SR INFORMATION SECURITY ENGINEER - Cybersecurity Incident Response
Lumen Technologies · United States · Yesterday
RemoteRemoteInformation Technology$85k–$113k/yrFull-time
Main Responsibilities
- Respond to, remediate, and document information security incidents not limited to dashboard (Advanced Threat Appliance & SIEM) alerts, tickets, emails, or phone calls.
- Actively hunt the enterprise for insecure, suspicious, or malicious activity.
- Review data that is processed within the SIEM to find incident evidence and suspicious events as well as out-of-scope events.
- Verify and validate security notifications from both internal and external sources.
- Identify and resolve incidents that are not defined by (or deviate from) an existing incident response guide.
- Assist with significant incidents as needed or assigned, including outside of normal business hours.
- Provide feedback for development and consistency of automated threat detection mechanisms.
- Update and maintain response guides for accuracy.
- Support Security projects to improve Cyber Defense Team or Lumen's security posture.
Minimum Qualifications
- Bachelor’s in Computer Science, Engineering, or related field (or equivalent experience)
- Strong understanding of security fundamentals: host/network hardening, networking protocols, intrusion techniques, and risk management
- Analytical/problem-solving skills across networking, operating systems, and malware analysis
- Relevant certifications (or willingness to obtain): Security+, CEH, OSCP, GCIH, CISSP, GPEN, GWAPT, GISEC, CISM, or CISA
- U.S.-based and able to obtain government suitability
- Effective communication skills; able to present technical concepts to both technical and non-technical audiences
- Experience with cloud security (AWS, Azure, GCP)
- Broad knowledge of current and emerging technologies
Preferred Qualifications
- 4+ years in incident response, forensics, risk assessments, application or network security
- Experience in network/firewall engineering, design, and implementation
- Familiarity with security tools (SIEM, IDS/IPS, endpoint protection)
- Experience monitoring threats and performing initial triage
- Microsoft or UNIX/Linux administration
- Experience implementing controls to reduce risk and data exposure
- Scripting experience (Python or Perl)
- Experience in large enterprise or carrier-scale environments