Vulnerability Risk Lead - Applications Security

This position requires office presence of a minimum of 5 days per week and is only located in Dallas, Texas or Charlotte, North Carolina. No relocation is offered. AT&T will not hire any applicants for this position who require employer sponsorship now or in the future.

Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won't just imagine the future-you'll create it.

As a Technology Risk: Vulnerability Management & Application Security Domain Lead, you will be responsible for overseeing the end-to-end Technology Risk Management Lifecycle within the Vulnerability Management & Application Security domains, this pivotal role collaborates closely with the respective teams, with a particular emphasis on application security and infrastructure vulnerability management. You will be tasked with identifying and assessing risks in these areas, working with stakeholders to develop and implement effective controls, and ensuring the thorough execution of the issues management lifecycle. Additionally, you will provide strategic risk management guidance aimed at strengthening the organization's overall security posture. This is an Individual Contributor position with no direct reports.

What You Will Do:

• Identify, assess, and document controls and risks across Vulnerability Management & Application Security activities, maintaining a proactive approach to emerging threats and vulnerabilities.
• Continuously evaluate emerging AI security threats and proactively recommend mitigations and enhancements to existing controls.
• Drive efforts around Issues Management and Remediation in line with the Technology Risk Management program.
• Partner with and advise key stakeholders across technology, business, and risk partners to identify, assess, respond, and monitor key risks to keep AT&T and our customers safe and resilient.
• Support Tech Risk teams responsible for risk monitoring, periodic controls testing, evidence collection, remediation, and audit readiness efforts.

What You Will Bring:

• Preferred Bachelor's Degree in Information Systems, Engineering, Cyber Security, or a related field.
• 5+ years of work experience in technology, operational risk management, or a related discipline at a global company.
• Significant (5-7 years) experience in multiple industry risk, control, and governance disciplines (e.g., Audit, Information Security, Regulatory Compliance).
• Proven experience in vulnerability management and application security, including identifying, assessing, prioritizing, and remediating vulnerabilities in complex environments
• Strong understanding of AI-specific threats (e.g., adversarial attacks, model theft, data poisoning) and practical experience in mitigating these risks within enterprise environments.
• Strong experience in Information security risk and cybersecurity control capabilities with extensive knowledge of information and technology risk management policies, methods, standards, tools, and processes (e.g., ISO, COSO, COBIT, NIST) as well as knowledge of compliance, legal, internal/external audit, and regulatory requirements.
• Experience identifying, tracking, monitoring, and remediating critical non-compliance issues throughout the issue management lifecycle.
• Strong client relationship management experience, communication, and influencing skills.
• Strong interpersonal and oral/written communication skills, able to build relationships with people at all levels.

This position requires office presence of a minimum of 5 days per week and is only located in Dallas, Texas or Charlotte, North Carolina. No relocation is offered. AT&T will not hire any applicants for this position who require employer sponsorship now or in the future.

Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won't just imagine the future-you'll create it.

As a Technology Risk: Vulnerability Management & Application Security Domain Lead, you will be responsible for overseeing the end-to-end Technology Risk Management Lifecycle within the Vulnerability Management & Application Security domains, this pivotal role collaborates closely with the respective teams, with a particular emphasis on application security and infrastructure vulnerability management. You will be tasked with identifying and assessing risks in these areas, working with stakeholders to develop and implement effective controls, and ensuring the thorough execution of the issues management lifecycle. Additionally, you will provide strategic risk management guidance aimed at strengthening the organization's overall security posture. This is an Individual Contributor position with no direct reports.

What You Will Do:

• Identify, assess, and document controls and risks across Vulnerability Management & Application Security activities, maintaining a proactive approach to emerging threats and vulnerabilities.
• Continuously evaluate emerging AI security threats and proactively recommend mitigations and enhancements to existing controls.
• Drive efforts around Issues Management and Remediation in line with the Technology Risk Management program.
• Partner with and advise key stakeholders across technology, business, and risk partners to identify, assess, respond, and monitor key risks to keep AT&T and our customers safe and resilient.
• Support Tech Risk teams responsible for risk monitoring, periodic controls testing, evidence collection, remediation, and audit readiness efforts.

What You Will Bring:

• Preferred Bachelor's Degree in Information Systems, Engineering, Cyber Security, or a related field.
• 5+ years of work experience in technology, operational risk management, or a related discipline at a global company.
• Significant (5-7 years) experience in multiple industry risk, control, and governance disciplines (e.g., Audit, Information Security, Regulatory Compliance).
• Proven experience in vulnerability management and application security, including identifying, assessing, prioritizing, and remediating vulnerabilities in complex environments
• Strong understanding of AI-specific threats (e.g., adversarial attacks, model theft, data poisoning) and practical experience in mitigating these risks within enterprise environments.
• Strong experience in Information security risk and cybersecurity control capabilities with extensive knowledge of information and technology risk management policies, methods, standards, tools, and processes (e.g., ISO, COSO, COBIT, NIST) as well as knowledge of compliance, legal, internal/external audit, and regulatory requirements.
• Experience identifying, tracking, monitoring, and remediating critical non-compliance issues throughout the issue management lifecycle.
• Strong client relationship management experience, communication, and influencing skills.
• Strong interpersonal and oral/written communication skills, able to build relationships with people at all levels.

• 

• Government Careers