This Manager, Cybersecurity leads the T-Mobile USA (TMUS) Vulnerability Management, Scanning Infrastructure, Platform Engineering & Operations function within the Vulnerability Management organization, and reports to the Senior Manager, Vulnerability Management. In this role, you will oversee a 24x7 function and team comprised of full-time employee individual contributors, managed services, and external partners. The functions you will lead include operating and maintaining T-Mobile's vulnerability scanning infrastructure, as well as coordinating vulnerability response and remediation tasks with partner and vendor teams.
What you'll do in your role.
As T-Mobile's Vulnerability Scanning leader, you will:
- Build and mentor high performing team with a passion for creating positive culture founded on integrity and equity
- Develop and implement the TMUS Vulnerability Management vision, strategy, road map, and operations playbooks in partnership with appropriate teams across technology and business units
- Serve as the escalation point and executive liaison for major or high-profile vulnerability prevention and remediation, including validation of likelihood/impact, coordinating plans, facilitating information sharing, and reporting
- Provide timely and relevant updates to appropriate leaders and decision makers
- Manage third party contracts and engagements
- Establish meaningful measures and metrics for team performance and SLAs/OLAs
- Apply demonstrated practical and management experience to optimization of processes and tools for vulnerability scanning and vulnerability remediation services
- Facilitate operational decisions to mobilize staff to triage and facilitate remediation of discovered vulnerabilities
The experience you'll bring.
- A deep understanding of cyber-security threats, vulnerabilities, controls and remediation strategies in global enterprise environments
- An ability to communicate complex and technical issues to diverse audiences, verbally and in writing, in an easily-understood, authoritative, and actionable manner
- Strong organizational skills with ability to handle multiple high visibility issues simultaneously
- Extremely organized, with strong project and resources capacity management experience
- Federal and industry regulations understanding (e.g. PCI, SOX, CPNI, ISO)
- Fluent in common cybersecurity domains such as data protection, access control, encryption, identify management, security operations, application security, penetration tests, endpoint security, vulnerability management, threat intelligence, risk assessments
- Detail oriented, results driven, fast learner
- 5+ years in large enterprise Cyber Security Operations, with understanding of security fundamentals and common vulnerability frameworks, leading practices, and practical experience leading similar programs
- 5+ years of technical experience, preferably with broad exposure to technologies related to wireless services, networking, and application development
- 2+ years managing a team of full-time direct reports, responsible for your team's employee development, performance evaluations and coaching
- Experience implementing and operating vulnerability scanning tools (Tenable, Qualys, etc.)
- Experience with large scale and complex security threats of various types, such as Advanced Persistent Threats, DDoS, insider, web and mobile applications, data ex-filtration etc.
- BA/BS in Engineering, Computer Science, Information Security, or Information Systems
- Knowledge of Mitre ATT&CK and the cyber kill chain frameworks
- Scripting/programming skills (e.g., Python, Ruby, Java, JS, etc.)
- Network and web-related protocol knowledge (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- CISSP, CISM certifications or equivalent