LEAD INFORMATION SECURITY ENGINEER - Cybersecurity Vulnerability Asses
CenturyLink (NYSE:
CTL) is a global communications, hosting, cloud and IT services company enabling millions of customers to transform their businesses and their lives through innovative technology solutions.
CenturyLink offers network and data systems management, Big Data analytics and IT consulting, and operates more than 55 data centers in North America, Europe and Asia.
The company provides broadband, voice, video, data and managed services over a robust 250,000-route-mile U.
S.
fiber network and a 300,000-route-mile international transport network.
Cyber Defense - Cybersecurity Vulnerability Assessment Services (CVAS)
Lead Information Security Engineer
Position
Summary:
CenturyLink Corporate Security has an immediate need for a Lead Information Security Engineer on the Cybersecurity Vulnerability Assessment Services (CVAS) team.
As part of this team, the successful candidate will be responsible for identifying and ethically exploiting vulnerabilities on internal CenturyLink servers, databases, applications, and network elements enterprise wide in order to present the associated risk to the business.
The successful candidate will have broad technical knowledge of current and emerging cyber threats, vulnerabilities, technologies, intrusion techniques, and exploit methodologies used both within corporate infrastructures as well as internet-facing services.
The successful candidate will have excellent communications skills and experience in presenting technical issues to a wide variety of audiences.
The individual will be responsible for creating penetration testing results reports, industry-wide vulnerability analysis reports, and similar vulnerability assessment documentation intended for risk awareness to business units and multiple levels of management.
This candidate must be able to work independently, as well as a leader, to realize strategic security initiatives and to improve the capabilities of the team.
Responsibilities:
- Oversee the response to critical industry-wide vulnerabilities which impact CenturyLink systems by analyzing the vulnerability, engaging the system owners in the business, identifying systems impacted, prioritizing remediation, ensuring remediation plans are established.
- Provide routine penetration testing on CenturyLink systems as required for compliance of Payment Card Industry Data Security Standard (PCI DSS), Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), and other industry compliance standards as necessary.
- Assist with operating system, web application, database, and network vulnerability scanning as needed to support industry compliance obligations.
- Realize strategic security initiatives to improve the team capabilities through automation development, processes enhancements, and infrastructure expansion.
- Perform vulnerability assessment and penetration testing engagements for CenturyLink corporate infrastructures and new products/services encompassing network elements, operating systems, databases, and applications.
- Represent the Cyber Defense team within Corporate Security as a Subject Matter Expert (SME) regarding current and emerging cyber threats, vulnerabilities, technologies, intrusion techniques, and exploit methodologies.
- Collaborate with CenturyLink business units to define engagement parameters for penetration testing and vulnerability assessments.
- Create penetration testing results reports, industry-wide vulnerability analysis reports, and similar vulnerability assessment documentation intended for risk awareness to business units and multiple levels of management.
Minimum
Qualifications:
- Undergraduate degree in Computer Science, Engineering, related field, or equivalent experience.
- 3
years dedicated experience performing cybersecurity functions. - Experience performing penetration testing full time for medium to large enterprises.
- Candidate must possess one or more foundational professional security certifications such as CISSP, GSEC, GCED, or Security+.
- Candidate must possess one or more professional certifications in the domain of vulnerability assessments or penetration testing such as CEH, GPEN, GWEB or OSCP.
- Broad technical knowledge regarding current and emerging cyber threats, vulnerabilities, technologies, intrusion techniques, and exploit methodologies.
- Experience leveraging OWASP Top 10, SANS Top 20 Critical Security Controls, and NIST Vulnerability Database within penetration testing engagements.
- Experience utilizing multiple vulnerability assessment and penetration testing tools such as Core Impact, Nessus, Burp Suite, AppScan, Kali Linux, and Metasploit.
- Development experience in utilizing C/C++, C#, VB.
NET, ASP, PHP, PERL, Python, Java, Assembly, UNIX Shell, Microsoft PowerShell, or other programming language. - Firm grasp of common networking protocols.
- Solid understanding and experience of UNIX derivative operating system distributions as well as various Windows operating systems.
- Strong oral and written communication skills and comfort with presenting technical issues to all levels of management, as well as non-technical staff.
- Flexible and able to adapt to a rapidly changing environment.
- Desire to continually expand technical and personal skills.
- Self-motivated individual who can drive goals independently to reach completion as well as collaborate in a team environment.
- Ability to perform mixed work hours and days to accommodate penetration testing on production systems during scheduled maintenance windows.
Preferred
Qualifications:
- Masters degree in Computer Science, Engineering, related field, or equivalent experience.
- 2
years of experience performing penetration testing full time in a large enterprise environment encompassing network elements/protocols, operating systems, databases, and applications. - Possess one or more advanced professional certifications in the domain of vulnerability assessments or penetration testing such as GXPN, GWAPT, OSCE, or OSWE.
- Experience performing assessments on mobile devices and applications.
- Certified or considered an expert in utilizing C/C++, C#, VB.
NET, ASP, PHP, PERL, Python, Java, Assembly, UNIX Shell, Microsoft PowerShell, or other programming language. - Dedicated experience as a network/firewall engineer, administrator, designer, implementer, or support technician.
- Produced professional training material, presented at professional security conference, or taught a subject in a formal class setting.
- Possesses a US Government Secret (or higher) security clearance.
#LI-POST1
Alternate Location:
US-Colorado-Denver; US-Kansas-New Century; US-Louisiana-Monroe
Requisition # :
128422
This job may require successful completion of an online assessment.
A brief description of the assessments can be viewed on our website at
EEOStatement
No Discrimination.
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, marital status, family status, pregnancy, or other legally protected status (collectively, protected statuses).
We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.
Any offer of employment is contingent upon the results of a pre-employment drug test and background check.
Disclaimer
The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification.
It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
Job duties and responsibilities are subject to change based on changing business needs and conditions.
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
