- Presentation Skills
- IT Experience
- Operating Systems
- Communication Skills
- Analysis Skills
The Lead Information Assurance Engineer - Federal is a member of the Operations team who will be responsible for delivering security requirements and coordinating information security risk assessments to ensure compliance with program policy, standards, procedures and industry best practices supporting a diverse 24x7 NOCs geographically separated. The engineer will assist with the development and implementation of the security program to assess and manage application security risk. The engineer will engage with both internal and external parties to include the program ISSO. The engineer will draft and recommend appropriate security procedures and methods according to established standards, assess systems and applications within the program environment for cybersecurity risks and vulnerabilities, design and test controls in a lab environment to protect information and network assets, and assess and manage application security risk in conjunction with our Program Customer of Interest. Additionally, the Senior Engineer will provide guidance, training, and assistance to junior engineers and technicians as well as peers on the Technical Analysis and Integration Team.
The successful candidate will have broad technical knowledge of current and emerging cyber threats, security technologies and methods used to protect both program and customer-facing applications using agile cybersecurity approaches. Skill in rapidly understanding new applications, systems, and platforms; and developing appropriate security controls beyond existing compliance standards is also required.
This candidate must be able to work independently and as a team leader to develop and execute strategies and consult with internal business units on advanced application and data security topics. In addition, the candidate must possess excellent oral and written communications skills and experience in presenting technical issues to a wide variety of audiences. The candidate must also have a proven analytical background in order to analyze, test, and report with detailed documentation through lab scenarios and case studies within a lab environment prior to implementation.
Recommend new security policy, standards, best practices, and system configuration standards. Consult with internal clients on security topics and policy interpretation.
Work with the program security team to implement and maintain compliance and technical security requirements
Conduct vulnerability scans, review and analyze vulnerability scan results, work with engineers to resolve vulnerabilities, and track vulnerability resolution
Manage the configuration of a SIEM, review and analyze audit logs, respond to SIEM alerts, track alert status, and remediate the effects of unauthorized user activity
Mange a Plan of Action & Milestones (POA&M) to ensure time resolution of outstanding vulnerabilities
Implement and evaluate DoD SRG and STIG
Track and report overall status of government required training for all team member
Experience with HP Blade Centers/Servers, Cisco FirePOWER IDS/IPS, Cisco ASA Firewall and HBSS, and Ciena optical equipment highly desired
Prepare and maintain security Assessment and Authorization documentation (e.g., IA SOP, SSP, MSSP, RAR, SCTM)
Top Secret clearance mandatory and current SCI mandatory
DoD 8570 IAT Level III certification or above required
Bachelor’s degree in an Information Technology field and three years experience or seven years applicable work experience desired.
Experience in the administration, design and implementation of security controls including experience in applying methodologies and principles for all levels of security.
Excellent oral and written communication skills, collaboration skills, and experience in presenting technical issues to all levels of management, as well as non-technical staff.
Candidate must possess, or be willing to pursue, applicable professional/technical certifications, such as CISSP, GPEN, GWAPT, CEH, GCIH, GISEC, CISM or CISA.
Experience with technologies, tools and process controls to minimize risk and data exposure.
Strong understanding of common computing attack vectors; information, host and network security hardening and requirements; networking protocols; common intrusion techniques; and common risk management concepts.
Broad technical knowledge of current and emerging technologies used both within the corporate infrastructure and in delivering customer facing services.
Solid understanding of information, host and network security hardening and requirements; networking protocols; common intrusion techniques; and common risk management concepts.
Analytical and problem solving skills related to networking, operating systems, and malware analysis.
Strong oral and written communication skills and comfort with presenting technical issues to all levels of management, as well as non-technical staff
Alternate Location: US-Colorado-Colorado Springs
Requisition #: 218681
This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at http://find.centurylink.jobs/testguides/
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.
The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.