IT SR ENGINEER - INFORMATION SECURITY

Company Overview

Lumos is a growing fiber service provider delivering high-speed broadband internet, Wi-Fi, digital voice, streaming TV, and other hosted communications services to residential and small business customers within Virginia, as well as in North Carolina where we are known as NorthState . We currently have an expanding network of over 5,000 routes miles of fiber with robust Fiber to the Premise (FTTP) broadband expansion plans underway to accelerate serving more homes and businesses with connectivity throughout the region. Our product offering is available to nearly 200,000 addresses and growing.

We are more than your average internet company. Our customers enjoy the fastest fiber speeds available built on a network they can truly count on - all backed by local, expert customer care teams. We know that fast, reliable Internet is what our customers need to stay connected to the things that matter. That continuous connection is our commitment to our community. Lumos and NorthState are sponsored by EQT Infrastructure, one of the most successful global private equity firms in the fiber industry space.

The Position

The Senior Information Security Engineer is responsible for protecting the confidentiality, availability, and integrity of company information systems and data, ensuring the company's policies, processes, and procedures are accurate, up-to-date, and reflect best practices, and ensuring company compliance with applicable policies, laws, regulations, and insurance requirements.

This role is responsible both for the development of new capabilities and for ongoing operations of internal security systems and processes, interfaces with multiple teams including infrastructure, operations, and development, and takes a leading technical role in researching and recommending new technology and practices.

Areas of focus for individual engineers may vary, but potential specialties include log management and SIEM, malware prevention, firewalls and intrusion detection, vulnerability management, policy, and security awareness, among others.

Duties & Responsibilities:

• Security Engineering & Automation - Plan, implement, and upgrade cybersecurity measures to protect company data. Support the development of security solutions to safeguard assets both on-premises and cloud assets. Leverage automation and act as an advocate for modern and security processes.
  
• Security Systems Administration & Monitoring - Administer and support the various systems in use by the information security team. Implement and support monitoring of systems, both on-premises and in the cloud, using Splunk or similar systems. Develop and enhance monitoring configurations to ensure visibility. Identify malicious network mapping and operating system fingerprinting activities.
  
• Vulnerability, Network, Firewall, and Identity Management - Assist in a backup capacity with conducting routine vulnerability scans and penetration tests. Analyze vulnerability results and manage the remediation process. Establish vulnerability performance indicators and develop reports. Collaborate with the networking and systems team with managing virtual private network (VPN) services, firewall requests, and multi-factor authentication.
• Tickets & Escalations, Incident Response & Investigation - Evaluate escalation requests from front line support teams and provide approvals or alternative guidance as required. Investigate reported cybersecurity incidents, creating thorough documentation of all activity and findings. Analyze identified malicious activity to determine weakness exploited, exploitation method, and remediation actions.
  
• Systems Testing and Auditing - Perform security testing against company systems. Provide support for remediation efforts as needed. Conduct routine company-wide information security assessments based on current security framework, and identify potential threats, risks, and gaps. Prepare assessment reports including assessment summaries and recommendations. Coordinate general controls audits and prepared required documentation for external audits.
  
• Security Policy - support the development and enforcement of enterprise security policies. Assist in departmental standards as appropriate. Audit systems and processes as needed.
• 
  Related duties as assigned.
  

Qualifications

• 
  B.S., Computer Science, Computer Engineering, or related field, or equivalent experience (M.S. preferred).
  
• 
  8+ years IT experience. 5+ years IT experience in a security, network infrastructure, or developer role. Security related certifications (e.g., CISSP, SANS/GIAC, GSEC, GCIH, OSCP) preferred.
  

Key Competencies:

• 
  Proficiency in at least one programming or scripting language, preferably more than one (e.g., Python, Bash, PowerShell, Java, ansible, terraform)
  
• 
  Experience with Windows, Linux, routers, firewalls and networking systems (DNS, DHCP, etc.)
  
• 
  Experience with cloud and cloud security technologies (Microsoft Azure, Office 365, Oracle Cloud, AWS)
  
• 
  Experience with a cross-section of security tools (e.g., Antivirus/EDR, Log management/SIEM)
  
• 
  Knowledge of network access, identity, and access management (e.g., public key infrastructure, OAuth, OpenID, SAML, SPML).
  
• 
  Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
  
• 
  Knowledge of network traffic analysis method, network mapping and recreating network topologies.
  
• 
  Knowledge of Virtual Private Network (VPN) security.
  
• 
  Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusion
  
• 
  Knowledge of relevant laws, legal authorities, restrictions, and regulations pertaining to information security activities
  
• 
  Ability to work independently
  
• 
  Demonstrated commitment to ongoing skills development
  
• 
  Strong written and oral communication skills, and critical thinking and analytical skills
  

Benefits: Includes Medical, Dental, and Vision insurance, 401K, Tuition Reimbursement, Gym Reimbursement, Paid vacation/holiday leave and more.

• North Carolina, USA
• Virginia, USA
• Virtual