
Telecom Security Expert (R&D/GRC/SOC)
Subject expert in telecom security domain with deep knowledge of telecom network architecture and operations. Perform security architecture assessment, vulnerability assessment and penetration testing, telecom application security assessment, threat use case development & automation for telecom networks.
Main Responsibility Areas:
- Subject matter expert in telecom security
- Telecom security architecture assessment
- Telecom protocols & application security
- Threat use case development and automation
- Security process design & improvemen
Key Tasks:
- Perform telecom security architecture assessment for 2G/3G/4G/5G networks
- Perform vulnerability assessment and penetration testing of telecom protocols, application and network elements
- Perform impact/risk assessments, prepare vulnerability assessment reports and provide remediation strategies/solutions for telecom
- Execute and maintain network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
- Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Understand and interact with related disciplines to ensure the consistent application of policies and standards across all Security Governance, Risk & Compliance Management Services.
- Support in preparing authorization and assurance documents to confirm that the level of risk is within acceptable limits for each application, system, and network.
- Implement plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Key Competencies:
- Knowledge of telecom network architectures including 4G & 5G
- Deep understanding of telecom operation and protocols such as SIP, RTP, GTP, SS7, Diameter, TCP, HTTP2
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Advance user of Linux operating system with the ability to build packages from source code
- Skilled in scripting languages such as Python
- Skilled in Vulnerability Management, Penetration Testing principles, Secure configuration and Application Security tools, and techniques.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITU.Tx.805 ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
- Knowledge and understanding of relevant legal and regulatory requirements e.g. Country specific telecom security conditions, CII (Critical Information Infrastructure) regulations etc.
Experience & Certification:
- 8 to 15 years of total experience
- Minimum 5 years of recent and relevant experience
- Security Certifications (Active certification preferred)
- OSCP (Offensive Security Certified Professional)
- CEH (Certified Ethical Hacker)
- CompTIA PenTest+
- Degree in computer, electrical, software, or systems engineering, graduate degree preferred