Seeking Active QSA’s immediately – Yes we ROC!
AT&T Security Solutions is a division of AT&T (a Fortune Global Top 10 company).
AT&T is looking for an information security practitioner with technical experience for the position of a Senior Consultant to be a part of a dynamic team of experienced security professionals with
varied experiences. Candidate must be skilled in Secure Infrastructure Services such as network
penetration testing, device configuration review, and secure architecture reviews. AT&T Security
Consulting clients range from some of the largest companies in the world to small businesses requiring
security consulting expertise.
Key functions of this role will be to work on security and privacy consulting engagements for our
customers. Successful candidates will have demonstrated experience in security consulting and will
have an understanding of the business-technology interface; they will be able to understand business
environments/issues and have the ability to link them to technology at a high level. Experience with
network penetration testing is required. Technical security knowledge and experience with compliance
assessments such as PCI-DSS and ISO 27002 will be given preference.
• Bachelors degree in Computer Science or related fields, Masters Degree preferred
• A minimum of four years of Information Security consulting experience required
• Very good understanding of security operation & management in a large customer environment
• Must be a flexible team player, hard-working, and posses excellent communication and customer-
• Must be self-directed, able to manage solo projects or participate as part of a larger team
• Strong report writing skills and ability to explain complex security issues to customers in a formal
presentation format required
• Creativity in finding cost-effective remediation solutions acceptable to our clients
• Must be able to interact confidently with all levels of technical and management client teams
• One Security certification such as CISSP, CISA, CISM, PCI QSA, CEH, SANS GSEC, etc., is required and
willingness to pursue further certification preferred.
• Ability to travel, mostly within region, must possess drivers’ license
• Knowledge and experience with risk and compliance projects dealing with a variety of regulatory
and voluntary compliance standards such as: PCI-DSS, ISO 27000 series, federal and state security
and privacy regulations, HIPAA/HITECH, HiTrust, GLBA, SOX 404,etc. preferred
• Strong technical problem / resolution skills required
• Knowledge and experience with technical network and host-based security required.
• Mid to advanced level infrastructure or security design capabilities for environments that include 10
to 20 security devices, processes or applications.
• Mid to advanced level systems administration (UNIX/Linux, Windows, or mainframe)
• Knowledge with different application architectures and platforms, their development challenges,
their control configurations, and their inherent security strengths and weaknesses (e.g., ColdFusion,
J2EE, .Net) preferred
• Mid to advanced level network administration (firewalls, IDS/IPS, network architecture)
• Mid to advanced level knowledge of Penetration testing (network, system and application) required
• Mid to advanced level knowledge of one or more of the following preferred:
o Vulnerability scanning
o Application development
o Policy development
o Security event monitoring
• Vendor certification or demonstrable in-depth technical expertise with at least three major security
o Examples Only: Symantec, McAfee, VeriSign, Juniper, Checkpoint, Cisco, Arcsite, Tripwire,
o Demonstrable experience includes being able to gather customer requirements, design a
solution, specify a build of materials, implement, tune/optimize, maintain or troubleshoot at
an architecture component level for an existing solution
• Knowledge and experience with risk and compliance assessments
• Familiar with retail information security challenges a plus
• Bi-lingual candidates a plus