CenturyLink Lead Information Security Engineer - Federal Practice in Herndon, Virginia
CenturyLink (NYSE:CTL) is a premier network solutions provider and trusted partner to our customers. As part of our recent acquisition of Level 3 Communications, our portfolio has expanded. More customers. More network. More locations. More opportunities for you. With a global presence in 60 countries, service to more than 350 metro areas domestically, and more than 200,000 miles of fiber; CenturyLink is going places. At CenturyLink, we believe in growth and innovation, for our customers and our employees. Discover how CenturyLink can expand your potential and take your career to new places if you’re looking to join a company that celebrates diversity and creativity, with industry-leading benefits and commitment to employee advancement. We’re committed to bringing great talent to our team to help us change the world. One network connection at a time.
We are in the process of filling open positions for the combined company following CenturyLink’s acquisition of Level 3 Communications. All qualified candidates who express interest by submitting an application to an open posting will be considered. However, based on business needs, preference may be given to internal applicants on certain positions. We still welcome, and encourage, all application submissions while we continue our integration process. Internal applicants are current, active CenturyLink employees, including Level 3 employees who have transitioned to CenturyLink as part of the acquisition.
The Lead Information Security Engineer is a member of the Government Services Information Assurance team that is responsible for delivering security requirements and coordinating information security risk assessments to ensure compliance with corporate policy, standards, procedures and industry best practices. The Lead Engineer in Systems Engineering is responsible for administrating and integrating security infrastructure, including security event feeds, event processing, and asset intelligence tools. The Lead Information Security Engineer works with the developers and system owners to ensure the systems comply with Federal Information Security Management Act (FISMA), NIST, DOD, and Intelligence Community requirements, as applicable. This is done by employing well-defined security policy models, structured, disciplined, and rigorous hardware and software development (and testing and certification) techniques, and sound system/security engineering principles. Assurance is also based on the assessment of evidence produced during the initiation, acquisition/development, implementation, and operations/maintenance phases of the SDLC (Software Development Life Cycle).
The successful candidate will have excellent communications skills and experience in presenting technical issues to a wide variety of audiences. In addition, the candidate must possess broad technical knowledge of current and emerging technologies used both within the corporate infrastructure and in delivering customer-facing services. The individual will coordinate activities across multiple departments and business units. This candidate must be able to work independently and as a team leader to develop and execute strategies.
Perform as the ISSO (Information Systems Security Officer) for Federal systems.
Lead security authorization processes and procedures. Recommend security best practices and system configuration standards.
Write System Security Plans, POA&Ms (Plan Of Actions and Milestones), Risk Assessments, PIAs (Privacy Impact Analyses), and supporting documentation for systems subject to NIST SP 800-53.
Achieve and maintain ATO (Authority To Operate), as required.
Develop, implement, and evaluate security CONOPS (Concept of Operations), System Security Plans and/or System Security Authorization Agreements to satisfy Certification and Accreditation requirements in accordance with NIST 800-53, FISMA, FedRAMP, Risk Management Framework (RMF) and other government guidelines, as required.
Writes BC (Business Continuity)/DR (Disaster Recovery)/CP (Contingency Plans)/COOP (Continuity of Operations) plans, test plans, and test reports for federal systems.
Manages Information Security Audits by federal departments/agencies, including third party auditors.
Assesses emerging network system and enterprise-level risks and vulnerabilities. Advises leadership on cyber security risk management, security strategy, security project planning, and security architecture.
Negotiates Information Security-related contracts and contract language with business partners and customers. Responds to RFPs (Requests For Proposals) and RFIs (Request For Information) from government entities.
Experience with Nessus, dbProtect and AppScan or similar security tools. Perform scans, review the results, and write necessary reports and plans.
Conduct periodic reviews to ensure compliance with established policies and procedures ensuring all software, hardware and firmware changes recorded as required by established configuration management procedures
Ensure systems are operated, maintained and disposed of in accordance with applicable governing policies and procedures
Perform IS security briefings, report all security incidents to the ISSM (Information Systems Security Manager), and investigate, document and report, as well as provide protective and corrective measures in response to such incidents
Coordinate and participate in special projects concerning information security, including testing and implementation of security software enhancements
Develop, facilitate, and present information security awareness and security training on various customer and corporate security policies
Maintain a broad knowledge of technology, equipment and/or systems to include the configuration, maintenance, analysis and use of computer forensics tools, steganography and metadata tools, audit reduction tools, firewalls, various operating systems, and phone switches
Interface with appropriate government agencies, company management and employees, customers, vendors, and suppliers to ensure understanding of and compliance with security requirements
Undergraduate degree in Computer Science Engineering, Management Information Systems, related field, or equivalent experience.
8 years of relevant experience with Certification and Accreditation (C&A) or Assessment and Authorization (A&A).
Excellent understanding of common computing platforms, including Windows Server, RedHat Linux Server, and vendor specific appliance support.
Considered expert in one (or more) of the following areas: Networking, Operating System (MS/Unix/Linux), Database, or programming skills.
Strong work ethic, demonstrated self starter, ability to work in a fast paced, team oriented environment with excellent verbal and written and communication skills. Professional/technical certifications, such as Certified Information Systems Security Professional (CISSP), CISSP/MCSE/MCSA/CCNA/A+/Network+ Certifications.
8+ years of dedicated system administration, virtualization, configuration, and support work experience.
eMass / RMF training and experience
Current Public Trust Adjudication
Experience with large enterprise data centers and/or networks.
Bachelors or Equivalent in Computer Science or Other Technology
Alternate Location: US-Virginia-Herndon
Requisition # : 161931
This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at http://find.centurylink.jobs/testguides/
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.
The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.