Lead Information Security Engineer - Penetration Tester with Security Clearance
Posted on: November 10, 2019
About CenturyLink CenturyLink (NYSE: CTL) is the second largest
U.S. communications provider to global enterprise customers. With
customers in more than 60 countries and an intense focus on the
customer experience, CenturyLink strives to be the world's best
networking company by solving customers' increased demand for
reliable and secure connections. The company also serves as its
customers' trusted partner, helping them manage increased network
and IT complexity and providing managed network and cyber security
solutions that help protect their business. Job Summary The Lead
Information Security Engineer on the Cybersecurity Vulnerability
Assessment Services (CVAS) team within Enterprise Security is
primarily responsible for identifying and ethically exploiting
vulnerabilities on internal CenturyLink servers, databases,
applications, and network elements across the corporate enterprise
to present the associated risk to the business. The engineer will
assist as applicable to perform Adversarial Cybersecurity Emulation
(ACE) exercises designed to emulate real world attacks against
CenturyLink with designated objectives specified per each
engagement to determine the defensive capabilities protecting the
objectives. The intended result of ACE exercises is to identify
cybersecurity deficiencies and recommend methods to strengthen
areas of greatest risk. Additionally, the engineer is responsible
to assist with identifying, designing, proposing, and realizing
strategic security initiatives to improve CenturyLink vulnerability
management, penetration testing, and remediation capabilities as
well as the overall security posture of CenturyLink. The engineer
must possess practical experience and technical knowledge of
cybersecurity threats, vulnerabilities, technologies, intrusion
techniques, and exploit methodologies. The engineer must possess
strong knowledge of Information Security and Information Technology
(IT) systems as well as a reasonable understanding in all
disciplines of networking, programming, application development and
system administration. The engineer must have strong oral and
written communications skills and experience in presenting to a
wide variety of audiences. The engineer is responsible for creating
vulnerability analysis, penetration testing, and ACE exercise
reports intended for risk awareness to the business and appropriate
executive management levels. The engineer must be able to work
independently as a strong leader, as well as collaboratively with
others, to foster consulting with internal partners on
cybersecurity topics and strategic security initiatives. Job
Description * Represent Corporate Security as a Subject Matter
Expert (SME) of cybersecurity pertaining to threats,
vulnerabilities, intrusion techniques, and exploit
* Oversee the immediate response to Critical severity
vulnerabilities that impact CenturyLink systems by analyzing the
vulnerabilities, identifying systems impacted, and collaborating
with system owners in the business to determine the risk of
vulnerabilities, establish remediation priority, ensure remediation
plans, and validate remediation efforts.
* Coordinate and perform penetration testing on CenturyLink systems
as required for compliance of Payment Card Industry Data Security
Standard (PCI DSS), Federal Information Security Management Act
(FISMA), Health Insurance Portability and Accountability Act
(HIPAA), and other industry compliance standards as necessary.
* Identify vulnerabilities on CenturyLink systems through
penetration testing methods for CenturyLink infrastructures,
products, and services encompassing network elements, operating
systems, databases, and applications across the corporate
* Identify, design, propose, and realize strategic security
initiatives to improve CenturyLink vulnerability management,
penetration testing, and remediation capabilities through
automation development, processes enhancements, and infrastructure
* Perform Adversarial Cybersecurity Emulation (ACE) exercises as
sanctioned attacks utilizing real malicious actor methods to
determine the defensive capabilities of CenturyLink and provide
security improvement recommendations.
* Collaborate with key stakeholders throughout the business to
improve systemic security risks identified through vulnerability
assessments, penetration testing, or ACE exercises.
* Enhance capability to aggregate and distribute newly disclosed
vulnerabilities for vendor products used within CenturyLink as
Security Alerts to system owners as relevant notifications for
proactive remediation efforts.
* Develop, facilitate, and maintain the Information Security
Policy, Methods & Procedures, Technical Standards, Technical Best
Practices, and general processes for vulnerability management,
penetration testing, application security, and ACE exercises.
* Assist with vulnerability scanning to support compliance
* Instill a security culture company-wide through vulnerability
awareness and remediation mindset. Qualifications * Undergraduate
degree in Information Security, Computer Science, Computer
Engineering, or related field, or equivalent experience.
