of the Certificate related issues.

Skills

• Strong Experience in Certificate Management tools like IBM Keyman, Ansible, ISAM, Configuring and Managing SSL/TLS Certificates on ISVA and Tomcat/Apache, Python.

Preferred / Nice to have:

• IBM Security Access Manager Certified Engineer

IAM Tools Certified Engineer

Location:

AT&T is a fair chance employer and does not initiate a background check until an offer is made.

About AT&T Dynamic Defense

AT&T Dynamic Defense™

To learn more about AT&T Dynamic Defense™, click here:

To view SecureIQLab report on AT&T Dynamic Defense™, click here:

About the Role:

Our Dynamic Defense function is seeking for a Cyber Security domain expert for leading and managing a team of 10+ experienced security engineers and programmers in AT&T India that develop and support security services on top of AT&T’s connectivity platforms such as Fiber, Mobility and Internet.

Roles & Responsibilitiesinclude:

• Lead and manage a team of experienced Developers and Network Security engineers who design and certify an intent based network that embeds security into AT&T’s ADI, ASEoD, Fiber and Mobility services, by leveraging our programmable network.
• The leader in this role implement security controls, policies and standards that reduce cyber risks and increase security controls for AT&T’s dynamic defense customers.
• Lead and drive ideation, testing, proof of concept and support for various cyber productization in AT&T's core telecom network.
• Analysis of complex security issues and the development and engineering activities to help mitigate risk.
• Analysis of various hardware and/or software solutions to determine unit cost, efficacy and speed of mitigation.
• Develop policies and procedures to minimize network intrusion, malware events and vulnerability issues for internal and external customers. Applies measures to block malicious code and applications.
• Includes forward looking research, planning and strategy to strengthen our stance against future cyber security threats and enhance our mitigation techniques and technology solutions.
• Areas of work include, but are not limited to: Network security cyber incident Response, cyber product development & testing, cyber risk & strategic analysis, cyber research, cyber awareness & training, cyber vulnerability detection & assessment, cyber intelligence & investigation, cyber networks & systems engineering, cyber security application testing, cyber forensics analysis, cyber software assurance, cyber application development & testing, cyber IoT planning & testing, cyber policy, requirements & standards.
• The leader in this role oversees, manages and supports day-to-day operations, including various projects, tasks and initiatives
• Continuously collaborates with US and India Cyber Security leadership teams and other stakeholders on engineering and operational matters in Dynamic Defense function
• Supports innovation, strategic planning, technical proof of concepts, testing, lab work, and various other technical program management related tasks associated with the designated functional areas.
• The individual in this role interviews and selects employees, maintains proper staffing levels, allocates resources, supervises teams daily operations, productivity, identifies areas for improvement, develops action plans to improve performance, develops teams technical and managerial expertise through on-the-job and formal training opportunities, enforces Company policies, takes necessary disciplinary action, evaluates individual performance for annual performance review, merit increases, promotions and other employment status changes, and conducts long-range planning for the team.

Primary / Mandatory Skills:

Overall – 15+ years of IT experience

• 8+ years of engineering and operationalization experience in the areas of Cyber Security, Network Security
• 7+ years of progressive experience and track record of building successful cyber applications.
• 5+ years of technical team management experience
• Deep understanding of network security dealing with firewalls, routing and switching (such as Juniper router, Cisco routers, Palo Alto Firewall, Juniper SRX Firewall, Cyber risk, Access control lists, BGP route controls and router protection techniques)
• Track record in leading development teams building security tools and applications.
• Deep understanding of network and cyber based attacks and threats
• Deep understanding of Cyber Security frameworks, methodologies, and industry best practices
• Track record of staying current with trends, techniques, tools, and processes that drive improvement of Cyber Security posture
• Ability to asses and articulate risks from a business standpoint.
• Sense of urgency and attention to detail
• Operate in a fast-paced, dynamic, and geographically matrixed teams.
• Flexible to provide coverage in US morning hours
• Information security credentials CISSP, SANS certifications (such as GMON / GCIA / GDSA ), or equivalent
• Demonstrate Analytical Thinking
• Understanding of Business Process Modeling
• Finance and Accounting Financial Forecasting and Modeling
• Proven ability to manage Processes and projects
• Understanding of agile practices
• Team-oriented thinking with demonstrated ability to produce high-quality work
• Bachelors / Masters in Cyber Security and / or Computer Science

Technical Skills: Cyber security, Network Security, Security Engineering and Operations, Product Development

Additional information (if any): Flexible to provide coverage in US morning hours.

