Sr Specialist Cybersecurity - Breach and Attack Simulation (BAS) Engineering

Job Description:

About the Company:

At AT&T, we’re connecting the world through the latest tech and top-of-the-line communication. Our groundbreaking digital solutions provide intuitive and integrated experiences for millions of customers across online, retail and care channels. Join our mission to deliver compelling communication experiences to customers around the world as we continue to evolve as a technology-powered, human-centered organization. As part of our team, you’ll transform the way we deliver a seamless customer experience with digital at the center of all you do. In our world, digital is much larger than just an eCommerce channel, we are transforming all channels to digitally perform as one team to create a better customer experience. As we move into 2025, the digital transformation will revolutionize the digital space and you can build a career that will propel your future.

About the Job:

The Senior Specialist Cybersecurity in this role will be responsible for analyzing Breach and Attack Simulation (BAS) findings and associated logs, alerts, and events against enterprise security controls such as web application firewall, proxy, firewall, endpoint detection and response, and data loss prevention and recommending remediation activities and identifying control gaps.

The professional in this role will collaborate with senior analysts and security control owners to validate finding remediations and collaboratively design solutions to fill discovered security control gaps. This role will also have responsibility for developing new use cases for the breach and attack simulation program and deployment of simulators to cover those use cases.

Experience Level: 8+ years

Location: Hyderabad /  Bengaluru

Responsibilities Include:

The overall objectives and responsibilities for this position are to:

• Maintain, Update, schedule, and run breach and attack simulations
• Analyze and interpret breach and attack simulation results
• Identify security control shortfalls, validate log/alerting flows, and prioritize vulnerability remediation efforts by exposure and business criticality
• Stay current with emerging threats and work with vendor to ensure simulations exist for emerging threats
• Work with security control owners to guide breach and attack finding remediation and retest after remediation
• Make recommendations for security posture improvements based on analysis of breach and attack simulation trends
• Work with senior analysts and leadership to develop relevant BAS dashboards to represent program value
• Quantify risk reduction due to breach and attack simulation program
• Leverage APIs and automation techniques to integrate BAS with other security tools
• Maintain awareness of threat landscape to drive BAS scenarios and inform defense strategies

Required skills:

• Overall – At least 8+ years of cyber security experience, with a focus on breach and attack simulation or other offensive security discipline.
• Offensive security skills such as penetration testing or vulnerability assessment
• Cybersecurity fundamentals: Understanding and experience in application of security best practices and fundamentals as well as familiarity and hands on experience with common security controls such as firewalls, intrusion detection and prevention, web application firewall, endpoint security, data loss prevention, and web proxies.
• Networking fundamentals: Understanding and hands on experience with networking technologies such as network addressing, routing and routing protocols, and LAN technologies.
• Cloud fundamentals: Understanding of cloud fundamentals as well as hands on experience working within cloud environments as well as deploying cloud components
• Basic Systems: Familiarity with common operating systems such as Windows, MacOS and Linux and experience in basic administrative tasks such as OS native security controls, networking, and patch management
• Experience in security operations environment responding to alerts and incidents.
• Experience presenting security issues and business impact clearly.
• Ability to communicate security findings well in terms of risk
• Ability to communicate value of the program in terms of return on investment/business value
• Experience working in an environment where coordination with multiple teams is essential to success.
• Ability to prioritize individual/group work in a high-activity and time-bound environment.
• Flexible to provide coverage in US morning hours on a need-basis, and as required.
• Strong written, verbal and presentation skills

Desirable skills:

• Bachelor’s degree in computer science, information systems, cybersecurity or engineering disciplines or equivalent experience preferred
• Relevant certifications (e.g., OSCP, CISSP, SANS GIAC)
• System integration via API
• Systems automation using scripting and programming

Weekly Hours:

Time Type:

Location:

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities.