Logo
T-Mobile

Sr Cybersecurity Engineer - Detection Engineering

T-Mobile, Bellevue, Washington, us, 98009


Be unstoppable with us! T-Mobile is synonymous with innovation-and you could be part of the team that disrupted an entire industry! We reinvented customer service, brought real 5G to the nation, and now we're shaping the future of technology in wireless and beyond. Our work is as exciting as it is rewarding, so consider the career opportunity below as your invitation to grow with us, make big things happen with us, above all, #BEYOU with us. Together, we won't stop! The Detection Engineering Sr. Engineer is responsible for continually improving T-Mobile's security detection capabilities while ensuring suspicious/malicious activity is identified quickly and accurately (protecting T-Mobile customers and employees). They will work with all teams within security operations to ensure that T-Mobile is protecting its customers and employees. They will work with multiple technologies and data sets to build security detection frameworks. (i.e. SIEM, EDR, Network Monitoring, etc.). The best candidate for the role should have a strong comprehension of detection techniques, tactics, and procedures while understanding the needs of an incident response team. This individual must be driven, work well with other people and have strong verbal and written communication skills Job Responsibilities Play a vital role in designing and building a comprehensive threat detection program Work with partners throughout security and engineering to develop and improve threat detection logic, enhance response capabilities, and deploy new tools Identify active threats to T-Mobile system environments including T-Mobile.com, corporate networks, third party services, and individual user endpoints Threat Modeling / Hunting Inform log ingestion requirements for threat detection use case development Research of new attack techniques in order to improve detection logic. Creating custom logic, detection rules, and alerts to identify suspicious patterns and activity. Security Detection Lifecycle Management (Maintain, tune, deprecate, etc.) Develop content to improve detective capabilities in Security tooling (SIEM, EDR, etc.) Work with IR teams to respond to security incidents promptly A champion for process, recommending tool, software development, or infrastructure changes to improve or enhance security Lead small to medium sized projects as advised (taking ownership while developing/driving a solution to its full value/completion) Develop and deliver metrics Participate in Cyber Incident Response Team rotation that may involve non-traditional working hours Education Bachelor's Degree Computer Science or Information Technology or equivalent experience Work Experience 4+ years' Experience in cybersecurity related field 3+ years of supporting/driving security related projects/tasks (taking ownership while driving a solution to its full value/completion) Authority (SME) in multiple security domains Experience with incident handling (investigating/supporting/assisting/etc) Experience Threat Modeling Experience with high level design architecture, security technologies, Networking, web services and SOA. Understanding of encryption, obfuscation, tokenization technologies Preferred Experience 2+ years of detection engineering experience 5+ years of cyber security operations experience SME level knowledge of a SIEM (Splunk, Azure Sentinel, QRadar, etc) 2+ years of experience w/cloud related technologies (Azure, AWS, GCP, etc.) Strong analytic and problem-solving skills Aim to identify known and unknown threats and attacks Programming/Scripting languages such as Python, etc. Knowledge, Skills and Abilities Knowledge of Machine Learning Concepts and Capabilities Proficiency in multiple Operating Systems (Ex. Linux, Windows, Mac, etc.) Familiarity with regular expressions and data normalization techniques Knowledge of Cy