Sr Analyst, Enterprise Info Security

As America’s Un-carrier, T-Mobile US, Inc. (NYSE: TMUS) is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The company’s advanced nationwide 4G and 4G LTE network delivers outstanding wireless experiences for customers who are unwilling to compromise on quality and value. Based in Bellevue, Wash., T-Mobile US operates its flagship brands, T-Mobile and MetroPCS. It currently serves approximately 58 million wireless subscribers and provides products and services through 70,000 points of distribution.T-Mobile’s PCI Security Analyst will own the processes to validate the coverage and configuration of the core security solutions required by the PCI DSS

This position will advise on proposed security tool and process changes that could impact PCI DSS compliance, determine and monitor the scope and scale of security testing and tools that support PCI DSS compliance, ensure that security and technology teams have prepared appropriate evidence for the annual PCI DSS assessment, and monitor the progress of any follow-up activities for the following areas:

  • Penetration Testing
  • Vulnerability Scanning
  • Anti-virus and Malware
  • Application Code Scanning
  • Configuration Management
  • File Integrity Monitoring
  • Multi-Factor Authentication
  • Encryption and Key Management


  • 5-10 years IT security orIT security infrastructure experience
  • Intermediate knowledge of all requirements of the PCI DSS v3.x, other significant PCI SSC guidance, and card security and compliance requirements from the major card brands
  • Intermediate knowledge of three or more of the following technical areas: network segmentation, encryption and key management, tokenization, anti-virus and malware, secure system development, vulnerability management, penetration testing, and file integrity monitoring
  • Able to scope, interpret, and prioritize both application and network vulnerability test results
  • Experience with project management (planning, organizing, and managing resources to bring about the successful completion of specific project goals and objectives)
  • Ability to identify problems, analyze data and present conclusions effectively
  • Experience with penetration testing or vulnerability management preferred
  • Strong verbal, written and presentations skills
  • Industry Certifications (PCI QSA/ISA/PCIP or CISSP/CISM/CRISC/CEH) preferred

In this position you will take lead on:

  • Supporting the completion of the annual PCI DSS Report on Compliance
  • Managing and communicating key compliance milestones for critical systems and complex processes
  • Working with security operations, application support, and architecture teams to ensure the PCI DSS compliance of complex branded payment acceptance and payment card servicing processes
  • Scoping both application and network vulnerability tests and penetration tests
  • Interpreting and prioritizing both application and network vulnerability test and penetration test results
  • Driving necessary system and process updates based on testing and assessment results
  • Facilitating interaction between technology teams and T-Mobile’s PCI DSS Qualified Security Assessor (QSA)
  • Working closely with cross-functional teams and developing strong liaison relationships
  • Staying current with new and evolving security topics and technologies via formal training and self-directed education
  • Willingly share knowledge and experiences with less experienced staff to help grow the team through training and mentoring

We Take Equal Opportunity Seriously – By Choice

T-Mobile USA, Inc. is an Equal Opportunity Employer. All decisions concerning the employment relationship will be made without regard to age, race, color, religion, creed, sex, sexual orientation, gender identity or expression, national origin, marital status, veteran status, the presence of any physical or mental disability, or any other status or characteristic protected by federal, state, or local law. Discrimination or harassment based upon any of these factors is wholly inconsistent with our Company values and will not be tolerated. Furthermore, such discrimination or harassment may violate federal, state, or local law.

Back to top