Security Engineer - Incident Response - Broomfield, CO / St Paul, MN / Herdon, VA
Company: Lumen Technologies
Location: Saint Paul
Posted on: June 10, 2021
Lumen is guided by our belief that humanity is at its best when
technology advances the way we live and work. With 450,000 route
fiber miles serving customers in more than 60 countries, we deliver
the fastest, most secure global platform for applications and data
to help businesses, government and communities deliver amazing
experiences. Learn more about Lumen's network, edge cloud, security
and communication and collaboration solutions and our purpose to
further human progress through technology at news.lumen.com,
LinkedIn: /lumentechnologies, Twitter: @lumentechco, Facebook:
/lumentechnologies, Instagram: @lumentechnologies and YouTube:
Federal SOC Information Security Engineers will provide
monitoring, triage, and escalation support for internal Federal SOC
and External Customer operations. The SOC Information Security
Engineers will work shifts to provide 24x7x365 coverage. SOC
Information Security Engineers will work in tandem with other
Information Security Engineers in the Global SOC and Federal NOC
The position will be responsible for establishing technical
processes focused on Incident Response and Threat Hunting. This
includes developing a training and certification framework enabling
the success of Federal Incident Response Team individual
contributors and performing security event management functions -
monitoring, detection, triage of security events and alerts in
Security Information Event Monitor (SIEM) and associated monitoring
The Main Responsibilities
- Support and enhance CenturyLink's abilities to detect and
respond to security incidents including internal events, targeted
attacks and all other cyber incidents
- Actively hunt the enterprise for insecure, suspicious or
- Update and maintain response guides for accuracy.
- Remediate and document information security incidents not
limited to dashboard (Advanced Threat Appliance & SIEM) alerts,
tickets, emails, or phone calls.
- Ensure infrastructure, event feeds, event processing, and asset
intelligence are available and operating effectively.
- Discover, implement and automate of "Indicators of Compromise"
in order to detect intrusions, and significantly lower time to
- Facilitate the coordinated response to an intrusion, minimize
the impact of the threat, return the integrity of customer assets
and network as quickly as possible.
- Assist with significant incidents as needed or assigned.
- Research and understand initial threat vectors and create
protection mechanisms to prevent threat recurrences.
- Recommend security best practices and system configuration
- Facilitate and lead Federal customer incident response calls;
provide documentation and reports to Federal customers and senior
- Analyze malware, network indicators, and call back channels,
and design and implement detection mechanisms.
- Identify new technology to be reviewed by the Incident Response
- Maintain both internal and customer facing incident
documentation, participate in post-mortems, and write incident
- Support Incident Response Team by managing projects that have
high visibility by management.
- Identify and mitigate real-time attacks through the leveraging
of multiple sourced, correlated data such as host and network-based
IDS/IPS data, forensic data, and antivirus. This could include
signature, flow, anomaly, and full packet capture analysis.
- Maintain an expert knowledge of modern hacker tools,
methodology, and attack trends.
- Perform an on-call shift rotation.
- Demonstrate effective communication skills, both verbal and
What We Look For in a Candidate
- Undergraduate degree in Computer Science Engineering, related
field, or equivalent experience.
- 2+ years of relevant work experience in incident response,
computer forensics security, risk assessments, application security
and network security.
- An active security clearance or the ability to obtain one may
be required for this role.
- Strong work ethic, demonstrated self-starter, ability to work
in a fast paced, team-oriented environment with excellent verbal
and written and communication skills.
- Excellent understanding of common computing attack
- Considered expert in one (or more) of the following areas:
Networking, Operating System (MS/Unix/Linux), database, or
- Candidate must possess, or be willing to pursue, applicable
professional/technical certifications, such as Security +, C|EH,
OSCP, GCIH, CISSP, GPEN, GWAPT, GISEC, CISM or CISA.
- 5+ years of dedicated incident response and computer forensics
- Professional/technical certifications, such as Certified
Information Systems Security Professional (CISSP), GIAC Certified
Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA),
GIAC Reverse Engineering Malware (GREM), Certified Ethical Hacker
(CEH), Offensive Security Certified Professional (OSCP) or
equivalent certifications in these areas.
- Development experience in scripting languages such as Python or
- Hands on experience using commercial Security Incident and
Event Management (SIEM), "Next-generation" firewalls, web-content
filtering systems, and/or Intrusion Prevention Systems.
- Experience in writing custom Fortinet IDS/IPS signatures and
interpreting Snort output.
- Experience with large enterprise data centers and/or
Requisition #: 248500
We are committed to providing equal employment opportunities to
all persons regardless of race, color, ancestry, citizenship,
national origin, religion, veteran status, disability, genetic
characteristic or information, age, gender, sexual orientation,
gender identity, marital status, family status, pregnancy, or other
legally protected status (collectively, "protected statuses"). We
do not tolerate unlawful discrimination in any employment
decisions, including recruiting, hiring, compensation, promotion,
benefits, discipline, termination, job assignments or training.
The above job definition information has been designed to
indicate the general nature and level of work performed by
employees within this classification. It is not designed to contain
or be interpreted as a comprehensive inventory of all duties,
responsibilities, and qualifications required of employees assigned
to this job. Job duties and responsibilities are subject to change
based on changing business needs and conditions.
Salary Min :
Salary Max :
This information reflects the anticipated base salary range for
this position based on current national data. Minimums and maximums
may vary based on location. Individual pay is based on skills,
experience and other relevant factors.
This position is eligible for either short-term incentives or
sales compensation. Director and VP positions also are eligible for
long-term incentive. To learn more about our bonus structure, you
can view additional information here. We're able to answer any
additional questions you may have as you move through the selection
As part of our comprehensive benefits package, Lumen offers a
broad range of Health, Life, Voluntary Lifestyle and other benefits
and perks that enhance your physical, mental, emotional and
financial wellbeing. You can learn more by clicking here.
Note: For union-represented postings, wage rates and ranges are
governed by applicable collective bargaining agreement
Salary Min :
Salary Max :
This information reflects the base salary pay range for this job
based on current national market data. Ranges may vary based on the
job's location. We offer competitive pay that varies based on
individual experience, qualifications and other relevant factors.
We encourage you to apply to positions that you are interested in
and for which you believe you are qualified. To learn more, you are
welcome to discuss with us as you move through the selection
Keywords: Lumen Technologies, St. Paul , Security Engineer - Incident Response - Broomfield, CO / St Paul, MN / Herdon, VA, Other , Saint Paul, Minnesota
Didn't find what you're looking for? Search again!