CenturyLink Information Security Engineer I - Federal SOC in BROOMFIELD, Colorado
CenturyLink (NYSE: CTL) at http://www.centurylink.com/ is the second largest U.S. communications provider to global enterprise customers. With customers in more than 60 countries and an intense focus on the customer experience, CenturyLink strives to be the world’s best networking company by solving customers’ increased demand for reliable and secure connections. The company also serves as its customers’ trusted partner, helping them manage increased network and IT complexity and providing managed network and cyber security solutions that help protect their business.
Federal SOC Information Security Engineers will provide monitoring, triage, and escalation support for internal Federal SOC and External Customer operations. The SOC Information Security Engineers will work shifts to provide 24x7x365 coverage. SOC Information Security Engineers will work in tandem with other Information Security Engineers in the Global SOC and Federal NOC Organizations.
Review Global SOC Shift end Summary and SOC activity logs, emails, tickets, cases and other monitoring tools for complete understanding of previous shift activities and incidents with the goal of maintaining the highest level of customer service by keeping track of the critical customer impacting issue.
Provide monitoring and responding to alerts and events within SLAs. Services and systems include but not limited to Splunk (internal/external SIEM), DDOS- Distributed Denial of Services mitigation, Firewalls alerts (MTIPS and MSS), TrendMicro Anti Virus, Tripwire File Integrity Checks, IDS/IPS for customers.
Monitor multiple ticketing systems and queues. Ensure tickets are created and notated within SLAs
Login to phone call queues to answer both internal and external calls.
Triage DDOS attacks targeted on Federal Customers.
Work closely with FedNOC, the Federal SOC Tier II and Ops Eng teams
Escalate issues to Vendors, SOC Tier II and Ops Engineers as soon as there is a need
Adhere to all defined processes and procedures.
Provide process and operational improvement suggestions.
Have minimum two years operational experience with 3 or more of the following security components.
Tripwire, TrendMicro, WebInspect, Tennable Nessus and Qualys vulnerability scanners, Splunk, Secure Log Management, Firewalls, Intrusion Detection.
Demonstrate a curiosity and a security threat hunting mindset.
Deal with work coming from diverse sources.
Diagnose Trip Wire Events, Trend Micro Events, System Events, Network Events from 4 Supported Environments with dissimilar architecture.
Access systems and restart security application agents.
Perform Gemalto Token PIN Provisioning, Repair, Revocation, re-provisioning, PIN change, Reset for internal and external Federal Customers.
Perform PIN and Token Tests to ascertain Gemalto MFA functionality is working properly.
Create multi-factor authentication (MFA) reports.
Perform MFA Token migration between servers.
Perform user verification in AD Systems as part of user authentication troubleshooting.
Manually perform MFA systems checks to ascertain operational status.
Isolate trouble to a system by process of elimination.
Assemble and direct SWAT teams for Network wide Events.
Isolate BGP alerts and instruct the Federal NOC, IPSS, Strat Gov to follow-up on CPE or Circuit Issues.
Run searches in Splunk Search Heads.
Review alerts and reports in Splunk
Restart scheduled FISMA and STIGaaS Compliance vulnerability Scan or run adhoc Vulnerability Scans.
Respond to CDM (Continuous Diagnostics and Mitigation) Events.
Perform Analytics on events from customer networks per CDM Framework.
Take inbound call and work Ticket Queue for internal and external customers.
Manage Perimeter Fortigates and Palo Alto Firewalls in MTIPS, FEDRAMP Gov CCC, Palo Alto with IPS.
Resolve Customer Firewall Operations related changes and tickets.
Notify the CenturyLink FedNOC of a customer Low category event.
Notify the CenturyLink FedNOC of a customer Medium category event.
Notify the End User Federal Agency (EUA), and then the CenturyLink FedNOC, of a customer High Category Event.
Shift: Overnight M-F; Overnight including weekends.
Clearance: Government Suitability Clearance up to Top Secret as required
Certifications: CEH, GIAC Certified Incident Handler (GCIH), CCNA, NSE4
Education: Associate Degree or BS in Computer Science.
Alternate Location: US-Colorado-Broomfield; US-Minnesota-St Paul
Requisition # : 220946
This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at http://find.centurylink.jobs/testguides/
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.
The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.