Lumen is guided by our belief that humanity is at its best when technology advances the way we live and work. With 450,000 route fiber miles serving customers in more than 60 countries, we deliver the fastest, most secure global platform for applications and data to help businesses, government and communities deliver amazing experiences. Learn more about Lumens network, edge cloud, security and communication and collaboration solutions and our purpose to further human progress through technology at news.lumen.com, LinkedIn: /lumentechnologies, Twitter: @lumentechco, Facebook: /lumentechnologies, Instagram: @lumentechnologies and YouTube: /lumentechnologies.
The Lead Information Security Engineer is a member of the Industrial Security team supporting CenturyLink Government Services and is responsible for performing cybersecurity compliance actives in support of various government contracts. The Lead Information Security Engineer must execute all six phases of the Risk Management Framework (RMF) process in accordance with both FISMA and DoD policy. Responsibilities include developing RMF documentation (System Security Plan, Security Control Traceability Matrix, Plan of Action & Milestones, various Standard Operating Procedures, Continuous Monitoring Plan, etc), tracking/resolving vulnerabilities, performing continuous monitoring activities, developing security policies, and supporting all cybersecurity compliance related activities. The Lead Information Security Engineer works closely with CenturyLink program teams and government customers on a regular basis.
A successful candidate will have excellent communications skills and experience presenting technical and non-technical cybersecurity issues to a wide variety of audiences. The candidate must be able to work independently and as a team leader to develop and execute strategies. The candidate will must also possess and maintain a broad technical knowledge of current and emerging technologies use within corporate infrastructure and government customer infrastructure.
The Main Responsibilities
- Perform as an Information Systems Security Officer (ISSO) for government system
- Achieve and maintain ATO (Authority to Operate), as required.
- Write System Security Plans (SSP), Plan of Actions & Milestones (POA&M), Continuous Monitoring Plan, Risk Assessments, Privacy Impact Analyses (PIA), and supporting documentation for systems subject to NIST SP 800-53
- Lead Security Assessment and Authorization processes and procedures
- Manage cybersecurity audits by federal departments/agencies, including third party auditors
- Develop and complete continuous monitoring reports and briefings
- Interface with appropriate government agencies, company management and employees, customers, vendors, and suppliers to ensure understanding of and compliance with security requirements
- Review vulnerability and compliance scan results (Nessus, Qualys, etc), work with team members to resolve vulnerabilities, and track ongoing vulnerability status and remediation
- Conduct periodic reviews to ensure compliance with established policies and procedures
- Investigate and document cybersecurity incidents, as well as provide protective and corrective measures in response to such incidents
- Report all cybersecurity incidents to the program Information Systems Security Managers (ISSM) through reports and briefings
- Participate in the change management process to ensure changes to software, hardware, and firmware do not adversely impact the security of an environment
- Develop, facilitate, and present information security awareness and security training on various customer and corporate security policies
- Coordinate and participate in business development opportunities related to cybersecurity compliance to include evaluating Requests for Information (RFI) and Requests for Proposal (RFP) from government customers and documenting cybersecurity responses
- Recommend security best practices and system configuration standards
What We Look For in a Candidate
- 8+ years or experience performing cybersecurity, certification & accreditation (C&A), or assessment & authorization (A&A) related activities
- Excellent oral and written communication skills, collaboration skills, and experience in presenting cybersecurity issues to all levels of management, as well as non-technical staff
- Strong work ethic, demonstrated self-starter with the ability to work in a fast paced, team-oriented environment
- Uses strong interpersonal skills to build partnerships with stakeholders and peers
- TS/SCI clearance required
- Education: Bachelors or equivalent
- Professional cybersecurity certification (CISSP, CISM, GSLC, CCISO)
Requisition #: 225804
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, protected statuses). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.
The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.
Apply on company website