AppSec Jobs
← Back to all jobs

AT&T

Principal Cybersecurity – Endpoint Security Platform Engineer (Tanium + Endpoint Security Platforms + AI-Driven Operations)

Charlotte, NCWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About AT&T

AT&T Inc. is a multinational telecommunications holding company based in Dallas, founded in 1876. It evolved from the Bell Telephone Company and became a leading provider of voice, data, and entertainment services in the U.S. and globally. The company has a rich history, including the establishment of the first long-distance network and significant milestones like transatlantic service in 1927. Today, AT&T is a leader in telecommunications, technology, and entertainment, offering a variety of services such as wireless connectivity, high-speed internet, local and long-distance phone services, and pay-TV. Its product lineup includes wireless plans under the AT&T Mobility brand, DIRECTV satellite TV, and AT&T Fiber internet. The company focuses on innovation in areas like 5G and IP networks, continuing to build on its extensive legacy in telecommunications. AT&T serves a wide range of consumer and business markets, including government and enterprise clients.

Industry

telecommunications

Employees

140,000

16990 engineers

Revenue

$122B

Website

Visit →

Security at AT&T

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

Stated AppSec Mission:"We defend the AT&T network with a multi-layered approach"– AT&T Sustainability: Cybersecurity (https://sustainability.att.com/priority-topics/cybersecurity), Company Site , Developer Enablement vs. Gatekeeping:"Developers can now use our AI chatbot to more easily implement security policies"– AT&T Sustainability: Cybersecurity (https://sustainability.att.com/priority-topics/cybersecurity), Company Site , Risk Philosophy:"We assess, identify and manage risks from cybersecurity threats"– AT&T Sustainability: Cybersecurity (https://sustainability.att.com/priority-topics/cybersecurity), Company Site , Stated Pain Points or Goals (Verbatim):"We significantly increased our rates of device and database scanning"– AT&T Sustainability: Cybersecurity (https://sustainability.att.com/priority-topics/cybersecurity), Company Site , "We began to use Artificial Intelligence to enable our developers and workforce"– AT&T Sustainability: Cybersecurity (https://sustainability.att.com/priority-topics/cybersecurity), Company Site , Gaps & Contradictions:- Information not publicly available: any explicit public statement framing AppSec as "developer-first"vs "gatekeeping"beyond the AI chatbot enabling quote. (Evidence: see collection log.)

Security Team

Section 2: The AppSec Team: People & Structure ("The Team")Org Structure & Reporting Line:"The program encompasses the Chief Security Office (CSO)"– AT&T Sustainability: Cybersecurity (https://sustainability.att.com/priority-topics/cybersecurity), Company Site , "The CISO plays the key management role in assessing and managing our material risks"– AT&T Sustainability: Cybersecurity (https://sustainability.att.com/priority-topics/cybersecurity), Company Site , Key Public-Facing Leaders (top 1-3):Rich Baich, Senior Vice President & Chief Information Security Officer – LinkedIn: https://www.linkedin.com/in/richbaichKey Quote: "spent more than 16,000 hours completing AI training and labs"– Fortune (https://fortune.com/2025/12/19/at-t-executive-manifested-his-chief-information-security-officer-job/), News Article , Team Size Estimate (as_of:):"AT&T maintains a comprehensive global security organization comprised of over 1100 security professionals."– AT&T Information & Network Security Customer Reference Guide (https://www.business.att.com/content/dam/attbusiness/guides/att-information-and-network-security-customer-reference-guide.pdf) ⚠️, Corporate PDF , Note: explicit AppSec-only headcount not publicly available.LinkedIn Search Query Used: "site:linkedin.com "AT&T" "application security" OR "AppSec" OR "Application Security Engineer""(geo: United States, roles: Security/Application Security)Result: Information not publicly available for a precise AppSec headcount. LinkedIn-derived estimate unavailable due to access/limitations.Active AppSec Job Postings (as_of:):Count: 1 (evidence of at least one active posting)- Lead Cybersecurity - Application Security DevSecOps Engineer – Job ID on AT&T jobs site (https://www.att.jobs/job/middletown/lead-cybersecurity-application-security-devsecops-engineer/117/88306173664) ⚠️, Job Posting , Common Skill/Tool Patterns (verbatim from postings):"Lead the implementation, configuration, and optimization of DAST tools"– AT&T Job Posting (Job ID R-81508) ⚠️, Job Posting , "Experience integrating DAST tools (e.g., Burp Suite, IBM AppScan, Netsparker, Acunetix)"– AT&T Job Posting (Job ID R-81508) ⚠️, Job Posting , "Knowledge of complementary security testing approaches such as Static Application Security Testing (SAST) and Interactive Application Security Testing (IAST)"– AT&T Job Posting (Job ID R-81508) ⚠️, Job Posting , "including Java, Python, Bash/Shell Scripting, PHP, Javascript"– AT&T Job Posting (Job ID R-81508) ⚠️, Job Posting , Gaps & Contradictions:- Current AppSec org chart and AppSec-specific reporting line (e.g., whether AppSec reports into CSO centrally or is embedded) not publicly available at the AppSec-team level.

