SR INFORMATION SECURITY ENGINEER - FED

Apply now »

Date: Sep 29, 2017

Location: Herndon, NC, US, 20171

CenturyLink (NYSE: CTL) is a global communications and IT services company focused on connecting its customers to the power of the digital world. CenturyLink offers network and data systems management, big data analytics, managed security services, hosting, cloud, and IT consulting services. The company provides broadband, voice, video, advanced data and managed network services over a robust 265,000-route-mile U.S. fiber network and a 360,000-route-mile international transport network. Visit CenturyLink for more information.

 

We are in the process of selecting candidates to fill open positions in the combined company following CenturyLink’s acquisition of Level 3 Communications.  All qualified candidates who express interest by submitting an application to an open posting will be considered.  We welcome, and encourage, all application submissions while we continue our integration process.  But based on business needs, preference may be given to internal applicants from CenturyLink and Level 3.  As with all roles in the combined company, filling these roles is contingent upon the merger close.

Job Summary

The Senior Information Security Engineer is a member of the Government Services Information Security team that is responsible for delivering security requirements and coordinating information security risk assessments to ensure compliance with corporate and/or government policy, standards, procedures and industry best practices.  The Senior works with developers, engineers, administrator and system owners to ensure the systems comply with applicable government policies (FEDRAMP, ICD, CNSSI, NIST, DOD, etc). This is done by employing well-defined security policy models, structured, disciplined, and rigorous hardware and software development (and testing and certification) techniques, and sound system/security engineering principles. Assurance is also based on the assessment of evidence produced during the initiation, acquisition/development, implementation, and operations/maintenance phases of the SDLC (Software Development Life Cycle).

Job Description

  • Perform as the ISSO (Information Systems Security Officer) for Federal systems.
  • Develop, implement, review and evaluate System Security Plans, Interconnection Security Agreements, Risk Assessments, Plan of Actions and Milestones (POAM), System Requirements Traceability Matrix (SRTM), Security Assessment Reports, Contingency Plans as well as other required documentation to satisfy Certification and Accreditation (C&A)/Assessment and Authorization (A&A) requirements in accordance with government policies and procedures.
  • Achieve and maintain ATO (Authority To Operate), as required.
  • Writes BC (Business Continuity)/DR (Disaster Recovery)/CP (Contingency Plans)/COOP (Continuity of Operations) plans, test plans, and test reports for federal systems.
  • Manages Information Security Audits by federal departments/agencies, including third party auditors.
  • Experience with security tools (Nessus, HBSS, ACAS, dbProtect, AppScan or similar). Perform scans, review the results, and write necessary reports and plans.
  • Conduct periodic reviews to ensure compliance with established policies and procedures ensuring all software, hardware and firmware changes recorded as required by established configuration management procedures
  • Ensure systems are operated, maintained and disposed of in accordance with applicable governing policies and procedures
  • Perform IS security briefings, report all security incidents to the ISSM (Information Systems Security Manager), and investigate, document and report, as well as provide protective and corrective measures in response to such incidents
  • Coordinate and participate in special projects concerning information security, including testing and implementation of security software enhancements
  • Develop, facilitate, and present information security awareness and security training on various customer and corporate security policies
  • Maintain a broad knowledge of technology, equipment and/or systems to include the configuration, maintenance, analysis and use of computer forensics tools, steganography and metadata tools, audit reduction tools, firewalls, various operating systems, and phone switches
  • Interface with appropriate government agencies, company management and employees, customers, vendors, and suppliers to ensure understanding of and compliance with security requirements.
  • Coordinate activities across multiple departments and business units.
  • Other duties as assigned.

#LI-POST1

Qualifications

  • 5+ years of relevant experience with Certification and Accreditation (C&A) or Assessment and Authorization (A&A).
  • Undergraduate degree in Computer Science, Engineering, or related field, or equivalent experience.
  • Applicable professional/technical certifications should be in place, or candidate must be willing to pursue such as Security+, CAP, CASP, CISSP, CISM or GSLC.
  • Hands on experience using and/or processing reports from vulnerability and security assessment tools (NESSUS, HBSS, ACAS, etc.).
  • Must possess broad technical knowledge to understand and verify proper security implementation.
  • Excellent oral and written communication skills and experience in presenting security issues to all levels of management, as well as non-technical staff.
  • Self-starter with strong self-management skills, with an ability to organize and manage multiple priorities.
  • Ability to apply professional judgment in critical thinking and problem solving.
  • Team oriented

Preferred Qualifications

  • Knowledge of information assurance security policies and procedures (ICD 503, CNSSI 1253, RMF, NIST 800.53 rev3/4, FEDRAMP, DISA SRG).
  • Active TS or TS/SCI with current SSBI Security Clearance is required for most positions and a Polygraph may also be Required.

Education

Bachelors or Equivalent in Computer Science or Other Technology

Alternate Location: US-Virginia-Herndon

Requisition #: 157420

This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at http://find.centurylink.jobs/testguides/ 

EEO Statement

We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”).  We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.

Disclaimer

The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.  Job duties and responsibilities are subject to change based on changing business needs and conditions.


Nearest Major Market: Washington DC

Job Segment: Engineer, Corporate Security, Information Security, Computer Forensics, Engineering, Security, Technology


Apply now »

Share this Job