CenturyLink LEAD INFORMATION SECURITY ENGINEER in Broomfield, Colorado
CenturyLink (NYSE: CTL) at http://www.centurylink.com is a global communications and IT services company focused on connecting its customers to the power of the digital world. CenturyLink offers network and data systems management, big data analytics, managed security services, hosting, cloud, and IT consulting services. The company provides broadband, voice, video, advanced data and managed network services over a robust 265,000-route-mile U.S. fiber network and a 360,000-route-mile international transport network. Visit CenturyLink at http://www.centurylink.com/ for more information.
The Lead Information Security Engineer is a member of the Information Security Governance and Risk team that is responsible for delivering security requirements and coordinating information security risk assessments to ensure compliance with corporate policy, standards, procedures and industry best practices. The engineer will work with project managers and developers to assess the security risks associated with new applications and products; provide security requirements; coordinate vulnerability assessments; and present an overall risk assessment for the project. The engineer supports all aspects of cloud security assessments and standards including containerization, microservices, DevOps, data center, and CASB projects. The engineer will elicit business requirements from multiple business stakeholders; convert business requirements to technical requirements and coordinate with project teams; and facilitate meetings with technical and business subject matter experts and recommend solutions to mitigate risks.
Assess potential risks with new products and services and provide security requirements and recommendations for risk mitigation.
Architect new information security systems and controls to mitigate emerging threats and risks across the company.
Consult as security subject matter expert with network architects, engineers, and others on security solutions.
Ensure reports and findings are delivered in a timely and appropriate manner to management, operations and executive leadership.
Recommend new security policy, standards, best practices, and system configuration standards. Consult with internal clients on security topics and policy interpretation.
Analyze requests for exceptions to the Information Security Policy, identify risk mitigation steps that should be taken, and make recommendations to the business for accepting the risks associated with exceptions.
Test potential security solutions to validate features and functions, partnering with other organizations in the resolution of interoperability issues to obtain successful integration of security solutions across all platforms.
Understand new laws and regulations and provide consultation, recommendations, and implementation advice to the organization. Make necessary adjustments to the Information Security Policy. Proactively identify higher risk areas of the corporate and carrier infrastructure for assessment.
Work with Product Development on new security-related product offerings and services for customers.
Assess operational business processes to identify opportunities to integrate security risk assessments for greatest impact.
Proactively identify higher risk areas of the corporate and carrier infrastructure for assessment.
Coordinate activities across multiple departments and business units.
Bachelor’s degree in Computer Science, Engineering, or related field, plus 8+ years of relevant experience.
Experience in performing security risk assessments and application, system and network security.
Experience with technologies, tools and process controls to minimize risk and data exposure.
Experience in cloud security, data center, network and/or firewall engineering, administration, design and implementation including experience in applying methodologies and principles for all levels of security.
Must possess, or be willing to pursue, current applicable professional/technical certifications, such as CISSP, GPEN, GWAPT, GISEC, CISM or CISA.
Strong oral and written communication skills and comfort with presenting technical issues to all levels of management, as well as non-technical staff.
Must possess broad technical knowledge of current and emerging technologies used both within the corporate infrastructure and in delivering customer facing services.
Knowledge of information security industry and regulatory obligations (ISO 27001/27002, SOX, PCI, NIST Framework, FISMA, FedRAMP, HIPAA, NACHA, SSAE-16 and GDPR).
Application development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, PERL, Python, or Java.
Knowledge of project management practices.
Experience in large Enterprise data centers and/or networks.
Alternate Location: US-Colorado-Broomfield
Requisition # : 210324
This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at http://find.centurylink.jobs/testguides/
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.
The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.