CenturyLink (NYSE: CTL) is a global communications, hosting, cloud and IT services company enabling millions of customers to transform their businesses and their lives through innovative technology solutions. CenturyLink offers network and data systems management, Big Data analytics and IT consulting, and operates more than 55 data centers in North America, Europe and Asia. The company provides broadband, voice, video, data and managed services over a robust 250,000-route-mile U.S. fiber network and a 300,000-route-mile international transport network.
The Senior Information Security Engineer is a member of the Information Security Architecture and Engineering team that is responsible for delivering security requirements and coordinating information security risk assessments to ensure compliance with corporate policy, standards, procedures and industry best practices. The Engineer will work with project managers and developers to assess the security risks associated with new applications and products; provide security requirements based on the Information Security Policy; coordinate vulnerability assessments; and present an overall risk assessment for the project.
The successful candidate will have broad technical knowledge of current and emerging cyber threats, as well as security technologies and methods used to protect both corporate and customer-facing network infrastructures. This candidate must be able to work independently and as a team leader to develop and execute strategies and consult with internal clients on advanced security topics, providing designs, reviews, and recommendations in compliance with corporate policy, standards, procedures, and industry best practices.
- Assess potential risks with new applications and products and provide security requirements and recommendations for risk mitigation to help the business succeed with their projects.
- Architect new information security systems and controls to mitigate emerging threats and risks across the company.
- Consult as security subject matter expert with network architects, engineers, and others on solutions to security problems.
- Ensure reports and findings are delivered in a timely and appropriate manner to management, operations and executive leadership.
- Assess operational business processes to identify opportunities to integrate security risk assessments for greatest impact.
- Recommend new security policy, standards, best practices, and system configuration standards. Consult with internal clients on security topics and policy interpretation.
- Analyze requests for exceptions to the Information Security Policy, identify risk mitigation steps that should be taken, and make recommendations to the business for accepting the risks associated with exceptions.
- Proactively identify higher risk areas of the corporate and carrier infrastructure for assessment.
- Work with Product Development on new security-related product offerings and services for customers.
- Coordinate activities across multiple departments and business units.
- Bachelor’s degree in Computer Science, Engineering, or related field, or 5+ years of equivalent experience.
- Extensive experience in performing security risk assessments and application, system and network security.
- Experience with technologies, tools and process controls to minimize risk and data exposure.
- Experience in network and/or firewall engineering, administration, design and implementation including experience in applying methodologies and principles for all levels of security.
- Must possess, or be willing to pursue, current applicable professional/technical certifications, such as CISSP, GPEN, GWAPT, GISEC, CISM or CISA.
- Strong oral and written communication skills and comfort with presenting technical issues to all levels of management, as well as non-technical staff.
- Must possess broad technical knowledge of current and emerging technologies used both within the corporate infrastructure and in delivering customer facing services.
- Knowledge of information security industry and regulatory obligations (ISO 27001/27002, SOX, PCI, NIST Framework, FISMA, HIPAA, NACHA, and SSAE-16).
- Application development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, PERL, Python, or Java.
- Knowledge of project management practices.
- Experience in large Enterprise data centers and/or networks