CenturyLink Diversity and Inclusion

Search Jobs

Job Information

CenturyLink Senior Information Security Engineer - Federal in HERNDON, Virginia

About CenturyLink

CenturyLink (NYSE: CTL) at http://www.centurylink.com/ is the second largest U.S. communications provider to global enterprise customers. With customers in more than 60 countries and an intense focus on the customer experience, CenturyLink strives to be the world’s best networking company by solving customers’ increased demand for reliable and secure connections. The company also serves as its customers’ trusted partner, helping them manage increased network and IT complexity and providing managed network and cyber security solutions that help protect their business.

Job Summary

The Senior Engineer- Federal is a member of the Technical Analysis and Integration team who will be responsible for delivering security requirements and coordinating information security risk assessments to ensure compliance with program policy, standards, procedures and industry best practices. The engineer will assist with the development and implementation of the security program to assess and manage application security risk. The engineer will engage with both internal and external parties to include the program ISSO. The engineer will draft and recommend appropriate security procedures and methods according to established standards, assess systems and applications within the program environment for cybersecurity risks and vulnerabilities, design and test controls in a lab environment to protect information and network assets, and assess and manage application security risk in conjunction with our Program Customer of Interest. Additionally, the Senior Engineer will provide guidance, training, and assistance to junior engineers and technicians as well as peers on the Technical Analysis and Integration Team.

The successful candidate will have broad technical knowledge of current and emerging cyber threats, security technologies and methods used to protect both program and customer-facing applications using agile cybersecurity approaches. Skill in rapidly understanding new applications, systems, and platforms; and developing appropriate security controls beyond existing compliance standards is also required.

This candidate must be able to work independently and as a team leader to develop and execute strategies and consult with internal business units on advanced application and data security topics. In addition, the candidate must possess excellent oral and written communications skills and experience in presenting technical issues to a wide variety of audiences. The candidate must also have a proven analytical background in order to analyze, test, and report with detailed documentation through lab scenarios and case studies within a lab environment prior to implementation.

Job Description

  • Work with the program ISSO to fully understand security posture and requirements.

  • Advise the Engineering team of the security direction for systems, applications, application development, user services, and vendor development efforts.

  • Develop relationships and engage with industry partners, Security Information Exchanges, and other groups to assess industry advances in technical security technologies.

  • Assess security industry trends and provide consultation, recommendations, and implementation advice on emerging technologies.

  • Test potential security solutions to validate features and functions, partnering with other organizations in the resolution of interoperability issues to obtain successful integration of security solutions across all platforms.

  • Consult with senior management and internal clients across multiple business units on complex security topics and policy interpretation.

  • Proactively identify potential security issues within the corporate and carrier infrastructure and provide strategic direction to avoid risks to CenturyLink information assets.

  • Ensure reports and findings are delivered in a timely and appropriate manner to management, operations, and executive leadership.

Essentials Duties

  • Understand new laws and regulations and provide consultation, recommendations, and implementation advice to the organization. Make necessary adjustments to the Information Security Policy.

  • Assess potential risks with new products and services and provide security requirements and recommendations for risk mitigation.

  • Architect new information security systems and controls to mitigate emerging threats and risks across the Program Network.

  • Recommend new security policy, standards, best practices, and system configuration standards. Consult with internal clients on security topics and policy interpretation.

  • Analyze requests for exceptions to the Information Security Policy, identify risk mitigation steps that should be taken, and make recommendations to the business for accepting the risks associated with exceptions.

Qualifications

  • Undergraduate degree in computer science, engineering, or related field, or equivalent experience.

  • Experience in the administration, design and implementation of security controls including experience in applying methodologies and principles for all levels of security.

  • Excellent oral and written communication skills, collaboration skills, and experience in presenting technical issues to all levels of management, as well as non-technical staff.

  • Candidate must possess, or be willing to pursue, applicable professional/technical certifications, such as CISSP, GPEN, GWAPT, CEH, GCIH, GISEC, CISM or CISA.

  • Experience with technologies, tools and process controls to minimize risk and data exposure.

  • Strong understanding of common computing attack vectors; information, host and network security hardening and requirements; networking protocols; common intrusion techniques; and common risk management concepts.

  • Broad technical knowledge of current and emerging technologies used both within the corporate infrastructure and in delivering customer facing services.

  • Solid understanding of information, host and network security hardening and requirements; networking protocols; common intrusion techniques; and common risk management concepts.

  • Analytical and problem solving skills related to networking, operating systems, and malware analysis.

  • Strong oral and written communication skills and comfort with presenting technical issues to all levels of management, as well as non-technical staff.

Preferred Skills

  • 4+ years of experience in performing security risk assessments and application, system and network security.

  • Experience in network and/or firewall engineering, administration, design and implementation including experience in applying methodologies and principles for all levels of security.

  • Understanding of the following tools: SIEM, IDS / IPS, host based Anti-Virus, or similar products.

  • Experience in network monitoring tools to monitor attacks/threats and doing the initial triage of findings.

  • Microsoft or UNIX (including Linux or other UNIX derivatives) MAC operating system administration/support experience.

  • Experience with computer security, incident response, or computer forensics.

  • Experience with technologies, tools and process controls to minimize risk and data exposure.

  • Application development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, PERL, Python, or Java a plus.

  • Experience in large enterprise or carrier data centers and/or networks.

Clearance

  • Active TS/SCI is required.

Alternate Location: US-Virginia-Herndon

Requisition # : 216419

This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at http://find.centurylink.jobs/testguides/

EEO Statement

We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.

Disclaimer

The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.

DirectEmployers