Lumen is guided by our belief that humanity is at its best when
technology advances the way we live and work. With 450,000 route
fiber miles serving customers in more than 60 countries, we deliver
the fastest, most secure global platform for applications and data
to help businesses, government and communities deliver amazing
experiences. Learn more about Lumen’s network, edge cloud, security
and communication and collaboration solutions and our purpose to
further human progress through technology at news.lumen.com,
LinkedIn: /lumentechnologies, Twitter: @lumentechco, Facebook:
/lumentechnologies, Instagram: @lumentechnologies and YouTube:
The Lead Information Security Engineer is a member of the
Enterprise Security team that is responsible for delivering
security requirements and coordinating information security risk
assessments to ensure compliance with corporate policy, standards,
procedures, and industry best practices. The engineer will
engage with both internal and external parties to understand
emerging threats and implement security controls within the
environment to protect Lumen information and network
The ideal candidate will lead or support assessments of new
products and features that Lumen delivers to its customers,
while also formulating and implementing a method for continuous
monitoring of application security as it related to the product
line and its impact to the product’s security posture.
The Main Responsibilities
• Define or support software security design
standards - building in security best practices at the beginning of
the software development life cycle
• Partner with our development teams (and
business stakeholders) to set the course for secure development
practices for existing and future products and features
• Perform security design reviews and regular
security assessments (analyze, assess, and remediate) to ensure
systems supporting our product lines meet the established software
• Lead or support engineering for preventative
solutions to solve application security issues at their root
• Develop or support threat modeling (threat
type, impact, risk rating, counter-measures, residual risks, and
gap analysis) for in-scope products
• Lead or support security and privacy/data
initiatives and ensure end-state product meets regulatory
• Interact directly with the security
community regarding vulnerabilities and threats, with focus on
areas that may directly impact Lumen's product lines
• Promote security awareness, including
recommended solutions and staying current on new threats,
vulnerabilities and best practices
• Provide web and cloud security guidelines
and solutions to Development teams on authentication,
authorization, session management, data protection (encryption)/key
• Experience with threat modeling, security
design reviews, and security architecture
• Software development experience is a
• Experience with CI/CD pipelines and Agile
• Experience with Cloud security architecture
and deployment models
• Experience with securing highly sensitive
data and maintaining its security as a top priority
• Experience with LDAP, SSO, SAML, Active
Directory, MFA, etc.
• Demonstrate knowledge of security
technologies, trends, leading practices, and regulatory
requirements and government security standards such as FedRAMP and
Controlled Unclassified Information (CUI) standards, along with
best practices such as NIST Cybersecurity Framework (CSF), ISO
27001-27002, ISO 22301, PCI, SOC 1 & SOC 2 and other applicable
security and privacy laws.
What We Look For in a Candidate
Experience in the administration, design and implementation of
security controls including experience in applying methodologies
and principles for all levels of security.
Excellent oral and written communication skills, collaboration
skills, and experience in presenting technical issues to all levels
of management, as well as non-technical staff.
Must possess current applicable professional/technical
certifications, such as CISSP, GPEN, GWAPT, GISEC, CISM or
Experience with technologies, tools and process controls to
minimize risk and data exposure.
Understanding of common computing attack vectors; information,
host and network security hardening and requirements; networking
protocols; common intrusion techniques; and common risk management
Understanding of Microservices software development and Secure
Understanding of virtualization technologies and virtualization
Broad technical knowledge of current and emerging technologies
used both within the corporate infrastructure and in delivering
customer facing services.
Knowledge of information security industry and regulatory
obligations (ISO 27001/27002, SOX, PCI, NIST Framework, FISMA,
FedRAMP. HIPAA, NACHA, SSAE-16 and GDPR).
Application development and/or source code review experience in
C/C++, C#, VB.NET, ASP, PHP, PERL, Python, or Java.
Knowledge of project management practices.
Experience in large Enterprise data centers and/or networks.
What to Expect Next
Requisition #: 228454
We are committed to providing equal employment opportunities to
all persons regardless of race, color, ancestry, citizenship,
national origin, religion, veteran status, disability, genetic
characteristic or information, age, gender, sexual orientation,
gender identity, marital status, family status, pregnancy, or other
legally protected status (collectively, “protected statuses”).
We do not tolerate unlawful discrimination in any employment
decisions, including recruiting, hiring, compensation, promotion,
benefits, discipline, termination, job assignments or training.
The above job definition information has been designed to
indicate the general nature and level of work performed by
employees within this classification. It is not designed to contain
or be interpreted as a comprehensive inventory of all duties,
responsibilities, and qualifications required of employees assigned
to this job. Job duties and responsibilities are subject to
change based on changing business needs and conditions.