AT&T Cybersecurity Consultant 3 - Incident Response and Forensics in Topeka, Kansas
As the largest communications company in the world, more than 120 million customers count on us every day to deliver the wireless, Internet, data and advertising services that fuel their businesses and connect them to their world. You will find yourself connecting communications and technology with opportunities that will take you to places you never imagined.
What does it take to join us? We demand exceptional skills in your discipline and a real dedication to being the best.
After all, we're asked to keep AT&T profitable and on the cutting edge, and at the same time, build on more than a century of innovation and success. We are a world leader in communications and entertainment, and we plan to keep on growing.
AT&T Security Consulting Group is seeking an expert and experienced Senior Consultant to provide Incident Response and Forensic (IRF) Trusted Advisor services to AT&T’s US and global clients. Key services include: Cybersecurity Incident and Breach Response, forensic analysis of compromised assets, malware reverse engineering, and ultimately identification and remediation of compromised assets.
Key Roles and Responsibilities:
Collaborates with and provides consulting services to clients in a trusted advisor role.
Works on billable consulting service projects.
Works independently on complex projects or works in a team as a project leader.
Provides advisory assessments in relation to cybersecurity breach prevention.
Conducts gap assessments and provides actionable recommendations to remediate shortcomings.
Documents findings and recommendations in Remediation Roadmaps.
Manages aspects of delivery, customer satisfaction, and accurate timekeeping for billing purposes on projects where the consultant is the only technical resource or lead technical resource.
Participates in group discussions to further knowledge in the IRF practice and provides peer review of deliverables.
In a sales support role, meeting with customers as an IRF SME in support of sales team.
Support in identifying additional sales leads on assigned projects and beyond.
Attending sales conference calls or client meetings, support in scoping and developing SOWs/proposals.
- Bachelor’s degree desired or equivalent experience and a minimum of five (5) years of enterprise security related work experience. Master’s Degree in a technical discipline preferred.
Demonstrated expert understanding of the life cycle of network threats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures.
In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform.
Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, and common security elements.
Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g. NetFlow, Full Packet Capture), and other attack artifacts in support of incident investigations.
Experience and proficiency with any of the following: Anti-Virus, HIPS, IDS/IPS, Full Packet Capture, Host-Based Forensics, Network Forensics.
Experience with malware analysis concepts and methods.
Familiarity or experience in Cyber Kill Chain methodology.
Knowledge of Virtualization and Cloud security.
Knowledge of Linux, UNIX, Windows (including Active Directory) and other operating systems.
Knowledge of popular databases such as MSSQL, Oracle, and MySQL.
Must be a flexible team player, hard-working, and possess excellent communication and customer-facing skills.
Must be self-directed, able to manage solo projects or participate as part of a larger team.
Strong report writing skills and ability to explain complex security issues to customers in a formal presentation format.
Must be able to interact confidently with all levels of technical and management client teams.
One Security certification such as CISSP, CISA, CISM, PCI QSA, CEH, SANS GSEC, etc., is required and willingness to pursue further certification preferred.
Ability to travel 50%-75%, mostly within region, must possess drivers’ license.
Knowledge and experience with risk and compliance assessments.
SCADA / Control systems network experience a plus.
VoIP Infrastructure knowledge a plus.
Bi-lingual candidates a plus.