Senior Information Security Engineer - Federal SOC - St Paul, MN / Broomfield, CO

Lumen Technologies, Inc


4 days ago

About Lumen
Lumen is guided by our belief that humanity is at its best when technology advances the way we live and work. With 450,000 route fiber miles serving customers in more than 60 countries, we deliver the fastest, most secure global platform for applications and data to help businesses, government and communities deliver amazing experiences. Learn more about Lumen’s network, edge cloud, security and communication and collaboration solutions and our purpose to further human progress through technology at, LinkedIn: /lumentechnologies, Twitter: @lumentechco, Facebook: /lumentechnologies, Instagram: @lumentechnologies and YouTube: /lumentechnologies.

The Role

The Senior Information Security Engineer on the Cybersecurity Federal Security Operations Center (Federal SOC) team within Global SOC is primarily responsible for identifying, establishing, enhancing, and performing operational functions of vulnerability management. Operational functions include establishing and maintaining scanning capabilities, identifying vulnerabilities through scanning capabilities, and providing remediation oversight of vulnerabilities on Lumen Federal SOC servers, databases, applications, network elements, and other systems on external Customer Networks. The engineer is responsible to assist with realizing strategic security initiatives to improve the team capabilities associated with vulnerability management and vulnerability scanning methodology. The engineer will conduct penetration testing on a limited basis to assist the Federal SOC team penetration testers and to advance penetration testing skills.

The engineer must possess general knowledge of cybersecurity threats, vulnerabilities, and technologies. The engineer must possess broad knowledge of Information Security and Information Technology (IT) systems as well as a reasonable understanding in all disciplines of networking, programming, application development and system administration. The engineer must have effective oral and written communication skills to provide remediation oversight of vulnerabilities, document team procedures and processes, and assist with documents intended for executive review and approvals. The engineer must be able to work independently, as well as collaboratively with others, to foster consulting with internal partners.

The Main Responsibilities

  • Represent Federal SOC as a Subject Matter Expert (SME) regarding Lumen vulnerability scanning capabilities and methodologies.
  • Oversee the response to High severity vulnerabilities that impact Lumen systems by analyzing the vulnerabilities, identifying systems impacted, and collaborating with system owners to communicate the risk of vulnerabilities, establish remediation priority, and validate remediation efforts.
  • Coordinate and lead routine vulnerability scanning and remediation oversight on Lumen systems and external federal customer systems as required for compliance of Federal Information Security Management Act (FISMA), and other industry compliance standards as necessary.
  • Identify vulnerabilities on Lumen systems and external federal customer systems through vulnerability scanning for Lumen infrastructure, products, and services encompassing network elements, operating systems, databases, and applications across the corporate enterprise.
  • Contribute to realize strategic security initiatives to improve vulnerability management and vulnerability scanning capabilities through automation development, processes enhancements, and infrastructure expansion.
  • Create reports and generate vulnerability metrics for executive management levels to utilize in making informed business decisions that impact the security of Lumen and its Federal customers.
  • Perform operational support of vulnerability management systems and applications that the Federal SOC team is responsible to maintain and define documented procedures and processes.
  • Conduct penetration testing on a limited basis to assist the Federal SOC team penetration testers.
  • Identify deficiencies within vulnerability management and vulnerability scanning tools, procedures, and processes and provide recommendations for improvement.
  • Contribute to develop, facilitate, and maintain the Information Security Policy, Methods & Procedures, Technical Standards, Technical Best Practices, and general processes for vulnerability management.
  • Instill a security culture company-wide through vulnerability awareness and remediation mindset.


What We Look For in a Candidate

Minimum Qualifications:

  • Undergraduate degree in Information Security, Computer Science, Computer Engineering, or related field, or equivalent experience.
  • 2+ years’ experience in Information Security; or 1+ years with a Master’s degree and relevant work experience.
  • Applied experience performing vulnerability scanning and vulnerability management functions for medium to large enterprises.
  • Experience utilizing multiple vulnerability scanning tools and platforms.
  • Knowledge of current and emerging cybersecurity threats, vulnerabilities, and technologies.
  • Awareness of NIST Vulnerability Database pertaining to vulnerability severity ratings.
  • Basic knowledge of programing languages such as C/C++, C#, VB.NET, ASP, PHP, PERL, Python, Java, Assembly, UNIX Shell, Microsoft PowerShell, or other programming language.
  • General understanding of common networking protocols.
  • General understanding and experience of UNIX derivative operating system distributions – Linux RedHat, CentOS - as well as various Windows operating systems.
  • Effective oral and written communication skills and comfort with presenting technical issues to all levels of management, as well as non-technical staff.
  • Applicable professional certification encompassing multiple foundational security domains must be in place, such as CISSP, GSEC, GCED, CEH, or Security+.


Preferred Qualifications:

  • Master’s degree in Computer Science, Engineering, related field, or equivalent experience.
  • 2+ years of experience performing vulnerability scanning full time in a large enterprise environment encompassing network elements/protocols, operating systems, databases, and applications including systems in scope for a compliance standard.
  • Applied experience performing penetration testing.
  • Applied experience with OWASP Top 10, SANS Top 20, and NIST Vulnerability Database.
  • Applied experience in application development utilizing C/C++, C#, VB.NET, ASP, PHP, PERL, Python, Java, Assembly, UNIX Shell, Microsoft PowerShell, or other programming language.
  • Experience as a network/firewall engineer, administrator, designer, implementer, or support technician with technologies, tools, and process controls to minimize risk and data exposure.
  • Awareness of information security industry and regulatory obligations (PCI, FISMA, HIPAA, ISO 27001/27002, NIST Framework) pertaining to vulnerability management.
  • Applicable specialized professional certification in the domain of vulnerability assessments or penetration testing, such as CEH, GPEN, GWEB, or OSCP.
  • Possesses a US Government Secret (or higher) security clearances or have the ability to obtain one.


Requisition #: 266357

EEO Statement
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”).  We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.

The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.  Job duties and responsibilities are subject to change based on changing business needs and conditions.

Salary Min :


Salary Max :


This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual pay is based on skills, experience and other relevant factors.

This position is eligible for either short-term incentives or sales compensation. Director and VP positions also are eligible for long-term incentive. To learn more about our bonus structure, you can view additional information here. We're able to answer any additional questions you may have as you move through the selection process.

As part of our comprehensive benefits package, Lumen offers a broad range of Health, Life, Voluntary Lifestyle and other benefits and perks that enhance your physical, mental, emotional and financial wellbeing. You can learn more by clicking here.

Note: For union-represented postings, wage rates and ranges are governed by applicable collective bargaining agreement provisions.

Salary Min :


Salary Max :


About the Company

Lumen Technologies, Inc

Lumen is an enterprise technology platform that enables companies to capitalize on emerging applications and power the 4th Industrial Revolution (4IR). This revolution is redefining how we live and work, creating an unprecedented need for an advanced application delivery architecture—designed specifically to handle the complex and data-intensive workloads of next-gen technology and businesses.

We integrate network assets, cloud connectivity, security solutions and voice and collaboration tools into one platform that enables businesses to leverage their data and adopt next-generation technologies.

10,000 employees or more
Computer/IT Services