at Lumen in Little Rock, Arkansas, United States
Lumen is guided by our belief that humanity is at its best when technology advances the way we live and work. With 450,000 route fiber miles serving customers in more than 60 countries, we deliver the fastest, most secure global platform for applications and data to help businesses, government and communities deliver amazing experiences. Learn more about Lumen’s network, edge cloud, security and communication and collaboration solutions and our purpose to further human progress through technology at news.lumen.com, LinkedIn: /lumentechnologies, Twitter: @lumentechco, Facebook: /lumentechnologies, Instagram: @lumentechnologies and YouTube: /lumentechnologies.
Lead Information Security Engineer – Vulnerability Management
Lumen’s Vulnerability Management Lead Engineer will provide guidance, training, and mentoring to members of the Vulnerability Management team as well as perform a leadership role to improve Lumen’s overall security through vulnerability assessment techniques.
The Main Responsibilities
Duties and Responsibilities (Essential Functions):
• Vulnerability Identification: Identify vulnerabilities on Lumen systems through vulnerability scanning on Lumen infrastructures, products, and services encompassing network elements, operating systems, databases, and applications across the corporate enterprise. Broad knowledge of vulnerabilities, and a desire to lead and increase technical skills.
• Vulnerability Response Oversight: Oversee the response to Critical and High severity vulnerabilities that impact Lumen’s systems by analyzing vulnerabilities, identifying systems impacted, engaging with the system owners, prioritizing remediation, ensuring remediation plans are established, and validating remediation efforts.
• Vulnerability Management for Compliance: Conduct routine vulnerability scanning, and network segmentation testing on Lumen systems as required for compliance of Payment Card Industry Data Security Standard (PCI DSS), Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), and other industry compliance standards as necessary.
• Security Alert Notification: Provide capability to aggregate and distribute newly disclosed vulnerabilities of vendor products used within Lumen as alerts to system owners for proactive remediation efforts.
• Strategic Security Initiatives: Identify, propose, and realize strategic security initiatives to improve capabilities through automation development, processes enhancements, and infrastructure expansion.
• Risk Analysis and Metrics: Provide system health indicators and vulnerability metrics for leadership to utilize in making informed business risk decisions that impact the security of Lumen and its customers.
What We Look For in a Candidate
Principal Duties and Responsibilities (Essential Functions)
• Serve as a Lead Vulnerability Management Engineer for Corporate Security to ensure prioritization of team responsibilities with an emphasis on mitigating risks to Lumen.
• Ensure availability of vulnerability management systems to support team functions for evolving compliance requirements, expanding functional scope, and customer expectations.
• Provide appropriate Key Risk Indicators/Key Performance Indicators and metrics associated with vulnerabilities for executive leadership to make informed risk mitigation decisions.
• Identify, propose, and realize security initiatives associated with team functions; resolve issues that impact the initiatives; and provide initiative status updates.
• Develop, facilitate, and maintain the Information Security Policy, Methods & Procedures, Standards, and Processes associated with team functions and responsibilities.
• Mentor engineers regarding vulnerability management and vulnerability assessments.
• Instill a security culture companywide through vulnerability awareness and a remediation mindset.
Qualifications & Skills
• Undergraduate degree in Information Security, Computer Science, Engineering, or related field, or equivalent experience and/or 10 + years’ work experience relevant to information security.
• Experience in working within a vulnerability management program.
• Extensive experience in vulnerability scanning and vulnerability assessments.
• Broad knowledge of current and emerging cybersecurity threats, vulnerabilities, technologies, and intrusion techniques.
• Strong understanding of the OWASP Top 10 most critical web application security risks, MITRE Att&ck Framework, and NIST Vulnerability Database.
• Experience with technologies, tools, and process controls to minimize security risk and data exposure.
• Excellent oral and written communication skills and experience in presenting technical issues to all levels of management, including senior executive management as well as non-technical staff.
• Experience in application development utilizing Python or UNIX Shell.
• Applicable professional certification encompassing multiple foundational security domains, such as CISSP, GSEC, GCED, or Security+.
• Degree in Information Security, Computer Science, Engineering, or related field.
• 8+ years’ work experience relevant to information security.
• Specialized professional certification in general information security or vulnerability assessments.
• Experience utilizing vulnerability assessment tools such as Nmap, Nessus, and Wireshark.
• Experience with information security controls and network security architectures.
• Solid understanding of UNIX derivative operating systems and various Windows operating systems.
• Expert in utilizing Python or UNIX Shell.
• Knowledge of project management practices.
What to Expect Next
Requisition #: 262354
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.
The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.
Salary Min :
Salary Max :
This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual pay is based on skills, experience and other relevant factors.
This position is eligible for either short-term incentives or sales compensation. Director and VP positions also are eligible for long-term incentive. To learn more about our bonus structure, you can view additional information here. (https://jobs.lumen.com/global/en/compensation-information) We’re able to answer any additional questions you may have as you move through the selection process.
As part of our comprehensive benefits package, Lumen offers a broad range of Health, Life, Voluntary Lifestyle and other benefits and perks that enhance your physical, mental, emotional and financialTo view full details and how to apply, please login or create a Job Seeker account