Cybersecurity Incident Response Engineer

About the position Lumen connects the world. We are igniting business growth by connecting people, data and applications – quickly, securely, and effortlessly. Together, we are building a culture and company from the people up – committed to teamwork, trust and transparency. People power progress. We’re looking for top-tier talent and offer the flexibility you need to thrive and deliver lasting impact. Join us as we digitally connect the world and shape the future. Cybersecurity Incident Response Team (CIRT) Engineers are expected to respond to and mitigate/remediate cybersecurity alerts from Lumen assets. CIRT Engineers research and recommend preventative measures in conjunction with managing reactive alerts. In addition, CIRT Engineers are responsible to evaluate current capabilities and predict future needs, then work with internal stakeholders, vendors, and peers to anticipate, define, and pursue these capabilities.

Responsibilities

• Respond to, remediate, and document information security incidents not limited to dashboard (Advanced Threat Appliance & SIEM) alerts, tickets, emails, or phone calls.
• Actively hunt the enterprise for insecure, suspicious, or malicious activity.
• Review data that is processed within the SIEM to find incident evidence and suspicious events as well as out of scope events.
• Verify and validate security notifications from both internal and external sources.
• Identify and resolve incidents that are not defined by (or deviate from) an existing incident response guide.
• Assist with significant incidents as needed or assigned, including outside of normal business hours.
• Provide feedback for development and consistency of automated threat detection mechanisms.
• Update and maintain response guides for accuracy.
• Support Security projects to improve Cyber Defense Team or Lumen's security posture.
• Demonstrate effective communication skills, both verbal and written

Requirements

• Undergraduate degree in computer science, engineering, or related field, or equivalent experience.
• Solid understanding of information security fundamentals, host and network security hardening and requirements; networking protocols; common intrusion techniques; and common risk management concepts.
• Analytical and problem-solving skills related to networking, operating systems, and malware analysis.
• Candidate must possess, or be willing to pursue, applicable professional/technical certifications, such as Security +, C|EH, OSCP,

GCIH, CISSP, GPEN, GWAPT, GISEC, CISM or CISA.

• Candidate must be US based and able to obtain government suitability.
• Strong oral and written communication skills and comfort with presenting technical issues to all levels of management, as well as non-technical staff.
• Experience with cloud security and cloud service providers (e.g., AWS, Azure, Google Cloud Platform).
• Broad technical knowledge of current and emerging technologies.

Nice-to-haves

• 4+ years of experience in incident response, computer forensics security, risk assessments, application security or network security.
• Experience in network and/or firewall engineering, administration, design and implementation including experience in applying methodologies and principles for all levels of security.
• Understanding of the following tools: SIEM, IDS / IPS, host based anti-virus, or similar products.
• Experience in network monitoring tools to monitor attacks/threats and doing the initial triage of findings.
• Microsoft or UNIX (including Linux or other UNIX derivatives) operating system administration/support experience.
• Experience with technologies, tools, and process controls to minimize risk and data exposure.
• Development experience in scripting languages such as Python or Perl.
• Experience in large enterprise or carrier data centers and/or networks.

Apply tot his job Apply To this Job