Security Operations Center Engineer

Company Name: CenturyLink

Location: BROOMFIELD, CO, US - 80021


About CenturyLink
CenturyLink (NYSE: CTL) is the second largest U.S. communications provider to global enterprise customers. With customers in more than 60 countries and an intense focus on the customer experience, CenturyLink strives to be the world’s best networking company by solving customers’ increased demand for reliable and secure connections. The company also serves as its customers’ trusted partner, helping them manage increased network and IT complexity and providing managed network and cyber security solutions that help protect their business.

The Role

Federal SOC Information Security Engineers will provide monitoring, triage, and escalation support for internal Federal SOC and External Customer operations.  The SOC Information Security Engineers will work shifts to provide 24x7x365 coverage. SOC Information Security Engineers will work in tandem with other Information Security Engineers in the Global SOC and Federal NOC Organizations.


The Main Responsibilities
  • Review Global SOC Shift end Summary and SOC activity logs, emails, tickets, cases and other monitoring tools for complete understanding of previous shift activities and incidents with the goal of maintaining the highest level of customer service by keeping track of the critical customer impacting issue.
  • Provide monitoring and responding to alerts and events within SLAs.  Services and systems include but not limited to Splunk (internal/external SIEM), DDOS- Distributed Denial of Services mitigation, Firewalls alerts (MTIPS and MSS), TrendMicro Anti Virus, Tripwire File Integrity Checks, IDS/IPS for customers.
  • Monitor multiple ticketing systems and queues. Ensure tickets are created and notated within SLAs
  • Login to phone call queues to answer both internal and external calls
  • Triage DDOS attacks targeted on Federal Customers.
  • Work closely with FedNOC, the Federal SOC Tier II and Ops Eng teams
  • Escalate issues to Vendors, SOC Tier II and Ops Engineers as soon as there is a need
  • Adhere to all defined processes and procedures.
  • Provide process and operational improvement suggestions.


Competency requirements

  • Performs a long-term project leadership role working towards the development of new solutions, processes, tools, systems that have company-wide and possibly industry-wide impacts.
  • Frequent contact with senior leadership of customers and contractors for the purpose of creating and presenting innovative long-term solutions and managing key relationships.  Acts as a resource within the engineering and scientific communities to develop solutions or handle the most complex tasks for which existing methods and procedures may not apply.
  • Provides consultation and advice to Federal customers, engineers and management regarding work functions, processes, methods, procedures, and tools.  Develops and delivers technical and process training, including, documentation in areas of expertise and innovative areas of technology.


What We Look For in a Candidate
  • Have three years operational experience with 3 or more of the following security components.
    • Tripwire, TrendMicro, WebInspect, Tennable Nessus and Qualys vulnerability scanners, Splunk, Secure Log Management, Firewalls, Intrusion Detection.
  • Demonstrate a curiosity and a security threat hunting mindset.
  • Deal with work coming from diverse sources.
  • Diagnose Trip Wire Events, Trend Micro Events, System Events, Network Events from 4 Supported Environments with dissimilar architecture.
  • Access systems and restart security application agents.
  • Perform Gemalto Token PIN Provisioning, Repair, Revocation, re-provisioning, PIN change, Reset for internal and external Federal Customers.
  • Perform PIN and Token Tests to ascertain Gemalto MFA functionality is working properly.
  • Create multi-factor authentication (MFA) reports.
  • Perform MFA Token migration between servers.
  • Perform user verification in AD Systems as part of user authentication troubleshooting
  • Manually perform MFA systems checks to ascertain operational status.
  • Isolate trouble to a system by process of elimination.
  • Assemble and direct SWAT teams for Network wide Events.
  • Isolate BGP alerts and instruct the Federal NOC, IPSS, Strat Gov to follow-up on CPE or Circuit Issues.
  • Run searches in Splunk Search Heads.
  • Review alerts and reports in Splunk
  • Restart scheduled FISMA and STIGaaS Compliance vulnerability Scan or run adhoc Vulnerability Scans.
  • Respond to CDM (Continuous Diagnostics and Mitigation) Events.
  • Perform Analytics on events from customer networks per CDM Framework.
  • Take inbound call and work Ticket Queue for internal and external customers.
  • Manage Perimeter Fortigates and Palo Alto Firewalls in MTIPS, FEDRAMP Gov CCC, Palo Alto with IPS.
  • Resolve Customer Firewall Operations related changes and tickets.
  • Notify the CenturyLink FedNOC of a customer Low category event.
  • Notify the CenturyLink FedNOC of a customer Medium category event.
  • Notify the End User Federal Agency (EUA), and then the CenturyLink FedNOC, of a customer High Category Event.

Clearance: Government Suitability Clearance up to Top Secret as required.

Certifications: CEH, GIAC Certified Incident Handler (GCIH), CCNA, NSE4.

Education: BS Computer Science or related areas with experience.

Alternate Location: US-Colorado-Broomfield; US-Minnesota-St Paul

Requisition #: 229026

EEO Statement
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”).  We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.

The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.  Job duties and responsibilities are subject to change based on changing business needs and conditions.