Lumen
About Lumen
We’re looking for top-tier talent and offer the flexibility you need to thrive and deliver lasting impact. Join us as we digitally connect the world and shape the future.
The Role
The Lead Information Security Engineer is a member of the Industrial Security team supporting Lumen Government Services and is responsible for performing cybersecurity compliance actives in support of government contracts as well as Lumen Product and Services targeting the Government market. The Lead Information Security Engineer must execute all six phases of the Risk Management Framework (RMF) process in accordance with FISMA, DoD, FIPS, and NIST requirements and policy. Responsibilities include developing RMF documentation (System Security Plan, Security Control Traceability Matrix, Plan of Action & Milestones, various Standard Operating Procedures, Continuous Monitoring Plan, etc), tracking/resolving vulnerabilities, performing continuous monitoring activities, developing security policies, and supporting cybersecurity guidance and compliance related activities. The Lead Information Security Engineer works closely with Lumen government customers (Federal and State), Lumen government program teams, Lumen operational teams, Lumen security teams, as well as Lumen Product and Services teams targeting our government customers.
A successful candidate will have excellent communications skills and experience presenting cybersecurity issues to a wide variety of audiences. The candidate must be able to work independently and as a team leader to develop and execute strategies. The candidate must possess and maintain a broad technical knowledge of current and emerging technologies used within corporate infrastructure and government customer infrastructure.
The Main Responsibilities
Perform as an Information Systems Security Officer (ISSO) for government system
Achieve and maintain ATO (Authority to Operate), as required.
Write System Security Plans (SSP), Plan of Actions & Milestones (POA&M), Continuous Monitoring Plan, Risk Assessments, Privacy Impact Analyses (PIA), and supporting documentation for systems subject to NIST SP 800-53
Lead Security Assessment and Authorization processes and procedures
Manage cybersecurity audits by federal departments/agencies, including third party auditors
Develop and complete continuous monitoring reports and briefings
Interface with appropriate government agencies, company management and employees, customers, vendors, and suppliers to ensure understanding of and compliance with security requirements
Review vulnerability and compliance scan results (Nessus, Qualys, etc), and work with the various team members to remediate vulnerabilities, and track ongoing vulnerability status and remediation activities
Conduct periodic reviews to ensure compliance with established policies and procedures
Investigate and document cybersecurity incidents, as well as provide protective and corrective measures in response to such incidents
Report all cybersecurity incidents to the program Information Systems Security Managers (ISSM) through reports and briefings
Participate in the change management process to ensure changes to software, hardware, and firmware do not adversely impact the security of an environment
Develop, facilitate, and present information security awareness and security training on various customer and corporate security policies
Coordinate and participate in business development opportunities related to cybersecurity compliance to include evaluating Requests for Information (RFI) and Requests for Proposal (RFP) from government customers and documenting cybersecurity responses
Recommend security best practices and system configuration standards
What We Look For in a Candidate
6+ years or experience performing cybersecurity, certification & accreditation (C&A), or assessment & authorization (A&A) related activities
Excellent oral and written communication skills, collaboration skills, and experience in presenting cybersecurity issues to all levels of management, as well as non-technical staff
Strong work ethic, demonstrated self-starter with the ability to work in a fast paced, team-oriented environment
Uses strong interpersonal skills to build partnerships with stakeholders and peers
Ability to successfully complete Government suitability and/or Government personnel security requirements is highly desired.
Education: Bachelors or equivalent years of experience.
Professional cybersecurity certification (CISSP, CISM, GSLC, CCISO)
Equal Employment Opportunities
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, gender expression, marital status, family status, pregnancy, or other legally protected status.
#J-18808-Ljbffr
#J-18808-Ljbffr