CenturyLink Security Engineer in Denver, Colorado

About CenturyLink

CenturyLink at http://www.centurylink.com (NYSE: CTL) is the second largest U.S. communications provider to global enterprise customers. With customers in more than 60 countries and an intense focus on the customer experience, CenturyLink strives to be the world’s best networking company by solving customers’ increased demand for reliable and secure connections. The company also serves as its customers’ trusted partner, helping them manage increased network and IT complexity and providing managed network and cyber security solutions that help protect their business.

Job Summary

CenturyLink is seeking an IT Systems Engineer III (Security Engineer) with demonstrated critical thinking and problem solving skills to design, document, assess, and continuously monitor multiple accredited and unaccredited systems/enclaves. This position will be responsible for systems in support of CenturyLink’s Government and commercial Managed Security Services platforms addressing .gov and critical infrastructure protection missions.

Job Description

  • Using FIPS 199 and NIST SP 800-60 conduct the engineering and documentation of information systems and product/services.

  • Develop, implement, review and evaluate System Security Plans, Interconnection Security Agreements, Risk Assessments, Plan of Actions and Milestones (POAM), System Requirements Traceability Matrix (SRTM), Security Assessment Reports, Contingency Plans as well as other required documentation to satisfy Certification and Accreditation (C&A)/Assessment and Authorization (A&A) requirements in accordance with government policies and procedures.

  • Conduct stakeholder and third-party engagement, governance, and incorporation of Government requirements into overall system and service planning.

  • Interface with appropriate government agencies, company management and employees, customers, vendors, and suppliers to ensure understanding of and compliance with security requirements.

  • Support a governance process for managing the program systems including the integration of remediation activities into planning, programming, budgeting and execution processes.

  • Coordinate remediation approach and reporting POA&M status and proposed mitigation strategies.

  • Identify problems with security processes and recommends/implements solutions to resolve or improve processes.

  • Manage Information Security Audits by federal departments/agencies, including third party auditors.

  • Conduct periodic reviews to ensure compliance with established policies and procedures ensuring all software, hardware and firmware changes recorded as required by established configuration management procedures.

  • Run automated security compliance tools, validate results and support the remediation of compliance and vulnerability findings.

  • Maintain a broad knowledge of technology, equipment and/or systems to include the configuration, maintenance, analysis and use of computer forensics tools, metadata tools, audit reduction tools, firewalls, various operating systems, etc.

Qualifications

  • Bachelor’s Degree or equivalent experience.

  • Required: 5-10 Years of experience with NIST, RMF, FISMA-related activities to include system security plans, contingency plans, incident response plans, configuration management plans, security control requirements and assessments, Plan of Action and Milestones (POA&M), and training requirements.

  • Required: Experience/expertise in risk and risk scoring under NIST RMF, Cybersecurity Framework and FISMA reporting criteria.

  • Required: Top Secret Security clearance.

  • Preferred: CISSP certification or equivalent (e.g. CISA, CISM, etc).

  • Knowledge and experience with performing information system continuous monitoring of security controls to ensure that they continue to be implemented correctly, operating as intended and producing the desired outcome with respect for meeting the security requirements.

  • Knowledge and experience in writing security policies, procedures, guidance, standards and instructional materials.

  • Experience analyzing and documenting security control deficiencies and system vulnerabilities.

  • Strong analytical skills and process-oriented.

  • Demonstrate excellent verbal and written skills.

  • Ability to take guidance and-work independently-to complete tasks.

Education

Alternate Location: US-Colorado-Denver

Requisition # : 194439

This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at http://find.centurylink.jobs/testguides/

This position is part of a bargaining unit and represented by a union. Depending upon the applicable collective bargaining agreement under which you may be hired, you may be: (a) required to join the union and pay union dues as a condition of employment; or, (b) required to pay union dues, but not join the union as a condition of employment; or (c) free to chose whether or not to join the union, but if you do join the union you would be obligated to pay union dues.

EEO Statement

We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, creed, veteran status, disability, medical condition, genetic characteristic or information, age, sex, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, "protected statuses"). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.

Disclaimer

The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.