BroomfieldRecruiter Since 2001
the smart solution for Broomfield jobs

Lead Information Security Engineer - Penetration Tester with Security Clearance

Company: CenturyLink
Location: Broomfield
Posted on: November 10, 2019

Job Description:

About CenturyLink CenturyLink (NYSE: CTL) is the second largest U.S. communications provider to global enterprise customers. With customers in more than 60 countries and an intense focus on the customer experience, CenturyLink strives to be the world's best networking company by solving customers' increased demand for reliable and secure connections. The company also serves as its customers' trusted partner, helping them manage increased network and IT complexity and providing managed network and cyber security solutions that help protect their business. Job Summary The Lead Information Security Engineer on the Cybersecurity Vulnerability Assessment Services (CVAS) team within Enterprise Security is primarily responsible for identifying and ethically exploiting vulnerabilities on internal CenturyLink servers, databases, applications, and network elements across the corporate enterprise to present the associated risk to the business. The engineer will assist as applicable to perform Adversarial Cybersecurity Emulation (ACE) exercises designed to emulate real world attacks against CenturyLink with designated objectives specified per each engagement to determine the defensive capabilities protecting the objectives. The intended result of ACE exercises is to identify cybersecurity deficiencies and recommend methods to strengthen areas of greatest risk. Additionally, the engineer is responsible to assist with identifying, designing, proposing, and realizing strategic security initiatives to improve CenturyLink vulnerability management, penetration testing, and remediation capabilities as well as the overall security posture of CenturyLink. The engineer must possess practical experience and technical knowledge of cybersecurity threats, vulnerabilities, technologies, intrusion techniques, and exploit methodologies. The engineer must possess strong knowledge of Information Security and Information Technology (IT) systems as well as a reasonable understanding in all disciplines of networking, programming, application development and system administration. The engineer must have strong oral and written communications skills and experience in presenting to a wide variety of audiences. The engineer is responsible for creating vulnerability analysis, penetration testing, and ACE exercise reports intended for risk awareness to the business and appropriate executive management levels. The engineer must be able to work independently as a strong leader, as well as collaboratively with others, to foster consulting with internal partners on cybersecurity topics and strategic security initiatives. Job Description * Represent Corporate Security as a Subject Matter Expert (SME) of cybersecurity pertaining to threats, vulnerabilities, intrusion techniques, and exploit methodologies.
* Oversee the immediate response to Critical severity vulnerabilities that impact CenturyLink systems by analyzing the vulnerabilities, identifying systems impacted, and collaborating with system owners in the business to determine the risk of vulnerabilities, establish remediation priority, ensure remediation plans, and validate remediation efforts.
* Coordinate and perform penetration testing on CenturyLink systems as required for compliance of Payment Card Industry Data Security Standard (PCI DSS), Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), and other industry compliance standards as necessary.
* Identify vulnerabilities on CenturyLink systems through penetration testing methods for CenturyLink infrastructures, products, and services encompassing network elements, operating systems, databases, and applications across the corporate enterprise.
* Identify, design, propose, and realize strategic security initiatives to improve CenturyLink vulnerability management, penetration testing, and remediation capabilities through automation development, processes enhancements, and infrastructure expansion.
* Perform Adversarial Cybersecurity Emulation (ACE) exercises as sanctioned attacks utilizing real malicious actor methods to determine the defensive capabilities of CenturyLink and provide security improvement recommendations.
* Collaborate with key stakeholders throughout the business to improve systemic security risks identified through vulnerability assessments, penetration testing, or ACE exercises.
* Enhance capability to aggregate and distribute newly disclosed vulnerabilities for vendor products used within CenturyLink as Security Alerts to system owners as relevant notifications for proactive remediation efforts.
* Develop, facilitate, and maintain the Information Security Policy, Methods & Procedures, Technical Standards, Technical Best Practices, and general processes for vulnerability management, penetration testing, application security, and ACE exercises.
* Assist with vulnerability scanning to support compliance obligations.
* Instill a security culture company-wide through vulnerability awareness and remediation mindset. Qualifications * Undergraduate degree in Information Security, Computer Science, Computer Engineering, or related field, or equivalent experience.
* 4+ years' experience in domains relevant to information security; or 2+ years with a Master's degree or Ph.D. and relevant work experience.
* Applied experience performing penetration testing.
* Broad technical knowledge of current and emerging cybersecurity threats, vulnerabilities, intrusion techniques, and exploit methodologies.
* Awareness of OWASP Top 10, SANS Top 20 Critical Security Controls, and NIST Vulnerability Database within penetration testing engagements.
* Experience utilizing multiple vulnerability assessment and penetration testing tools such as Core Impact, Nessus, Burp Suite, AppScan, Kali Linux, and Metasploit.
* Experience in application development utilizing C/C++, C#, VB.NET, ASP, PHP, PERL, Python, Java, Assembly, UNIX Shell, Microsoft PowerShell, or other programming language.
* Reasonable understanding of common networking protocols.
* Applied experience and knowledge of UNIX derivative and Windows operating systems.
* Strong oral and written communication skills to executive management and technical audiences.
* Self-motivated individual who can drive goals independently and collaborate in a team environment.
* Ability to perform mixed work hours and days to accommodate penetration testing on production systems during scheduled maintenance windows.
* Applicable professional certification encompassing multiple foundational security domains must be in place, such as CISSP, GSEC, GCED, or Security+.
* Applicable specialized professional certification in the domain of vulnerability assessments or penetration testing must be in place, such as CEH, GPEN, GWEB, OSCP, or superseded by an advanced specialized professional certification as described in Preferred Qualifications. Preferred Qualifications: * Master's degree in Information Security, Computer Science, Computer Engineering, related field, or equivalent experience.
* 2+ years of experience performing penetration testing full time for medium to large enterprises.
* Applied experience leveraging OWASP Top 10, SANS Top 20 Critical Security Controls, and NIST Vulnerability Database within penetration testing engagements.
* Applied experience in performing adversarial exercises, also known as Red Team exercises.
* Experience performing assessments on mobile devices and applications.
* Certified or considered an expert in utilizing C/C++, C#, VB.NET, ASP, PHP, PERL, Python, Java, Assembly, UNIX Shell, Microsoft PowerShell, or other programming language.
* Applied experience and knowledge of networking.
* Dedicated experience as a network/firewall engineer, administrator, designer, implementer, or support technician with technologies, tools, and process controls to minimize risk and data exposure.
* Knowledge of information security industry and regulatory obligations (PCI, FISMA, HIPAA, ISO 27001/27002, NIST Framework) pertaining to vulnerability management.
* Experience producing professional training material, presenting at professional security conference, or teaching a subject in a formal class setting.
* Advanced specialized professional certifications in the domain of vulnerability assessments or penetration testing, such as GWAPT, GMOB, GXPN, OSCE, OSWE, and CEPT.
* Possesses a US Government security or suitability clearance. Alternate Location: US-Arizona-Phoenix; US-Colorado-Broomfield; US-Colorado-Littleton; US-Massachusetts-Framingham; US-Minnesota-St Paul; US-Missouri-Saint Louis; US-Ohio-Dublin; US-Virginia-Arlington; US-Virginia-Herndon; US-Washington-Bellevue Requisition #: 215676 This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at http://find.centurylink.jobs/testguides/ EEOStatement We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, "protected statuses"). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training. Disclaimer The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.

