100 REMOTE CONTRACT TO HIRE POSITION Areas to focus on aside from the jobs scope - Lead Sr Lead Experience with threat modeling, security design reviews, and security architecture Software development lifecycle DevOps Frameworks Security Experience with CICD pipelines and Agile methodologies Experience with Cloud security architecture and deployment models Experience with LDAP, SSO, SAML, Active Directory, MFA Data Security Privacy Entire job scopeorporate policy, standards, procedures, and industry best practices. The engineer will engage with both internal and external parties to understand emerging threats and implement security controls within the environment to protect Lumen information and network assets. The ideal cand The Information Security Engineer is a member of the Enterprise Security team that is responsible for delivering security requirements and coordinating information security risk assessments to ensure compliance with cidate will lead or support assessments of new products and features that Lumen delivers to its customers, while also formulating and implementing a method for continuous monitoring of application security as it related to the product line and its impact to the productrsquos security posture. Define or support software security design standards - building in security best practices at the beginning of the software development life cycle bull Partner with our development teams (and business stakeholders) to set the course for secure development practices for existing and future products and features bull Perform security design reviews and regular security assessments (analyze, assess, and remediate) to ensure systems supporting our product lines meet the established software design standards bull Lead or support engineering for preventative solutions to solve application security issues at their root bull Develop or support threat modeling (threat type, impact, risk rating, counter-measures, residual risks, and gap analysis) for in-scope products bull Lead or support security and privacydata initiatives and ensure end-state product meets regulatory requirements bull Interact directly with the security community regarding vulnerabilities and threats, with focus on areas that may directly impact Lumen's product lines bull Promote security awareness, including recommended solutions and staying current on new threats, vulnerabilities and best practices bull Provide web and cloud security guidelines and solutions to Development teams on authentication, authorization, session management, data protection (encryption)key management, etc. Technical Experience bull Experience with threat modeling, security design reviews, and security architecture bull Software development experience is a plus bull Experience with CICD pipelines and Agile methodologies bull Experience with Cloud security architecture and deployment models bull Experience with securing highly sensitive data and maintaining its security as a top priority bull Experience with LDAP, SSO, SAML, Active Directory, MFA, etc. bull Demonstrate knowledge of security technologies, trends, leading practices, and regulatory requirements and government security standards such as FedRAMP and Controlled Unclassified Information (CUI) standards, along with best practices such as NIST Cybersecurity Framework (CSF), ISO 27001-27002, ISO 22301, PCI, SOC 1 SOC 2 and other applicable security and privacy laws. Minimum Qualifications Experience in the administration, design and implementation of security controls including experience in applying methodologies and principles for all levels of security. Excellent oral and written communication skills, collaboration skills, and experience in presenting technical issues to all levels of management, as well as non-technical staff. Must possess current applicable professionaltechnical certifications, such as CISSP, GPEN, GWAPT, GISEC, CISM or CISA. Experience with technologies, tools and process controls to minimize risk and data exposure. Understanding of common computing attack vectors information, host and network security hardening and requirements networking protocols common intrusion techniques and common risk management concepts. Understanding of Microservices software development and Secure DevOps principles. Understanding of virtualization technologies and virtualization security concepts Broad technical knowledge of current and emerging technologies used both within the corporate infrastructure and in delivering customer facing services. Preferred Qualifications Knowledge of information security industry and regulatory obligations (ISO 2700127002, SOX, PCI, NIST Framework, FISMA, FedRAMP. HIPAA, NACHA, SSAE-16 and GDPR). Application development andor source code review experience in CC++, C, VB.NET httpVB.NET , ASP, PHP, PERL, Python, or Java. Knowledge of project management practices. Experience in large Enterprise data centers andor networks.