Incident Response Engineer - Splunk Content Creation - Arizona / Lousi
Posted on: November 23, 2020
Lumen is guided by our belief that humanity is at its best when
technology advances the way we live and work. With 450,000 route
fiber miles serving customers in more than 60 countries, we deliver
the fastest, most secure global platform for applications and data
to help businesses, government and communities deliver amazing
experiences. Learn more about Lumen's network, edge cloud, security
and communication and collaboration solutions and our purpose to
further human progress through technology at news.lumen.com,
LinkedIn: /lumentechnologies, Facebook: /lumentechnologies, and
YouTube: /lumentechnologies.The Main Responsibilities
- Create and support efficient Splunk Enterprise Security
searches & event correlation for threat identification and alert
- Partner with others for addition of event feeds into the SIEM
ensuring accurate event parsing, event filtering, event
aggregation, and event transmission from various sources.
- Respond to, remediate and document information security
incidents related to corporate software applications as well as
information security incidents not limited to dashboard (Advanced
Threat Appliance & SIEM) alerts, tickets, emails, or phone
- History of securing applications and application settings
withing a large corporation.
- Actively hunt the enterprise for insecure, suspicious, or
- Review data that is processed within the SIEM to find
suspicious events as well as ineffective data.
- Verify incident source alert notifications are authentic and
- Identify and resolve incidents that are not defined by (or
deviate from) an existing incident response guides.
- Assist with significant incidents as needed or assigned.
- Provide feedback for development and consistency of automated
threat detection mechanisms.
- Update and maintain response guides for accuracy.
- Security projects dedicated to improving Cyber Defense Team or
Lumen's security posture.
- Support and enhance Lumen's abilities to detect and respond to
security incidents including internal events, targeted attacks, and
all other cyber incidents.
- Ensure Corporate Security owned infrastructure, event feeds,
event processing, and asset intelligence are available and
- Support the business units within Lumen by assisting as a
liaison between Cyber Defense and other business units.
- Discover, implement, and automate of "Indicators of Compromise"
in order to detect intrusions, and significantly lower time to
- Facilitate the coordinated response to an intrusion, minimize
the impact of the threat, return the integrity of Lumen assets and
network as quickly as possible.
- Research and understand initial threat vectors and create
protection mechanisms to prevent threat recurrences.
- Recommend security best practices and system configuration
- Facilitate and lead incident response calls; provide
documentation and reports to senior management.
- Perform an on call shift rotation.
- Demonstrate effective communication skills, both verbal and
written. What We Look For in a Candidate Minimum Qualifications:
- Undergraduate degree in Computer Science Engineering, related
field, or equivalent experience.
- 5+ years of experience in incident response, computer forensics
security, risk assessments, application security or network
- Familiarity with project management.
- Excellent understanding of common computing platforms,
including Windows Server, RedHat Linux Server, and vendor specific
- Excellent understanding of securing common business
- Development experience in scripting languages such as Python or
- Considered expert in one (or more) of the following areas:
networking, operating system (MS/Unix/Linux), database, security or
- Strong work ethic, demonstrated self-starter, ability to work
in a fast paced, team-oriented environment with excellent verbal
and written communication skills.
- Candidate must possess, or be willing to pursue, applicable
professional/technical certifications, such as Security +, C-EH,
OSCP, GCIH, CISSP, GPEN, GWAPT, GISEC, CISM or CISA. Preferred
- 5+ years of dedicated experience in incident response, malware
reversing, or security research.
- Proficient with regular expressions, PERL, and/or XML
- Hands on experience using commercial Security Incident and
Event Management (SIEM), "Next-generation" firewalls, web-content
filtering systems, and/or Intrusion Prevention Systems.
- Professional/technical certifications, such as Certified
Information Systems Security Professional (CISSP), Security+,
Microsoft Certified IT Professional, Linux Professional Institute
Certifications, GIAC Certified Incident Handler (GCIH), or
equivalent System Administration related certifications.
- Experience with large enterprise data centers and/or networks
- Experience reverse engineering malware and malware analysis.
Requisition #: 232255EEO Statement
We are committed to providing equal employment opportunities to all
persons regardless of race, color, ancestry, citizenship, national
origin, religion, veteran status, disability, genetic
characteristic or information, age, gender, sexual orientation,
gender identity, marital status, family status, pregnancy, or other
legally protected status (collectively, "protected statuses"). We
do not tolerate unlawful discrimination in any employment
decisions, including recruiting, hiring, compensation, promotion,
benefits, discipline, termination, job assignments or
The above job definition information has been designed to indicate
the general nature and level of work performed by employees within
this classification. It is not designed to contain or be
interpreted as a comprehensive inventory of all duties,
responsibilities, and qualifications required of employees assigned
to this job. Job duties and responsibilities are subject to change
based on changing business needs and conditions.
Keywords: Lumen, Littleton , Incident Response Engineer - Splunk Content Creation - Arizona / Lousi, Engineering , Littleton, Colorado
Didn't find what you're looking for? Search again!