Certification: CISSP, SANS certifications (such as GMON / GCIA / GDSA), or equivalent

Time Type:

AT&T is a fair chance employer and does not initiate a background check until an offer is made.

About the Role:

Key Responsibilities:

• Design, build, and sustain secure, high-quality Java applications and REST APIs leveraging Spring Boot and Spring MVC frameworks.
• Construct and execute tests using JUnit to ensure application reliability and integrity.
• Work with MySQL databases, including writing complex queries and optimizing performance.
• Utilize JSP and JQuery for front-end development and dynamic web page creation.
• Troubleshoot and resolve software defects and issues.
• Stay up to date with emerging technologies and industry trends.

Required Skills:

• Overall 12 or more years of hands-on experience in Java/Spring Boot/Spring MVC development.
• Strong knowledge of MySQL database management and query optimization.
• Proficiency in JUnit for unit testing.
• Experience with JSP and JQuery for front-end development.
• Solid understanding of object-oriented programming principles.
• Familiarity with Git, Maven
• Excellent problem-solving skills and attention to detail.
• Strong communication and teamwork abilities.
• Knowledge of RESTful APIs and web services.
• Familiarity with Agile development methodologies.
• Bachelor’s degree in computer science, Information Technology, or a related field.

Desired Skills:

• Understanding of cyber security fundamentals and concepts
• Good understanding of networking protocols such as TCP, IPv4 / IPv6 and others
• Knowledge of scripting languages such as JavaScript, Python and Shell.
• Understanding of cyber security fundamentals and concepts
• Flexible to provide coverage in US morning hours on a need-basis, and as required
• Strong written, verbal and presentation skills
• Experience working in an environment where coordination with multiple teams is essential to success
• Ability to prioritize individual/group work in a high-stress and time-bound environment

Time Type:

AT&T is a fair chance employer and does not initiate a background check until an offer is made.

Job Description:

Perform SAST/SCA/DAST scans using industry vulnerability scannerDAST – Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution.During testing process, tester MUST ensure application is not degraded and/or taken out of service due to scanning activitiesTester must ensure results from scanner are present in VM reporting platforms and visible to approved app usersValidation - Supplier will perform manual validation and false-positive analysis on the automated scan results.Complex application testing and remediation/mitigation recommendation authorTechnical leadership of group of less experienced testers.Adversary based approach to test plan developmentHijack accounts (Does not include social engineering methods)EcoSystem TestingFull Stack review, weakness enumer

Time Type:

AT&T is a fair chance employer and does not initiate a background check until an offer is made.

About the Job:

8+ years

Roles and Responsibilities:

• Responsible for analyzing event data to discover threats and other security issues, patterns and trends.
• Research, analyze and interpret both what is and what is not contained in the security event data.
• Recommend remediation measures for security issues / threats discovered.
• Recommend areas for further study and research pertaining to the observations.
• Serve as an additional point of contact for security issues / events, working with the stakeholders to deliver on the request. This position may sometimes be the primary contact when issues arise outside United States working hours.
• Be proactive and demonstrate the ability to analyze issues, generate ideas, and initiate action while achieving results.
• Effectively manages multiple tasks / projects with close attention to detail and meets short turnarounds and deadlines.

Primary / Mandatory skills:

Overall – At least 8+ years of experience in Cyber Security focused on security / threat research, analysis, and investigation.

• Broad understanding of cyber security fundamentals and concepts
• Hands-on experience with networking protocols such as TCP, IPv4 / IPv6 and others
• Hands on experience in performing research, analysis and investigation using open source and proprietary tools
• Scripting experience (Python and Bash)
• Experience working in an environment where coordination with multiple teams is essential to success
• Ability to prioritize individual/group work in a high-activity and time-bound environment
• Flexible to provide coverage in US morning hours on a need-basis, and as required
• Strong written, verbal and presentation skills

Desirable skills:

• Industry certifications such as CEH, CISSP, SANS and/or other relevant certifications
• Bachelors or Masters in Computer Sciences Engineering
• Experienced in performing Data analysis with JSON
• Experience in Linux command line

Technical Skills:Threat research, analysis and investigation leveraging open source and proprietary tools, TCP, IPv4 / IPv6, Scripting - Python, Bash

Flexible to provide coverage in US morning hours on a need-basis, and as required.

Time Type:

AT&T is a fair chance employer and does not initiate a background check until an offer is made.