* 4+ years' experience in domains relevant to information security;
or 2+ years with a Master's degree or Ph.D. and relevant work
* Applied experience performing penetration testing.
* Broad technical knowledge of current and emerging cybersecurity
threats, vulnerabilities, intrusion techniques, and exploit
* Awareness of OWASP Top 10, SANS Top 20 Critical Security
Controls, and NIST Vulnerability Database within penetration
* Experience utilizing multiple vulnerability assessment and
penetration testing tools such as Core Impact, Nessus, Burp Suite,
AppScan, Kali Linux, and Metasploit.
* Experience in application development utilizing C/C++, C#,
VB.NET, ASP, PHP, PERL, Python, Java, Assembly, UNIX Shell,
Microsoft PowerShell, or other programming language.
* Reasonable understanding of common networking protocols.
* Applied experience and knowledge of UNIX derivative and Windows
* Strong oral and written communication skills to executive
management and technical audiences.
* Self-motivated individual who can drive goals independently and
collaborate in a team environment.
* Ability to perform mixed work hours and days to accommodate
penetration testing on production systems during scheduled
* Applicable professional certification encompassing multiple
foundational security domains must be in place, such as CISSP,
GSEC, GCED, or Security+.
* Applicable specialized professional certification in the domain
of vulnerability assessments or penetration testing must be in
place, such as CEH, GPEN, GWEB, OSCP, or superseded by an advanced
specialized professional certification as described in Preferred
Qualifications. Preferred Qualifications: * Master's degree in
Information Security, Computer Science, Computer Engineering,
related field, or equivalent experience.
* 2+ years of experience performing penetration testing full time
for medium to large enterprises.
* Applied experience leveraging OWASP Top 10, SANS Top 20 Critical
Security Controls, and NIST Vulnerability Database within
penetration testing engagements.
* Applied experience in performing adversarial exercises, also
known as Red Team exercises.
* Experience performing assessments on mobile devices and
* Certified or considered an expert in utilizing C/C++, C#, VB.NET,
ASP, PHP, PERL, Python, Java, Assembly, UNIX Shell, Microsoft
PowerShell, or other programming language.
* Applied experience and knowledge of networking.
* Dedicated experience as a network/firewall engineer,
administrator, designer, implementer, or support technician with
technologies, tools, and process controls to minimize risk and data
* Knowledge of information security industry and regulatory
obligations (PCI, FISMA, HIPAA, ISO 27001/27002, NIST Framework)
pertaining to vulnerability management.
* Experience producing professional training material, presenting
at professional security conference, or teaching a subject in a
formal class setting.
* Advanced specialized professional certifications in the domain of
vulnerability assessments or penetration testing, such as GWAPT,
GMOB, GXPN, OSCE, OSWE, and CEPT.
* Possesses a US Government security or suitability clearance.
Alternate Location: US-Arizona-Phoenix; US-Colorado-Broomfield;
US-Colorado-Littleton; US-Massachusetts-Framingham; US-Minnesota-St
Paul; US-Missouri-Saint Louis; US-Ohio-Dublin;
US-Virginia-Arlington; US-Virginia-Herndon; US-Washington-Bellevue
Requisition #: 215676 This job may require successful completion of
an online assessment. A brief description of the assessments can be
viewed on our website at http://find.centurylink.jobs/testguides/
EEOStatement We are committed to providing equal employment
opportunities to all persons regardless of race, color, ancestry,
citizenship, national origin, religion, veteran status, disability,
genetic characteristic or information, age, gender, sexual
orientation, gender identity, marital status, family status,
pregnancy, or other legally protected status (collectively,
"protected statuses"). We do not tolerate unlawful discrimination
in any employment decisions, including recruiting, hiring,
compensation, promotion, benefits, discipline, termination, job
assignments or training. Disclaimer The above job definition
information has been designed to indicate the general nature and
level of work performed by employees within this classification. It
is not designed to contain or be interpreted as a comprehensive
inventory of all duties, responsibilities, and qualifications
required of employees assigned to this job. Job duties and
responsibilities are subject to change based on changing business
needs and conditions.
Keywords: CenturyLink, Broomfield , Lead Information Security Engineer - Penetration Tester with Security Clearance, Other , Broomfield, Colorado
Didn't find what you're looking for? Search again!