Senior Security Engineer - Incident Response

Date: Jun 15, 2019

Location: BROOMFIELD, CO, US, 80021 TEMPE, AZ, US, 852810000 LITTLETON, CO, US, 801280000 NEW CENTURY, KS, US, 66031-8000

About CenturyLink

CenturyLink (NYSE: CTL) is the second largest U.S. communications provider to global enterprise customers. With customers in more than 60 countries and an intense focus on the customer experience, CenturyLink strives to be the world’s best networking company by solving customers’ increased demand for reliable and secure connections. The company also serves as its customers’ trusted partner, helping them manage increased network and IT complexity and providing managed network and cyber security solutions that help protect their business.


Job Summary

The Senior Information Security Engineer is a member of the Information Security Governance/IBRR team that is responsible for Global Data Protection and conducting International Business Risk Reviews (IBRR) to address security risks with new work moving to international locations, and to work with IT to assess applications and verify Clean Room controls. The engineer will follow established processes to conduct risk assessments on proposed international activities and facilitate meetings with the International Business Risk Review Council (IBRRC), if necessary.

Job Description

  • Respond to, remediate and document information security incidents not limited to SIEM Alerts, Tickets, Emails, or Phone Calls.
  • Review data that is processed within the SIEM to find and resolve suspicious events.
  • Verify incident source alert notifications are authentic and trusted.
  • Identify and resolve incidents that are not defined by (or deviates from) an existing incident response guide.
  • Assist with significant incidents as needed or assigned.
  • Provide feedback for development and consistency of automated threat detection mechanisms.
  • Create and maintain incident response guides.
  • Security projects dedicated to improving Corporate Security or CenturyLink's security posture.
  • Support and enhance CenturyLink's abilities to detect and respond to security incidents including internal events, targeted attacks and all other cyber incidents.
  • Ensure Corporate Security owned Infrastructure, Event Feeds, Event Processing, and Asset Intelligence are available and operating effectively.
  • Support the business units within CenturyLink by acting as liaison between them and Corporate Security.


  • Automate detections of “Indicators of Compromise” provided by Corporate Security in order to detect intrusions, and significantly lower time to response.
  • Facilitate the coordinated response to the intrusion, to minimize the impact of the threat returning the integrity of CenturyLink assets and network as quickly as possible.
  • Understand the initial threat vector, and the creation of protection mechanisms to prevent threats from occurring in the future.
  • Recommend security best practices and system configuration standards.
  • Facilitate and lead incident response calls and provide documentation to senior management.
  • Perform an on-call shift rotation.
  • Ensure communication continuity between all shifts


  • Undergraduate degree in computer science, engineering, or related field, or equivalent experience.
  • 5+ years of relevant system administration, virtualization, configuration, and support work experience.
  • Excellent understanding of common computing platforms.  Including Windows Server, RedHat Linux Server, and vendor specific appliance support.
  • Understanding and ability to utilize programming skills
  • Candidate must possess, or be willing to pursue, applicable professional/technical certifications, such as CISSP, CEH, GCIH, GPEN, GWAPT, GISEC, CISM or CISA.
  • Considered expert in one (or more) of the following areas:  Networking, Operating System (MS/Unix/Linux), Database, or directory such as Active Directory and LDAP.
  • Strong work ethic, demonstrated self-starter, ability to work in a fast paced, team oriented environment with excellent verbal and written communication skills.


Preferred Qualifications:

  • 5+ years of dedicated system administration, virtualization, configuration, and support work experience.
  • Proficient with regular expressions, PERL, and/or XML constructs.
  • Hands on experience of the following tools: SIEM, IDS / IPS, host based Anti-Virus, or similar products.
  • Professional/technical certifications, such as Certified Information Systems Security Professional (CISSP), Security+, Microsoft Certified IT Professional, Linux Professional Institute Certifications, or equivalent System Administration related certifications. (OSCP, GCIH, other SANS security certs)
  • Experience reverse engineering malware and malware analysis.
  • Experience with large enterprise data centers and/or networks.

Alternate Location: US-Arizona-Tempe; US-Colorado-Broomfield; US-Colorado-Littleton; US-Kansas-New Century

Requisition #: 212828

This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at 

EEO Statement

We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”).  We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.


The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.  Job duties and responsibilities are subject to change based on changing business needs and conditions.

Nearest Major Market: Denver

Job Segment: Corporate Security, Engineer, Developer, Information Systems, Security, Engineering, Technology

Share this Job