Incident Response Engineer - Splunk Content Creation - Arizona / Lousi

Company: Lumen
Location: Littleton
Posted on: November 23, 2020

Job Description:

About Lumen
Lumen is guided by our belief that humanity is at its best when technology advances the way we live and work. With 450,000 route fiber miles serving customers in more than 60 countries, we deliver the fastest, most secure global platform for applications and data to help businesses, government and communities deliver amazing experiences. Learn more about Lumen's network, edge cloud, security and communication and collaboration solutions and our purpose to further human progress through technology at news.lumen.com, LinkedIn: /lumentechnologies, Facebook: /lumentechnologies, and YouTube: /lumentechnologies.The Main Responsibilities

• Create and support efficient Splunk Enterprise Security searches & event correlation for threat identification and alert generation.
• Partner with others for addition of event feeds into the SIEM ensuring accurate event parsing, event filtering, event aggregation, and event transmission from various sources.
• Respond to, remediate and document information security incidents related to corporate software applications as well as information security incidents not limited to dashboard (Advanced Threat Appliance & SIEM) alerts, tickets, emails, or phone calls.
• History of securing applications and application settings withing a large corporation.
• Actively hunt the enterprise for insecure, suspicious, or malicious activity.
• Review data that is processed within the SIEM to find suspicious events as well as ineffective data.
• Verify incident source alert notifications are authentic and trusted.
• Identify and resolve incidents that are not defined by (or deviate from) an existing incident response guides.
• Assist with significant incidents as needed or assigned.
• Provide feedback for development and consistency of automated threat detection mechanisms.
• Update and maintain response guides for accuracy.
• Security projects dedicated to improving Cyber Defense Team or Lumen's security posture.
• Support and enhance Lumen's abilities to detect and respond to security incidents including internal events, targeted attacks, and all other cyber incidents.
• Ensure Corporate Security owned infrastructure, event feeds, event processing, and asset intelligence are available and operating effectively.
• Support the business units within Lumen by assisting as a liaison between Cyber Defense and other business units.
• Discover, implement, and automate of "Indicators of Compromise" in order to detect intrusions, and significantly lower time to response.
• Facilitate the coordinated response to an intrusion, minimize the impact of the threat, return the integrity of Lumen assets and network as quickly as possible.
• Research and understand initial threat vectors and create protection mechanisms to prevent threat recurrences.
• Recommend security best practices and system configuration standards.
• Facilitate and lead incident response calls; provide documentation and reports to senior management.
• Perform an on call shift rotation.
• Demonstrate effective communication skills, both verbal and written. What We Look For in a Candidate Minimum Qualifications:
  • Undergraduate degree in Computer Science Engineering, related field, or equivalent experience.
  • 5+ years of experience in incident response, computer forensics security, risk assessments, application security or network security.
  • Familiarity with project management.
  • Excellent understanding of common computing platforms, including Windows Server, RedHat Linux Server, and vendor specific appliance support.
  • Excellent understanding of securing common business applications.
  • Development experience in scripting languages such as Python or Perl.
  • Considered expert in one (or more) of the following areas: networking, operating system (MS/Unix/Linux), database, security or programming.
  • Strong work ethic, demonstrated self-starter, ability to work in a fast paced, team-oriented environment with excellent verbal and written communication skills.
  • Candidate must possess, or be willing to pursue, applicable professional/technical certifications, such as Security +, C-EH, OSCP, GCIH, CISSP, GPEN, GWAPT, GISEC, CISM or CISA. Preferred Qualifications:
    • 5+ years of dedicated experience in incident response, malware reversing, or security research.
    • Proficient with regular expressions, PERL, and/or XML constructs.
    • Hands on experience using commercial Security Incident and Event Management (SIEM), "Next-generation" firewalls, web-content filtering systems, and/or Intrusion Prevention Systems.
    • Professional/technical certifications, such as Certified Information Systems Security Professional (CISSP), Security+, Microsoft Certified IT Professional, Linux Professional Institute Certifications, GIAC Certified Incident Handler (GCIH), or equivalent System Administration related certifications.
    • Experience with large enterprise data centers and/or networks and applications.
    • Experience reverse engineering malware and malware analysis. Requisition #: 232255EEO Statement
      We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, "protected statuses"). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.Disclaimer
      The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.
      

Keywords: Lumen, Littleton , Incident Response Engineer - Splunk Content Creation - Arizona / Lousi, Engineering , Littleton, Colorado