at Lumen in Little Rock, Arkansas, United States
Lumen is guided by our belief that humanity is at its best when technology advances the way we live and work. With 450,000 route fiber miles serving customers in more than 60 countries, we deliver the fastest, most secure global platform for applications and data to help businesses, government and communities deliver amazing experiences. Learn more about Lumen’s network, edge cloud, security and communication and collaboration solutions and our purpose to further human progress through technology at news.lumen.com, LinkedIn: /lumentechnologies, Twitter: @lumentechco, Facebook: /lumentechnologies, Instagram: @lumentechnologies and YouTube: /lumentechnologies.
The Senior Lead Information Security Engineer is a member of the Enterprise Security Architecture and Engineering team that is responsible for delivering security requirements and coordinating information security risk assessments to ensure compliance with corporate policy, standards, procedures, and industry best practices. The ideal candidate will lead or support assessments of new products and features that Lumen delivers to its customers, while also engineering and implementing a method for continuous security monitoring of enterprise and product controls.
+ Experience with threat modeling, security design reviews, and security architecture
+ Software development lifecycle; DevOps Frameworks; Security
+ Experience with CI/CD pipelines and Agile methodologies
+ Experience with Cloud security architecture and deployment models
+ Experience with LDAP, SSO, SAML, Active Directory, MFA
Data Security; Privacy;
The Main Responsibilities
+ Define or support software security design standards – building in security best practices at the beginning of the software development life cycle
+ Partner with our development teams (and business stakeholders) to set the course for secure development practices for existing and future products and features
+ Perform security design reviews and regular security assessments (analyze, assess, and remediate) to ensure systems supporting our product lines meet the established software design standards
+ Lead or support engineering for preventative solutions to solve application security issues
+ Develop or support threat modeling (threat type, impact, risk rating, counter-measures, residual risks, and gap analysis) for in-scope products
+ Lead or support security and privacy/data initiatives and ensure end-state product meets regulatory requirements
+ Interact directly with the security community regarding vulnerabilities and threats, with focus on areas that may directly impact Lumen’s enterprise and products
+ Promote security awareness, including recommended solutions and staying current on new threats, vulnerabilities and best practices
+ Provide web and cloud security guidelines and solutions to Development teams on authentication, authorization, session management, data protection (encryption)/key management, etc.
• Experience with threat modeling, security design reviews, and security architecture
• Software development experience is a plus
• Experience with CI/CD pipelines and Agile methodologies
• Experience with Cloud security architecture and deployment models
• Experience with securing highly sensitive data and maintaining its security as a top priority
• Experience with LDAP, SSO, SAML, Active Directory, MFA, etc.
• Demonstrate knowledge of security technologies, trends, leading practices, and regulatory requirements and government security standards such as FedRAMP and Controlled Unclassified Information (CUI) standards, along with best practices such as NIST Cybersecurity Framework (CSF), ISO 27001-27002, ISO 22301, PCI, SOC 1 & SOC 2 and other applicable security and privacy laws.
What We Look For in a Candidate
+ Experience in the administration, design and implementation of security controls including experience in applying methodologies and principles for all levels of security.
+ Excellent oral and written communication skills, collaboration skills, and experience in presenting technical issues to all levels of management, as well as non-technical staff.
+ Must possess current applicable professional/technical certifications, such as CISSP, GPEN, GWAPT, GISEC, CISM or CISA.
+ Experience with technologies, tools and process controls to minimize risk and data exposure.
+ Understanding of common computing attack vectors; information, host and network security hardening and requirements; networking protocols; common intrusion techniques; and common risk management concepts.
+ Understanding of Microservices software development and Secure DevOps principles.
+ Understanding of virtualization technologies and virtualization security concepts
+ Broad technical knowledge of current and emerging technologies used both within the corporate infrastructure and in delivering customer facing services.
What to Expect Next
Requisition #: 254013
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.
The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.
Salary Min :
Salary Max :
This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual pay is based on skills, experience and other relevant factors.
This position is eligible for either short-term incentives or sales compensation. Director and VP positions also are eligible for long-term incentive. To learn more about our bonus structure, you can view additional information here. (https://jobs.lumen.com/global/en/compensation-information) We’re able to answer any additional questions you may have as you move through the selection process.
As part of our comprehensive benefits package, Lumen offers a broad range of Health, Life, Voluntary Lifestyle and other benefits and perks that enhance your physical, mental, emotional and financial wellbeing. You can learn more by clicking here. (https://centurylinkbenefits.com)
Note: For union-represented postings, wage rates and ranges are governed by applicable collective bargaining agreement provisions.
Salary Min :
Salary Max :
This information reflects the base salary pay range for this job based on current national market data. Ranges may vary based on the job’s location. We offer competitive pay that varies based on individual experience, qualifications and other relevant factors. We encourage you to apply to positions that you are interested in and for which you believe you are qualified. To learn more, you are welcome to discuss with us as you move through the selection process.To view full details and how to apply, please login or create a Job Seeker account