Key Initiatives

Section 3: AppSec Initiatives & Workflows ("The Initiatives")Security Champions Program:Status: No Evidence Found — Information not publicly available."Shift Left"in Practice:"Developers can now use our AI chatbot to more easily implement security policies"– AT&T Sustainability: Cybersecurity (https://sustainability.att.com/priority-topics/cybersecurity), Company Site , Note: No public verbatim description of pre-commit/IDE plugin rollout, but the AI chatbot statement indicates developer-facing enablement.Vulnerability Management Process (Intake / Triage / Remediation):Intake:"This includes ... a Bug Bounty program"– AT&T Information & Network Security Customer Reference Guide (https://www.business.att.com/content/dam/attbusiness/guides/att-information-and-network-security-customer-reference-guide.pdf) ⚠️, Corporate PDF , "vulnerability scans are conducted on networks, computer hosts and applications"– AT&T Information & Network Security Customer Reference Guide (https://www.business.att.com/content/dam/attbusiness/guides/att-information-and-network-security-customer-reference-guide.pdf) ⚠️, Corporate PDF , Triage/Remediation:"Each security advisory is reviewed, evaluated, assigned a severity rating"– AT&T Information & Network Security Customer Reference Guide (https://www.business.att.com/content/dam/attbusiness/guides/att-information-and-network-security-customer-reference-guide.pdf) ⚠️, Corporate PDF , "The security teams work with application and system owners to remediate those vulnerabilities"– AT&T Sustainability: Cybersecurity (https://sustainability.att.com/priority-topics/cybersecurity), Company Site , Note: No public, verbatim SLAs (e.g., MTTR or days-to-remediate) for application vulnerabilities were found.Secure SDLC Artifacts:"Policy and Requirements for Application Development and Sustainment"– AT&T Information & Network Security Customer Reference Guide (https://www.business.att.com/content/dam/attbusiness/guides/att-information-and-network-security-customer-reference-guide.pdf) ⚠️, Corporate PDF , "threat modeling"is listed among mechanisms used for risk assessment – AT&T Sustainability: Cybersecurity (https://sustainability.att.com/priority-topics/cybersecurity), Company Site , Recent Initiatives (Last 6 Months):Evidence Found:"We began to use Artificial Intelligence to enable our developers and workforce"– AT&T Sustainability: Cybersecurity (https://sustainability.att.com/priority-topics/cybersecurity), Company Site , "started analyzing company applications to identify risk impacts from quantum computing enabled cryptography attacks"– AT&T Sustainability: Cybersecurity (https://sustainability.att.com/priority-topics/cybersecurity), Company Site , Gaps & Contradictions:- No public, recent (last 6 months) AppSec-specific program announcements (e.g., new SAST or secrets-detection rollouts) were found.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.