AT&T Senior-Technology Security in Atlanta, Georgia
The selected candidate will have an emphasis on cyber intelligence and work as a member of the security analysis team on a project that analyzes network log data for security relevant events using a variety of network-data processing platforms and tools.
The candidate will be working with a threat intelligence platform to not only extract relevant IOC’s but also identify and incorporate new threat intelligence sources into this platform. Candidate will work in a collaborative manner with other analysts to identify security events, characterize events, provide recommendations for remediation of those events, and define analytical methods to automate the analysis. The candidate will perform ad-hoc analytical processing on a variety of network data feeds, system processed data derivatives (metadata), automated system alerts, open source information, collaboration with other analysts, and collaboration with outside organizations. This analysis will require knowledge in some of the newest areas of security including Cloud technology, Big Data environments, Mobility, and Advanced Persistent Threats. Some aspects of the analysis may require use of deep packet inspection packet analysis.
The selected candidate will be responsible for reporting findings in written and verbal form. Results of analysis will be used to inform management, notify affected customers, advise network operations, and advise network engineering on security issues as well as recommended remediation and solutions. The candidate will also work with researchers to help define algorithms for automation of ad-hoc analysis methods and will work with the analysis platform engineering and development team to help define automated processing reports and alerts for automation of ad-hoc processes.
The overall objectives and responsibilities for this position are to:
·Foster the growth of AT&T’s cyber threat intelligence practice
·Coordinate with peer, cross-industry, and government community groups
·Assist in orchestration of regular security response exercises in preparation of potential threats
·Improve and enhance incident response procedures, processes, and practices
·Participate in periodic after-hours security incident escalation rotation and be available for critical incidents within the enterprise
·Serve as a role model and mentor. Including coaching, on-the-job and formal training, reference materials, procedures and system documentation.
Understanding of core Internet protocols (TCP/IP; DNS; SMTP; HTTP)
Understanding of enterprise grade technologies (including operating systems, networking, databases, web applications, cloud, big data, and mobility)
Strong understanding of network security threats including APT, botnets, Distributed Denial of Service (DDoS) attacks, worms, and network exploits
Analytical skills for working with large volumes of data including data reduction, aggregation. This includes working in a Big Data environment
Packet analysis using tools such as Wireshark, NetWitness, and/or Niksun
Programming skills in a UNIX processing environment is a plus. Such as data manipulation techniques using shell (ksh, bash), [g]awk, Python, C, regex, Snort, and MySQL.
Understanding of statistical and aggregation methods to derive meaningful and accurate analysis results is a plus
Excellent written and verbal communications skills
Excellent team work skills for collaboration on analysis techniques, implementation, and reporting
BA/BS degree in Computer, Engineering, or related technical field
Possession of a United States government security clearance desired (if no security clearance currently held, the candidate must be willing and able to apply for a security clearance)
AT&T is an Affirmative Action/Equal Opportunity Employer, and we are committed to hiring a diverse and talented workforce. EOE/AA/M/F/D/V