Lumen is guided by our belief that humanity is at its best when
technology advances the way we live and work. With 450,000 route
fiber miles serving customers in more than 60 countries, we deliver
the fastest, most secure global platform for applications and data
to help businesses, government and communities deliver amazing
experiences. Learn more about Lumen’s network, edge cloud, security
and communication and collaboration solutions and our purpose to
further human progress through technology at news.lumen.com,
LinkedIn: /lumentechnologies, Twitter: @lumentechco, Facebook:
/lumentechnologies, Instagram: @lumentechnologies and YouTube:
The Main Responsibilities
Support and enhance Lumen's abilities to detect and respond to
security incidents including internal events, targeted attacks and
all other cyber incidents
Actively hunt the enterprise for insecure, suspicious or
Update and maintain response guides for accuracy.
Secondary back up to respond to, remediate and document
information security incidents not limited to dashboard (Advanced
Threat Appliance & SIEM) alerts, tickets, emails, or phone
Ensure Corporate Security owned infrastructure, event feeds,
event processing, and asset intelligence are available and
Support the business units within Lumen by assisting as a
liaison between Cyber Defense and other business units.
Discover, implement and automate of “Indicators of Compromise”
in order to detect intrusions, and significantly lower time to
Facilitate the coordinated response to an intrusion, minimize
the impact of the threat, return the integrity of Lumen assets and
network as quickly as possible.
Assist with significant incidents as needed or assigned.
Research and understand initial threat vectors and create
protection mechanisms to prevent threat recurrences.
Recommend security best practices and system configuration
Facilitate and lead incident response calls; provide
documentation and reports to senior management.
Analyze malware, network indicators, and call back channels, and
design and implement detection mechanisms.
Identify new technology to be reviewed by the Cyber Defense
Maintain incident documentation, participate in post-mortems,
and write incident reports.
Support Cyber Defense by managing projects that have high
visibility by management.
Identify and mitigate real-time attacks through the leveraging
of multiple sourced, correlated data such as host and network based
IDS/IPS data, forensic data, and antivirus. This could include
signature, flow, anomaly, and full packet capture analysis.
Maintain an expert knowledge of modern hacker tools,
methodology, and attack trends.
Perform an oncall shift rotation.
Demonstrate effective communication skills, both verbal and
What We Look For in a Candidate
Undergraduate degree in Computer Science Engineering, related
field, or equivalent experience.
5+ years of relevant work experience in incident response,
computer forensics security, risk assessments, application security
and network security.
Strong work ethic, demonstrated self starter, ability to work in
a fast paced, team oriented environment with excellent verbal and
written and communication skills.
Excellent understanding of common computing attack vectors.
Considered expert in one (or more) of the following areas:
Networking, Operating System (MS/Unix/Linux), database, or
Candidate must possess, or be willing to pursue, applicable
professional/technical certifications, such as Security +, C|EH,
OSCP, GCIH, CISSP, GPEN, GWAPT, GISEC, CISM or CISA.
5+ years of dedicated incident response and computer forensics
Professional/technical certifications, such as Certified
Information Systems Security Professional (CISSP), GIAC Certified
Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA),
GIAC Reverse Engineering Malware (GREM), Certified Ethical Hacker
(CEH), Offensive Security Certified Professional (OSCP) or
equivalent certifications in these areas.
Development experience in scripting languages such as Python or
Hands on experience using commercial Security Incident and Event
Management (SIEM), “Next-generation” firewalls, web-content
filtering systems, and/or Intrusion Prevention Systems.
Experience in writing custom snort IDS/IPS signatures.
Experience with large enterprise data centers and/or
Requisition #: 232091
We are committed to providing equal employment opportunities to
all persons regardless of race, color, ancestry, citizenship,
national origin, religion, veteran status, disability, genetic
characteristic or information, age, gender, sexual orientation,
gender identity, marital status, family status, pregnancy, or other
legally protected status (collectively, “protected statuses”).
We do not tolerate unlawful discrimination in any employment
decisions, including recruiting, hiring, compensation, promotion,
benefits, discipline, termination, job assignments or training.
The above job definition information has been designed to
indicate the general nature and level of work performed by
employees within this classification. It is not designed to contain
or be interpreted as a comprehensive inventory of all duties,
responsibilities, and qualifications required of employees assigned
to this job. Job duties and responsibilities are subject to
change based on changing business needs and conditions.