Job Description :
Title: Cybersecurity Analyst: Telecom Interdependency Mapping and Threat Modeling
Location: Bellevue and Snoqualmie campuses
Duration: 6 to 12 Months

Overview: Do you have a passion for cybersecurity? Are you knowledgeable in mobile networking (3G, 4G, 5G) technologies? Are you intrigued with network communications? Do you enjoy investigating how systems communicate with each other, the interdependencies between systems and mapping out the critical communication flows? Then we have an opportunity for you to join our team of expert cybersecurity analysts and engineers who help secure T-Mobile’s critical telecommunications and business infrastructures.

We are looking for an experienced cybersecurity analyst to partner with internal T-Mobile Telecommunications Operations and Engineering teams and our 3rd party partners to analyze the systems interdependencies and communication flows and build interdependency diagrams/maps and threat models to identify potential vulnerabilities and threats to our unique telecommunications environment.

Responsibilities
Partner with telecommunications operations and Engineering teams and cybersecurity analysts and cybersecurity engineers to analyze the critical telecommunications and business infrastructures
Analyze and document the physical and logical interdependencies between the infrastructure environments consisting of compute components (processors, RAM, etc, storage (SAN, NAS, etc, internetworking components (routers, switches, firewalls, etc, wireless/mobile networking components (Public Switched Telephone Network (PSTN), Mobile Switching Center (MSC), Base Station (BS), Radio Access Network (RAN), etc, software (operating systems, applications, databases and operational protocols.
Build diagrams depicting the environments, physical and logical boundaries, logical data flows, intersystem call flows, communications and operational protocols, trusted and untrusted zones, operational, administrative and maintenance interconnections, etc.
Analyze the key cybersecurity domains and controls of the environments (access management, data protection, logs capture, firewall rules, internal and external network access and visibility, etc to determine alignment with T-Mobile security policies and to identify potential security weaknesses.
Apply fundamental threat modeling techniques and integrate threat intelligence resources to analyze the environments and identify and document threats and vulnerabilities.
Partner with engineering and operations teams and cybersecurity analysts and cybersecurity engineers.

Required Qualifications:
Extensive knowledge and hands-on experience in the implementation and operations of computing, storage, internetworking technologies and wireless/mobile technologies.
In-depth knowledge of cybersecurity domains as defined in the CISSP Body of Knowledge (BOK)
Multi-year experience conducting threat modeling, interdependency modeling and threat analysis in a large-scale computing/networking environment (e.g. large enterprise, cloud computing, wireless/mobile operator environments)
In-depth working knowledge and experience using multiple threat modeling and threat rating techniques (STRIDE, DREAD, P.A.S.T.A., Trike, VAST, etc
Working knowledge of threat modeling tools (e.g. Microsoft Threat Modeling Tool, MyAppSecurity, Threat Dragon, IriusRisk, etc
Experience researching and utilizing open source, government and commercial threat intelligence resources
Highly proficient in the use of diagramming (CAD) software including MS-Visio, Mind Mapping tools, MS-PowerPoint, MS-Excel, etc.
Ability to develop partnerships across T-Mobile teams to gain consensus and support for the interdependency mapping and threat modeling initiatives
Excellent communication and interpersonal skills
Exceptional report writing and presentation skills
Highly self-motivated and directed
Analytical thinker with excellent attention to detail
Maintain unquestionable standard of integrity and confidentiality
Keen learner with a commitment to presenting high quality deliverables within agreed timescales
Previous leadership experience is a plus.
Knowledge of security controls, federal and compliance regulations (e.g. NIST, CIS, SOX, PCI & CPNI) is a plus.