CenturyLink Veterans Jobs

centurylink logo
mobile centurylink logo

Job Information

CenturyLink Sr Lead Info Sec Engineer - Product/Software Development in BROOMFIELD, Colorado

About CenturyLink

CenturyLink (NYSE: CTL) is the second largest U.S. communications provider to global enterprise customers. With customers in more than 60 countries and an intense focus on the customer experience, CenturyLink strives to be the world’s best networking company by solving customers’ increased demand for reliable and secure connections. The company also serves as its customers’ trusted partner, helping them manage increased network and IT complexity and providing managed network and cyber security solutions that help protect their business.

The Role

The Senior Lead Information Security Engineer is a member of the Enterprise Security team that is responsible for delivering security requirements and coordinating information security risk assessments to ensure compliance with corporate policy, standards, procedures, and industry best practices. The engineer will engage with both internal and external parties to understand emerging threats and implement security controls within the environment to protect CenturyLink information and network assets. Additionally, the Senior Lead Engineer will provide guidance, training, and assistance to junior members.

The ideal candidate will lead the team on assessments of new products and features that CenturyLink delivers to its customers, while also formulating and implementing a method for continuous monitoring of application security as it related to the product line and its impact to the product’s security posture.

The Main Responsibilities

Define software security design standards - building in security best practices at the beginning of the software development life cycle

Partner with our development teams (and business stakeholders) to set the course for secure development practices for existing and future products and features

Perform security design reviews and regular security assessments (analyze, assess, and remediate) to ensure systems supporting our product lines meet the established software design standards

Lead engineering for preventative solutions to solve application security issues at their root

Develop threat modeling (threat type, impact, risk rating, counter-measures, residual risks, and gap analysis) for in-scope products

Lead security and privacy/data initiatives and ensure end-state product meets regulatory requirements

Interact directly with the security community regarding vulnerabilities and threats, with focus on areas that may directly impact CenturyLink’s product lines

Promote security awareness, including recommended solutions and staying current on new threats, vulnerabilities and best practices

Provide web and cloud security guidelines and solutions to Development teams on authentication, authorization, session management, data protection (encryption)/key management, etc.

Technical Experience:

Experience with threat modeling, security design reviews, and security architecture

Software development experience is a plus

Experience with CI/CD pipelines and Agile methodologies

Experience with Cloud security architecture and deployment models

Experience with securing highly sensitive data and maintaining its security as a top priority

Experience with LDAP, SSO, SAML, Active Directory, MFA, etc.

Demonstrate knowledge of security technologies, trends, leading practices, and regulatory requirements and government security standards such as FedRAMP and Controlled Unclassified Information (CUI) standards, along with best practices such as NIST Cybersecurity Framework (CSF), ISO 27001-27002, ISO 22301, PCI, SOC 1 & SOC 2 and other applicable security and privacy laws.

What We Look For in a Candidate

  • Extensive experience in the administration, design and implementation of security controls including experience in applying methodologies and principles for all levels of security.

  • Excellent oral and written communication skills, collaboration skills, and experience in presenting technical issues to all levels of management, as well as non-technical staff.

  • Must possess current applicable professional/technical certifications, such as CISSP, GPEN, GWAPT, GISEC, CISM or CISA.

  • Experience with technologies, tools and process controls to minimize risk and data exposure.

  • Strong understanding of common computing attack vectors; information, host and network security hardening and requirements; networking protocols; common intrusion techniques; and common risk management concepts.

  • Strong understanding of Microservices software development and Secure DevOps principles.

  • Strong understanding of virtualization technologies and virtualization security concepts

  • Broad technical knowledge of current and emerging technologies used both within the corporate infrastructure and in delivering customer facing services.

Preferred Qualifications:

  • Knowledge of information security industry and regulatory obligations (ISO 27001/27002, SOX, PCI, NIST Framework, FISMA, FedRAMP. HIPAA, NACHA, SSAE-16 and GDPR).

  • Application development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, PERL, Python, or Java.

  • Knowledge of project management practices.

  • Experience in large Enterprise data centers and/or networks.

What to Expect Next

Alternate Location: US-Colorado-Broomfield; US-Louisiana-Monroe

Requisition #: 228033

EEO Statement

We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.

Disclaimer

The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.

DirectEmployers