Lead Information Security Engineer

Centurylink Herndon , VA 20171

Posted 2 months ago

CenturyLink (NYSE: CTL) at http://www.centurylink.com is a global communications and IT services company focused on connecting its customers to the power of the digital world. CenturyLink offers network and data systems management, big data analytics, managed security services, hosting, cloud, and IT consulting services. The company provides broadband, voice, video, advanced data and managed network services over a robust 265,000-route-mile U.S. fiber network and a 360,000-route-mile international transport network. Visit CenturyLink at http://www.centurylink.com/ for more information.

Job Summary

The Lead Information Security Engineer is a member of the Government Services Information Security team that is responsible for delivering security requirements and coordinating information security risk assessments to ensure compliance with corporate and/or government policy, standards, procedures and industry best practices. The Lead works with developers, engineers, administrator and system owners to ensure the systems comply with applicable government policies (FEDRAMP, ICD, CNSSI, NIST, DOD, etc). This is done by employing well-defined security policy models, structured, disciplined, and rigorous hardware and software development (and testing and certification) techniques, and sound system/security engineering principles. Assurance is also based on the assessment of evidence produced during the initiation, acquisition/development, implementation, and operations/maintenance phases of the SDLC (Software Development Life Cycle).

Job Description

  • Perform as the ISSO (Information Systems Security Officer) for Federal systems.Develop, implement, review and evaluate System Security Plans, Interconnection Security Agreements, Risk Assessments, Plan of Actions and Milestones (POAM), System Requirements Traceability Matrix (SRTM), Security Assessment Reports, Contingency Plans as well as other required documentation to satisfy Certification and Accreditation (C&A)/Assessment and Authorization (A&A) requirements in accordance with government policies and procedures.

  • Achieve and maintain ATO (Authority To Operate), as required.

  • Writes BC (Business Continuity)/DR (Disaster Recovery)/CP (Contingency Plans)/COOP (Continuity of Operations) plans, test plans, and test reports for federal systems.

  • Manages Information Security Audits by federal departments/agencies, including third party auditors.

  • Experience with security tools (Nessus, HBSS, ACAS, dbProtect, AppScan or similar). Perform scans, review the results, and write necessary reports and plans.

  • Conduct periodic reviews to ensure compliance with established policies and procedures ensuring all software, hardware and firmware changes recorded as required by established configuration management procedures

  • Ensure systems are operated, maintained and disposed of in accordance with applicable governing policies and procedures

  • Perform IS security briefings, report all security incidents to the ISSM (Information Systems Security Manager), and investigate, document and report, as well as provide protective and corrective measures in response to such incidents

  • Coordinate and participate in special projects concerning information security, including testing and implementation of security software enhancements

  • Develop, facilitate, and present information security awareness and security training on various customer and corporate security policies

  • Maintain a broad knowledge of technology, equipment and/or systems to include the configuration, maintenance, analysis and use of computer forensics tools, steganography and metadata tools, audit reduction tools, firewalls, various operating systems, and phone switches

  • Interface with appropriate government agencies, company management and employees, customers, vendors, and suppliers to ensure understanding of and compliance with security requirements.


Minimum Qualifications:

  • 8+ years of relevant experience with C&A / A&A.

  • Undergraduate degree in Computer Science, Engineering, or related field, or equivalent experience.

  • Applicable professional/technical certifications should be in place, or candidate must be willing to pursue such as CISSP, CISM or GSLC.

  • Hands on experience using and/or processing reports from vulnerability and security assessment tools (NESSUS, HBSS, ACAS, etc.).

  • Must possess broad technical knowledge to understand and verify proper security implementation.

  • Excellent oral and written communication skills and experience in presenting security issues to all levels of management, as well as non-technical staff.

  • Self-starter with strong self-management skills, with an ability to organize and manage multiple priorities.

  • Ability to apply professional judgment in critical thinking and problem solving.

  • Team oriented

Preferred Qualifications:

  • Knowledge of information assurance security policies and procedures (ICD 503, CNSSI 1253, RMF, NIST 800.53 rev3/4, FEDRAMP, DISA SRG).

  • Active TS or TS/SCI with current SSBI Security Clearance is required for most positions and a Polygraph may also be Required .

