At T-Mobile, we invest in YOU! Our Total Rewards Package ensures that employees get the same big love we give our customers. All team members receive a competitive base salary and compensation package - this is Total Rewards. Employees enjoy multiple wealth-building opportunities through our annual stock grant, employee stock purchase plan, 401(k), and access to free, year-round money coaches. That's how we're UNSTOPPABLE for our employees! Position summary T-Mobile is America's supercharged Un-carrier, delivering an advanced 4G LTE and transformative nationwide 5G network that will offer reliable connectivity for all. Senior Engineers, Cybersecurity located in Bellevue, WA will protect our network and ensuring the security of our customers' information. Position duties and responsibilities include, but are not limited to: Monitor T-Mobile's network and systems for security events and incidents, utilizing cutting-edge tools and technologies. Conduct thorough analysis of security alerts to identify potential threats and assess their impact on our operations. Develop and execute incident response plans, working swiftly to contain and mitigate cybersecurity incidents. Partner with internal teams and external stakeholders to investigate security breaches and implement effective remediation strategies. Communicate regularly with leadership and other stakeholders to provide updates on incident response efforts and recommend proactive measures for risk mitigation. Document incident findings, analysis, and response actions in accordance with T-Mobile's policies and regulatory requirements. Contribute to the enhancement of T-Mobile's incident detection and response capabilities through continuous improvement initiatives and knowledge sharing. Ability to work tickets, escalations, and respond to queries from a dedicated mailbox. This is a full time role that operates on a continuous shift model. Working shifts will vary and will include mornings, nights, and weekends. Telecommuting is permitted, but applicants must live within a reasonable commuting distance. No additional national or international travel is anticipated. Skill requirements: (1) Performing analysis of log files from a variety of sources, including endpoint logs, network traffic logs, firewall logs, Anti-virus logs, cloud tool logs, and intrusion prevention logs. (2) Conducting investigations on malicious activity across networks and assets using security tools and technologies including ArcSight, Splunk, Symantec, and Checkpoint, and completing triages and in-depth logs analysis to secure environments and remediate any issues. (3) Triaging phishing/malware emails and performing necessary containment steps to protect enterprise assets and email accounts using the Microsoft O365 tool. (4) Utilize deep knowledge and understanding of SIEM technologies including Splunk for real-time detection/response for any potential cyber security alerts across the Enterprise and building Splunk dashboards to provide a detailed look at any kind of threats that the enterprise may have faced over time. (5) Demonstrating in-depth knowledge and understanding of the MITRE ATT&CK framework tactics and techniques utilized by adversaries, in different phases of an attack such as Reconnaissance, Persistence, and Lateral Movement in order to detect potentially malicious activity in an enterprise. (6) Authoring, updating, and peer-reviewing knowledge base articles for the Security Operational Centre (SOC) process and for security tools including firewall, Anti-virus, and Security management tools. Experience and education requirements: PRIMARY REQUIREMENTS: Master's degree in Information Systems Technologies, Cyber Security, or related, and 1 year of relevant work experience. ALTERNATIVE REQUIREMENTS: Bachelor's degree in Information Sys