Keywords: CenturyLink, Broomfield , Lead Information Security Engineer - Penetration Tester with Security Clearance, Other , Broomfield, Colorado

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Other Other Jobs


Windows Administrators I* with Security Clearance
Description: BRIEF DESCRIPTION: Support client's classified aerospace's customer by providing desktop technical support to high-side team in SCIF environment. Hours: Full-time standard 40-hour week, on-site occasional (more...)
Company: Sev1Tech
Location: Broomfield
Posted on: 11/15/2019

Amazon Warehouse Associate
Description: Warehouse/Shopper Team Member Seasonal, Part-Time, Full-Time, Flexible Hours br br Shifts: br Overnight, Sunrise, Day, Evening, Weekend br br Location br Aurora and Englewood br Job opportunities (more...)
Company: Amazon Workforce Staffing
Location: Broomfield
Posted on: 11/15/2019

Telemetry RN Travel Job
Description: Travel RN Nursing JobsRegistered Nurses needed for:Ohio Travel Tele, PCU, CCU, Stepdown Nursing JobsHCEN has numerous request for RN CandidatesThe Travel Nurse Season is here and it shows--The Travel (more...)
Company: HealthCare Travelers (Nursing)
Location: Broomfield
Posted on: 11/15/2019


Preparador de Pedidos de Almac-n
Description: Miembro del equipo de almac--n a tiempo completo br br Turnos br Domingo a Mi--rcoles de 6:30 PM a 5 AM br br Ubicaci--n br Aurora, CO br br Salario br 15/hora - 20/hora br br (more...)
Company: Amazon
Location: Broomfield
Posted on: 11/15/2019

Patient Account Rep II
Description: YOU. br br br br You bring your body, mind, heart and spirit to your work as a Patient Account Representative II. br br br br Youre equally comfortable with customer service and technology. (more...)
Company: SCL Health
Location: Broomfield
Posted on: 11/15/2019

T--cnico de Almac--n - Broomfield
Description: Miembro del equipo de almac--n a tiempo completo br br Turnos br Domingo a Mi--rcoles de 6:30 PM a 5 AM br br Ubicaci--n br Aurora, CO br br Salario br 15/hora - 20/hora br br (more...)
Company: Amazon
Location: Broomfield
Posted on: 11/15/2019

Inventory Control Specialist
Description: Job: 613396Title: Inventory Control SpecialistContract: 6-12 monthsRate:Summary:The Inventory Control Specialist will be responsible for reviewing and developing insights from various data fields in the (more...)
Company: Ascent
Location: Broomfield
Posted on: 11/15/2019

Trabajador de Almacenamiento estacional
Description: Miembro del equipo de almac--n a tiempo completo br br Turnos br Domingo a Mi--rcoles de 6:30 PM a 5 AM br br Ubicaci--n br Aurora, CO br br Salario br 15/hora - 20/hora br br (more...)
Company: Amazon
Location: Broomfield
Posted on: 11/15/2019

Almac--n Operativo
Description: Miembro del equipo de almac--n a tiempo completo br br Turnos br Domingo a Mi--rcoles de 6:30 PM a 5 AM br br Ubicaci--n br Aurora, CO br br Salario br 15/hora - 20/hora br br (more...)
Company: Amazon
Location: Broomfield
Posted on: 11/15/2019

Retail Data Specialist - Corporate - Year Round
Description: Reach Your Peak at Vail Resorts. You're someone who pushes boundaries and challenges the status quo. You're brave, ambitious and passionate in everything you do. And we want you on our team. Pursue your (more...)
Company: Vail Resorts Management Company
Location: Broomfield
Posted on: 11/15/2019

Log In or Create An Account

Get the latest Colorado jobs by following @recnetCO on Twitter!

Broomfield RSS job feeds