Responsibilities:
• Partner with telecommunications operations and Engineering teams and cybersecurity analysts and cybersecurity engineers to analyze the critical telecommunications and business infrastructures
• Analyze and document the physical and logical interdependencies between the infrastructure environments consisting of compute components (processors, RAM, etc.), storage (SAN, NAS, etc.), internetworking components (routers, switches, firewalls, etc.), wireless/mobile networking components (Public Switched Telephone Network (PSTN), Mobile Switching Center (MSC), Base Station (BS), Radio Access Network (RAN), etc.), software (operating systems, applications, databases.) and operational protocols.
• Build diagrams depicting the environments, physical and logical boundaries, logical data flows, intersystem call flows, communications and operational protocols, trusted and untrusted zones, operational, administrative and maintenance interconnections, etc.
• Analyze the key cybersecurity domains and controls of the environments (access management, data protection, logs capture, firewall rules, internal and external network access and visibility, etc.) to determine alignment with Telecommunication security policies and to identify potential security weaknesses.
• Apply fundamental threat modeling techniques and integrate threat intelligence resources to analyze the environments and identify and document threats and vulnerabilities.
• Partner with engineering and operations teams and cybersecurity analysts and cybersecurity engineers.
• Develop assessment reports and review the findings with relevant teams across Telecommunication

Required Qualifications:
Qualifications

• Extensive knowledge and hands-on experience in the implementation and operations of computing, storage, internetworking technologies and wireless/mobile technologies.
• In-depth knowledge of cybersecurity domains as defined in the CISSP Body of Knowledge (BOK)
• Multi-year experience conducting threat modeling, interdependency modeling and threat analysis in a large-scale computing/networking environment (e.g. large enterprise, cloud computing, wireless/mobile operator environments)
• In-depth working knowledge and experience using multiple threat modeling and threat rating techniques (STRIDE, DREAD, P.A.S.T.A., Trike, VAST, etc.)
• Working knowledge of threat modeling tools (e.g. Microsoft Threat Modeling Tool, MyAppSecurity, Threat Dragon, IriusRisk, etc.)
• Experience researching and utilizing open source, government and commercial threat intelligence resources
• Highly proficient in the use of diagramming (CAD) software including MS-Visio, Mind Mapping tools, MS-PowerPoint, MS-Excel, etc.
• Ability to develop partnerships across Telecommunication teams to gain consensus and support for the interdependency mapping and threat modeling initiatives
• Excellent communication and interpersonal skills
• Exceptional report writing and presentation skills
• Highly self-motivated and directed
• Analytical thinker with excellent attention to detail
• Maintain unquestionable standard of integrity and confidentiality
• Keen learner with a commitment to presenting high quality deliverables within agreed timescales
• Previous leadership experience is a plus.
• Knowledge of security controls, federal and compliance regulations (e.g. NIST, CIS, SOX, PCI & CPNI) is a plus.

Education:
Minimum Required

• Bachelor Degree in Computer Science, Information Technology or related area of study.
• Certifications combined with relevant work experience may be substituted for education requirements.

License or Certification:
• CISSP and/or CISA/CISM certification a plus

Location:
• Shared time between Telecommunication Bellevue and Snoqualmie campuses
×