Careerlink Login
Back to Search New Search

Lead Information Security Engineer - Federal

CenturyLink, Inc Herndon, VA

Job Description

CenturyLink (NYSE: CTL) is a global communications, hosting, cloud and IT services company enabling millions of customers to transform their businesses and their lives through innovative technology solutions. CenturyLink offers network and data systems management, Big Data analytics and IT consulting, and operates more than 55 data centers in North America, Europe and Asia. The company provides broadband, voice, video, data and managed services over a robust 250,000-route-mile U.S. fiber network and a 300,000-route-mile international transport network.


Lead Information Security Engineer - Federal

Position Summary: The Lead Information Security Engineer is a member of the Government Services Information Assurance team that is responsible for delivering security requirements and coordinating information security risk assessments to ensure compliance with corporate policy, standards, procedures and industry best practices.  The Lead Engineer in Systems Engineering is responsible for administrating and integrating security infrastructure, including security event feeds, event processing, and asset intelligence tools.  The Lead Information Security Engineer works with the developers and system owners to ensure the systems comply with Federal Information Security Management Act (FISMA), NIST, DOD, and Intelligence Community requirements, as applicable. This is done by employing well-defined security policy models, structured, disciplined, and rigorous hardware and software development (and testing and certification) techniques, and sound system/security engineering principles. Assurance is also based on the assessment of evidence produced during the initiation, acquisition/development, implementation, and operations/maintenance phases of the SDLC (Software Development Life Cycle).

The successful candidate will have excellent communications skills and experience in presenting technical issues to a wide variety of audiences.  In addition, the candidate must possess broad technical knowledge of current and emerging technologies used both within the corporate infrastructure and in delivering customer-facing services.  The individual will coordinate activities across multiple departments and business units.  This candidate must be able to work independently and as a team leader to develop and execute strategies.



  • Perform as the ISSO (Information Systems Security Officer) for Federal systems.
  • Recommend security best practices and system configuration standards.
  • Consult with internal clients on security topics and policy interpretation.
  • Lead security authorization processes and procedures.
  • Write System Security Plans, POA&Ms (Plan Of Actions and Milestones), Risk Assessments, PIAs (Privacy Impact Analyses), and supporting documentation for systems subject to NIST SP 800-53.
  • Achieve and maintain ATO (Authority To Operate), as required.
  • Develop, implement, and evaluate security CONOPS (Concept of Operations), System Security Plans and/or System Security Authorization Agreements to satisfy Certification and Accreditation requirements in accordance with NIST 800-53, FISMA, FedRAMP, Risk Management Framework (RMF) and other government guidelines, as required.
  • Writes BC (Business Continuity)/DR (Disaster Recovery)/CP (Contingency Plans)/COOP (Continuity of Operations) plans, test plans, and test reports for federal systems.
  • Manages Information Security Audits by federal departments/agencies, including third party auditors.
  • Assesses emerging network system and enterprise-level risks and vulnerabilities. Advises leadership on cyber security risk management, security strategy, security project planning, and security architecture.
  • Negotiates Information Security-related contracts and contract language with business partners and customers. Responds to RFPs (Requests For Proposals) and RFIs (Request For Information) from government entities.
  • Experience with Nessus, dbProtect and AppScan or similar security tools. Perform scans, review the results, and write necessary reports and plans.
  • Conduct periodic reviews to ensure compliance with established policies and procedures ensuring all software, hardware and firmware changes recorded as required by established configuration management procedures
  • Ensure systems are operated, maintained and disposed of in accordance with applicable governing policies and procedures
  • Perform IS security briefings, report all security incidents to the ISSM (Information Systems Security Manager), and investigate, document and report, as well as provide protective and corrective measures in response to such incidents
  • Coordinate and participate in special projects concerning information security, including testing and implementation of security software enhancements
  • Develop, facilitate, and present information security awareness and security training on various customer and corporate security policies
  • Maintain a broad knowledge of technology, equipment and/or systems to include the configuration, maintenance, analysis and use of computer forensics tools, steganography and metadata tools, audit reduction tools, firewalls, various operating systems, and phone switches
  • Interface with appropriate government agencies, company management and employees, customers, vendors, and suppliers to ensure understanding of and compliance with security requirements
  • Contributor in a collaborative cross-functional team environment.


  • Minimum Qualifications:

  • 8+ years experience in performing security risk assessments and application, system and network security.
  • 2+ years experience with Certification and Accreditation (C&A) or Assessment and Authorization (A&A).
  • Considered expert in one (or more) of the following areas:  Networking, Operating System (MS/Unix/Linux), Database, or programming skills.
  • Strong work ethic, demonstrated self starter, ability to work in a fast paced, team oriented environment with excellent verbal and written and communication skills.
  • Undergraduate degree in Computer Science Engineering, Management Information Systems, related field, or equivalent experience.
  • Considered expert in one (or more) of the following areas:  Networking, Operating System (MS/Unix/Linux), Database, or programming skills.
  • Strong work ethic, demonstrated self starter, ability to work in a fast paced, team oriented environment with excellent verbal and written and communication skills.


  • Preferred Qualifications:

  • 6+ years of dedicated system administration, virtualization, configuration, and support work experience.
  • Professional/technical certifications, such as Certified Information Systems Security Professional (CISSP), CISSP/MCSE/MCSA/CCNA/A+/Network+ Certifications
  • eMass / RMF training and experience
  • Current Public Trust Adjudication
  • Experience with large enterprise data centers and/or networks.
  • Military Experience Preferred.









Alternate Location: US-Virginia-Herndon

Requisition #: 123935

This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at 

EEO Statement

No Discrimination. We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, marital status, family status, pregnancy, or other legally protected status (collectively, œprotected statuses). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training. Any offer of employment is contingent upon the results of a pre-employment drug test and background check.


The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.  Job duties and responsibilities are subject to change based on changing business needs and conditions.

Nearest Major Market: Baltimore

Job Segment: Information Security, Risk Management, Engineer, Corporate Security, Technology, Finance, Engineering, Security

Job Details

Date Posted October 19, 2019
Date Closes November 18, 2019
Requisition 386744900
Located In Herndon, VA
SOC Category 00-0000.00