Sr Information Security Engineer - Vulnerability Management with Security Clearance
Posted on: August 15, 2019
CenturyLink (NYSE: CTL) is a global communications and IT services
company focused on connecting its customers to the power of the
digital world. CenturyLink offers network and data systems
management, big data analytics, managed security services, hosting,
cloud, and IT consulting services. The company provides broadband,
voice, video, advanced data and managed network services over a
robust 265,000-route-mile U.S. fiber network and a
360,000-route-mile international transport network. Visit
CenturyLink for more information. Job Summary The Senior
Information Security Engineer on the Cybersecurity Vulnerability
Assessment Services (CVAS) team within Enterprise Security is
primarily responsible for identifying, establishing, enhancing, and
performing operational functions of vulnerability management.
Operational functions include establishing and maintaining scanning
capabilities, identifying vulnerabilities through scanning
capabilities, and providing remediation oversight of
vulnerabilities on CenturyLink servers, databases, applications,
network elements, and other systems across the corporate
enterprise. The engineer is responsible to assist with realizing
strategic security initiatives to improve the team capabilities
associated with vulnerability management and vulnerability scanning
methodology. The engineer will conduct penetration testing on a
limited basis to assist the CVAS team penetration testers and to
advance penetration testing skills. The engineer must possess
general knowledge of cybersecurity threats, vulnerabilities, and
technologies. The engineer must possess broad knowledge of
Information Security and Information Technology (IT) systems as
well as a reasonable understanding in all disciplines of
networking, programming, application development and system
administration. The engineer must have effective oral and written
communication skills to provide remediation oversight of
vulnerabilities, document team procedures and processes, and assist
with documents intended for executive review and approvals. The
engineer must be able to work independently, as well as
collaboratively with others, to foster consulting with internal
partners Job Description * Represent Corporate Security as a
Subject Matter Expert (SME) regarding CenturyLink vulnerability
scanning capabilities and methodologies.
* Oversee the response to High severity vulnerabilities that impact
CenturyLink systems by analyzing the vulnerabilities, identifying
systems impacted, and collaborating with system owners to
communicate the risk of vulnerabilities, establish remediation
priority, and validate remediation efforts.
* Coordinate and lead routine vulnerability scanning and
remediation oversight on CenturyLink systems as required for
compliance of Payment Card Industry Data Security Standard (PCI
DSS), Federal Information Security Management Act (FISMA), Health
Insurance Portability and Accountability Act (HIPAA), and other
industry compliance standards as necessary.
* Identify vulnerabilities on CenturyLink systems through
vulnerability scanning for CenturyLink infrastructures, products,
and services encompassing network elements, operating systems,
databases, and applications across the corporate enterprise.
* Contribute to realize strategic security initiatives to improve
vulnerability management and vulnerability scanning capabilities
through automation development, processes enhancements, and
* Create reports and generate vulnerability metrics for executive
management levels to utilize in making informed business decisions
that impact the security of CenturyLink and its customers.
* Perform operational support of vulnerability management systems
and applications that the CVAS team is responsible to maintain and
define documented procedures and processes.
* Conduct penetration testing on a limited basis to assist the CVAS
team penetration testers.
* Identify deficiencies within vulnerability management and
vulnerability scanning tools, procedures, and processes and provide
recommendations for improvement.
* Contribute to develop, facilitate, and maintain the Information
Security Policy, Methods & Procedures, Technical Standards,
Technical Best Practices, and general processes for vulnerability
* Instill a security culture company-wide through vulnerability
awareness and remediation mindset. Qualifications * Undergraduate
degree in Information Security, Computer Science, Computer
Engineering, or related field, or equivalent experience.
* 2+ years' experience in Information Security; or 1+ years with a
Master's degree and relevant work experience.
* Applied experience performing vulnerability scanning and
vulnerability management functions for medium to large
* Experience utilizing multiple vulnerability scanning tools and
* Knowledge of current and emerging cybersecurity threats,
vulnerabilities, and technologies.
* Awareness of NIST Vulnerability Database pertaining to
vulnerability severity ratings.
* Basic knowledge of programing languages such as C/C++, C#,
VB.NET, ASP, PHP, PERL, Python, Java, Assembly, UNIX Shell,
Microsoft PowerShell, or other programming language.
* General understanding of common networking protocols.
* General understanding and experience of UNIX derivative operating
system distributions as well as various Windows operating
* Effective oral and written communication skills and comfort with
presenting technical issues to all levels of management, as well as
* Applicable professional certification encompassing multiple
foundational security domains must be in place, such as CISSP,
GSEC, GCED, or Security+. Preferred Qualifications: * Master's
degree in Computer Science, Engineering, related field, or
* 2+ years of experience performing vulnerability scanning full
time in a large enterprise environment encompassing network
elements/protocols, operating systems, databases, and applications
including systems in scope for a compliance standard.
* Applied experience performing penetration testing.
* Applied experience with OWASP Top 10, SANS Top 20, and NIST
* Applied experience in application development utilizing C/C++,
C#, VB.NET, ASP, PHP, PERL, Python, Java, Assembly, UNIX Shell,
Microsoft PowerShell, or other programming language.
* Experience as a network/firewall engineer, administrator,
designer, implementer, or support technician with technologies,
tools, and process controls to minimize risk and data exposure.
* Awareness of information security industry and regulatory
obligations (PCI, FISMA, HIPAA, ISO 27001/27002, NIST Framework)
pertaining to vulnerability management.
* Applicable specialized professional certification in the domain
of vulnerability assessments or penetration testing, such as CEH,
GPEN, GWEB, or OSCP.
* Possesses a US Government Secret (or higher) security clearances.
Alternate Location: US-Colorado-Broomfield; US-Colorado-Denver;
US-Colorado-Littleton; US-Kansas-Gardner; US-Kansas-New Century;
US-Louisiana-Monroe Requisition #: 212352 This job may require
successful completion of an online assessment. A brief description
of the assessments can be viewed on our website at
http://find.centurylink.jobs/testguides/ EEOStatement We are
committed to providing equal employment opportunities to all
persons regardless of race, color, ancestry, citizenship, national
origin, religion, veteran status, disability, genetic
characteristic or information, age, gender, sexual orientation,
gender identity, marital status, family status, pregnancy, or other
legally protected status (collectively, "protected statuses"). We
do not tolerate unlawful discrimination in any employment
decisions, including recruiting, hiring, compensation, promotion,
benefits, discipline, termination, job assignments or training.
Disclaimer The above job definition information has been designed
to indicate the general nature and level of work performed by
employees within this classification. It is not designed to contain
or be interpreted as a comprehensive inventory of all duties,
responsibilities, and qualifications required of employees assigned
to this job. Job duties and responsibilities are subject to change
based on changing business needs and conditions.
Keywords: CenturyLink, Broomfield , Sr Information Security Engineer - Vulnerability Management with Security Clearance, Executive , Broomfield, Colorado
Didn't find what you're looking for? Search again!