Employer (NYSE: CTL) is a global communications and IT services company focused on connecting its customers to the power of the digital world. Employer offers network and data systems management, big data analytics, managed security services, hosting, cloud, and IT consulting services. The company provides broadband, voice, video, advanced data and managed network services over a robust 265,000-route-mile U.S. fiber network and a 360,000-route-mile international transport network. Visit Employer for more information.
Position Summary: The Lead Information Security Engineer is a member of the Government Services Information Assurance team that is responsible for delivering security requirements and coordinating information security risk assessments to ensure compliance with corporate policy, standards, procedures and industry best practices. The Lead Engineer in Systems Engineering is responsible for administrating and integrating security infrastructure, including security event feeds, event processing, and asset intelligence tools. The Lead Information Security Engineer works with the developers and system owners to ensure the systems comply with Federal Information Security Management Act (FISMA), NIST, DOD, and Intelligence Community requirements, as applicable. This is done by employing well-defined security policy models, structured, disciplined, and rigorous hardware and software development (and testing and certification) techniques, and sound system/security engineering principles. Assurance is also based on the assessment of evidence produced during the initiation, acquisition/development, implementation, and operations/maintenance phases of the SDLC (Software Development Life Cycle).
The successful candidate will have excellent communications skills and experience in presenting technical issues to a wide variety of audiences. In addition, the candidate must possess broad technical knowledge of current and emerging technologies used both within the corporate infrastructure and in delivering customer-facing services. The individual will coordinate activities across multiple departments and business units. This candidate must be able to work independently and as a team leader to develop and execute strategies.
- Perform as the ISSO (Information Systems Security Officer) for Federal systems.
- Lead security authorization processes and procedures. Recommend security best practices and system configuration standards.
- Write System Security Plans, POA&Ms (Plan Of Actions and Milestones), Risk Assessments, PIAs (Privacy Impact Analyses), and supporting documentation for systems subject to NIST SP 800-53.
- Achieve and maintain ATO (Authority To Operate), as required.
- Develop, implement, and evaluate security CONOPS (Concept of Operations), System Security Plans and/or System Security Authorization Agreements to satisfy Certification and Accreditation requirements in accordance with NIST 800-53, FISMA, FedRAMP, Risk Management Framework (RMF) and other government guidelines, as required.
- Writes BC (Business Continuity)/DR (Disaster Recovery)/CP (Contingency Plans)/COOP (Continuity of Operations) plans, test plans, and test reports for federal systems.
- Manages Information Security Audits by federal departments/agencies, including third party auditors.
- Assesses emerging network system and enterprise-level risks and vulnerabilities. Advises leadership on cyber security risk management, security strategy, security project planning, and security architecture.
- Negotiates Information Security-related contracts and contract language with business partners and customers. Responds to RFPs (Requests For Proposals) and RFIs (Request For Information) from government entities.
- Experience with Nessus, dbProtect and AppScan or similar security tools. Perform scans, review the results, and write necessary reports and plans.
- Conduct periodic reviews to ensure compliance with established policies and procedures ensuring all software, hardware and firmware changes recorded as required by established configuration management procedures
- Ensure systems are operated, maintained and disposed of in accordance with applicable governing policies and procedures
- Perform IS security briefings, report all security incidents to the ISSM (Information Systems Security Manager), and investigate, document and report, as well as provide protective and corrective measures in response to such incidents
- Coordinate and participate in special projects concerning information security, including testing and implementation of security software enhancements
- Develop, facilitate, and present information security awareness and security training on various customer and corporate security policies
- Maintain a broad knowledge of technology, equipment and/or systems to include the configuration, maintenance, analysis and use of computer forensics tools, steganography and metadata tools, audit reduction tools, firewalls, various operating systems, and phone switches
- Interface with appropriate government agencies, company management and employees, customers, vendors, and suppliers to ensure understanding of and compliance with security requirements
- Undergraduate degree in Computer Science Engineering, Management Information Systems, related field, or equivalent experience.
- 8 years of relevant experience with Certification and Accreditation (C&A) or Assessment and Authorization (A&A).
- Excellent understanding of common computing platforms, including Windows Server, RedHat Linux Server, and vendor specific appliance support.
- Considered expert in one (or more) of the following areas: Networking, Operating System (MS/Unix/Linux), Database, or programming skills.
- Strong work ethic, demonstrated self starter, ability to work in a fast paced, team oriented environment with excellent verbal and written and communication skills. Professional/technical certifications, such as Certified Information Systems Security Professional (CISSP), CISSP/MCSE/MCSA/CCNA/A+/Network+ Certifications.
- 8+ years of dedicated system administration, virtualization, configuration, and support work experience.
- eMass / RMF training and experience
- Current Public Trust Adjudication
- Experience with large enterprise data centers and/or networks.
Alternate Location: US-Colorado-Denver; US-Virginia-Arlington; US-Virginia-Herndon
Requisition #: 140059
This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, protected statuses ). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.
The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.
Associated topics: attack, cybersecurity, forensic, information assurance, information technology security, leak, phish, security analyst, security officer, threat