CenturyLink (NYSE: CTL) at http://www.centurylink.com is a global communications and IT services company focused on connecting its customers to the power of the digital world. CenturyLink offers network and data systems management, big data analytics, managed security services, hosting, cloud, and IT consulting services. The company provides broadband, voice, video, advanced data and managed network services over a robust 265,000-route-mile U.S. fiber network and a 360,000-route-mile international transport network. Visit CenturyLink at http://www.centurylink.com/ for more information.
The Lead Information Security Engineer is a member of the Government Services Information Security team that is responsible for delivering security requirements and coordinating information security risk assessments to ensure compliance with corporate and/or government policy, standards, procedures and industry best practices. The Lead works with developers, engineers, administrator and system owners to ensure the systems comply with applicable government policies (FEDRAMP, ICD, CNSSI, NIST, DOD, etc). This is done by employing well-defined security policy models, structured, disciplined, and rigorous hardware and software development (and testing and certification) techniques, and sound system/security engineering principles. Assurance is also based on the assessment of evidence produced during the initiation, acquisition/development, implementation, and operations/maintenance phases of the SDLC (Software Development Life Cycle).
Perform as the ISSO (Information Systems Security Officer) for Federal systems.Develop, implement, review and evaluate System Security Plans, Interconnection Security Agreements, Risk Assessments, Plan of Actions and Milestones (POAM), System Requirements Traceability Matrix (SRTM), Security Assessment Reports, Contingency Plans as well as other required documentation to satisfy Certification and Accreditation (C&A)/Assessment and Authorization (A&A) requirements in accordance with government policies and procedures.
Achieve and maintain ATO (Authority To Operate), as required.
Writes BC (Business Continuity)/DR (Disaster Recovery)/CP (Contingency Plans)/COOP (Continuity of Operations) plans, test plans, and test reports for federal systems.
Manages Information Security Audits by federal departments/agencies, including third party auditors.
Experience with security tools (Nessus, HBSS, ACAS, dbProtect, AppScan or similar). Perform scans, review the results, and write necessary reports and plans.
Conduct periodic reviews to ensure compliance with established policies and procedures ensuring all software, hardware and firmware changes recorded as required by established configuration management procedures
Ensure systems are operated, maintained and disposed of in accordance with applicable governing policies and procedures
Perform IS security briefings, report all security incidents to the ISSM (Information Systems Security Manager), and investigate, document and report, as well as provide protective and corrective measures in response to such incidents
Coordinate and participate in special projects concerning information security, including testing and implementation of security software enhancements
Develop, facilitate, and present information security awareness and security training on various customer and corporate security policies
Maintain a broad knowledge of technology, equipment and/or systems to include the configuration, maintenance, analysis and use of computer forensics tools, steganography and metadata tools, audit reduction tools, firewalls, various operating systems, and phone switches
Interface with appropriate government agencies, company management and employees, customers, vendors, and suppliers to ensure understanding of and compliance with security requirements.
8+ years of relevant experience with C&A / A&A.
Undergraduate degree in Computer Science, Engineering, or related field, or equivalent experience.
Applicable professional/technical certifications should be in place, or candidate must be willing to pursue such as CISSP, CISM or GSLC.
Hands on experience using and/or processing reports from vulnerability and security assessment tools (NESSUS, HBSS, ACAS, etc.).
Must possess broad technical knowledge to understand and verify proper security implementation.
Excellent oral and written communication skills and experience in presenting security issues to all levels of management, as well as non-technical staff.
Self-starter with strong self-management skills, with an ability to organize and manage multiple priorities.
Ability to apply professional judgment in critical thinking and problem solving.
Knowledge of information assurance security policies and procedures (ICD 503, CNSSI 1253, RMF, NIST 800.53 rev3/4, FEDRAMP, DISA SRG).
Active TS or TS/SCI with current SSBI Security Clearance is required for most positions and a Polygraph may also be Required .
Alternate Location: US-Virginia-Herndon
Requisition # : 206359
This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at http://find.centurylink.jobs/testguides/
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, "protected statuses"). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.
The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.