Alternate Location: US-Virginia-Herndon

Requisition # : 206359

This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at http://find.centurylink.jobs/testguides/

EEO Statement

We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, "protected statuses"). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.


The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.

upload resume icon
See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Systems Security Engineer

Vaxcom Services, Inc.

Posted 2 days ago

VIEW JOBS 1/21/2019 12:00:00 AM 2019-04-21T00:00 Vaxcom Services, Inc. www.vaxcom.com Vaxcom Services Inc. (an Xator Corporation National Security Solutions Company) is a niche provider of intelligence related support services. We are recognized experts in Intelligence Community with subject matter expertise in the areas of Technical/IT Services, Operations, and Intelligence Services. Clearance Requirement: Active TS/SCI clearance with a polygraph. Benefits: Salary - We offer competitive compensation packages with plenty of opportunity for advancement. 401K Program - Administered through TransAmerica. Full-time employees are eligible on the 1st day of the month following their date of hire. Employees receive an automatic 3% of gross earnings every pay period. Employees are vested immediately. Paid Time Off - Depending on the position, Vaxcom is able to offer between 15-20 days of leave to new employees. In addition, we recognize 10 paid holidays per year; all of which are floaters and may be taken on its designated date or on any day following. Health Insurance - Medical, Dental, and Vision Benefits start on the employee's first day of hire. Vaxcom pays for the majority of the cost. Flexible Spending Accounts – Our FSA allows employees to set aside pre-tax earnings to pay for out-of-pocket medical and dependent care expenses. Information Systems Security Engineer Herndon, Virginia Vaxcom is seeking an Information Systems Security Engineer (ISSE) to provide subject matter expertise and analysis to Raytheon clients. The role of the ISSE is to bridge the gap between high level security policies/requirements and technical/operational implementation of those requirements. Candidates should have in-depth understanding of the cybersecurity policies and procedures for government sector information systems and sufficient technical knowledge and experience to implement them. The ISSE will provide hands on security and compliance guidance and work with SCRUM Masters and their teams in concert with Sponsor requirements that are primarily maintaining legacy systems while at the same time developing new systems and environments moving to cloud computing. Essential Duties and Responsibilities * Conduct assessments of existing IT architecture for compliance with security requirements from applicable security frameworks (such as DSCID 6/3, ICD 503, etc). * Develop IT security policies, standards, and guidance * Provide input to IA A&A process activities and related documentation such as systems concept of operations, system security design, implementation plans, operational procedures, and maintenance training materials * Provide engineering support and assistance to authorization/accreditation test and evaluation activities * Provide continuous monitoring support for information systems * Develop IT architecture deliverables, specific to information security countermeasure implementations, for operational systems and systems under development * Evaluate proposed security architectures and designs and provide input as to the adequacy of those security designs to meet required security compliance objectives * Develop and maintain processes and procedures to identify, track and mitigate customer system vulnerabilities. Position Qualifications * Bachelor's degree in Computer Science or other technology related degree * Two or more years functioning in an operational IT role with exposure to diverse IT architectures, demonstrating progressive growth of skills and responsibility * Experience completing or managing to completion projects/tasks/deliverables with minimal supervisory oversight * Advanced understanding of IT operations techniques * Advanced writing skills: able to clearly articulate ideas for executive level consumption as well as technical staff consumption * Advanced problem solving skills: able to use prior experience and knowledge to address new situations; especially during interactions with clients. * Advanced analytical skills: able to use prior experience and knowledge to seamlessly incorporate new knowledge or information during client interactions * Advanced communications skills: able to work well with others, independently and as part of a team * Intermediate presentation skills: able to interview engineers on technical subject matter as well as brief executive level stakeholders * Basic understanding of information security principles and risk assessment techniques * Experience with using NESSUS and other scanning applications Desired Certifications Security related certifications are highly desired, but not required. The following are certifications that are desired * Certified Information Systems Security Professional (CISSP) * Information Systems Security Engineering Professional (ISSEP) * DOD Information Technology Security Certification and Accreditation Process (DITSCAP) * DOD Information Assurance Certification and Accreditation Process (DIACAP) Vaxcom is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status. For additional information about Vaxcom Services Inc., Xator Corporation or the position, please email John at john.reidy@xatorcorp.com. Vaxcom Services, Inc. Herndon VA

Lead Information Security Engineer