LEAD INFORMATION SECURITY ENGINEER (ISSO with PQC)
Date: Jul 1, 2026
Location: Remote, US
Company: Lumen Technologies
Lumen is the trusted network for the AI‑powered world, connecting people, data, and applications through our expansive fiber network and connected ecosystem. We enable secure, high‑performance connectivity across cloud, edge, and AI workloads for enterprises, governments, and communities.
At Lumen, you’ll work on infrastructure customers rely on today and build for what’s next, where performance, security, and resilience matter.
This is a high accountability environment where bold ideas drive real innovation for our customers, partners, and industry. The work is challenging, expectations are clear, and trust is built into how we operate. If you’re ready to take ownership, deliver meaningful impact, and help shape the future of AI‑ready connectivity, join us today.
Location
This is a remote position open to candidates based anywhere in the U.S.
The Role
At Lumen, the Lead Information Security Engineer owns the development, maintenance, and defensibility of the security authorization package for assigned systems, ensuring compliance with federal requirements and readiness for assessment. In this role, you apply and refine your RMF expertise through end-to-end execution, working directly with customers and stakeholders to validate controls, surface risk, and drive remediation. Your impact is measured through the successful sustainment of Authorization to Operate (ATO) outcomes, the strength of the system’s security posture, and the ability to support secure, compliant delivery of mission-critical services.
The Lead ISSO may operate independently for smaller or less complex environments or in alignment with a Senior Lead (ISSM) for larger programs.
The successful candidate will demonstrate the ability to:
- Serve as the primary ISSO for assigned systems, accountable for end-to-end RMF execution and ATO outcomes
- Execute the full RMF lifecycle, including categorization, control implementation, assessment readiness, authorization support, and continuous monitoring
- Develop, maintain, and ensure accuracy of authorization artifacts (e.g., SSP, POA&M, control evidence)
- Ensure systems remain ATO-compliant, audit-ready, and aligned with federal requirements (e.g., FedRAMP, FISMA, DoD)
- Track, prioritize, and drive remediation of vulnerabilities, audit findings, and control deficiencies
- Provide system-level risk assessments and actionable recommendations, including impact and remediation considerations
- Monitor vulnerability, audit, and continuous monitoring data to maintain awareness of system risk posture
- Coordinate with engineering, operations, and program teams to ensure security controls are implemented effectively and sustainably
- Support security assessments, audits, and inspections as the ISSO representative, including direct interaction with assessors and customer stakeholders
- Evaluate products, services, and proposed architectures for compliance, risk, and implementation feasibility within customer authorization environments
- Support customer integration of managed services by defining control responsibilities, inheritance boundaries, and implementation expectations
- Provide input grounded in RMF execution and ATO processes to support solution design, capture efforts, and delivery alignment
The Main Responsibilities
- Strong working knowledge of NIST RMF (SP 800-37) and NIST SP 800-53 control framework
- Demonstrated experience executing RMF activities and supporting or leading ATO outcomes for federal or DoD systems
- Experience with FedRAMP and/or FISMA authorization processes, including artifact development and assessment readiness
- Ability to independently execute RMF activities and manage system-level security posture with minimal oversight
- Strong understanding of control implementation, inheritance, and shared responsibility models within complex or hybrid environments
- Ability to assess and communicate security risk in complex architectures, translating regulatory requirements into actionable guidance
- Experience evaluating security, compliance, and delivery feasibility of products, services, and architectures
- Working knowledge of cryptographic principles and emerging standards, including post-quantum cryptography (PQC), and ability to assess vendor solutions for compliance, risk, and implementation considerations
- Strong collaboration skills across engineering, operations, program management, and security teams
- Effective written and verbal communication skills for both technical and non-technical audiences
- Demonstrates Lumen leadership behaviors (teamwork, trust, transparency, clarity, courage, customer focus, growth mindset, respect)
What We Look For in a Candidate
- Bachelor’s degree in information assurance, cybersecurity, or a related field, or equivalent experience
- Minimum of 5 years of relevant experience in information assurance, with demonstrated responsibility for RMF execution and ATO support
- Proven experience developing and maintaining authorization artifacts (e.g., SSP, POA&M) and supporting security assessments
- Experience operating in customer-facing or services-based environments supporting federal or regulated clients is strongly preferred
- Relevant certifications in governance, risk, and compliance (e.g., CGRC, CISA) are strongly preferred or equivalent demonstrated RMF experience
- Broad security certifications (e.g., CISSP, CCSP) are preferred and may supplement GRC experience
- Proficiency with technologies, tools, and processes supporting GRC, vulnerability management, and continuous monitoring
Security Requirements
- US citizenship required.
- The capability to meet the suitability requirements for a GSA public trust position is required.
Compensation
|
This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual pay is based on skills, experience and other relevant factors.
|
| Learn more about Lumen's: |
| Benefits |
|
#LI-Remote |
Requisition #: 342682
Life at Lumen
Life at Lumen is human and connected, even in a fast moving, AI‑focused organization. We set clear expectations and trust people to meet them. With real support and shared accountability, teams collaborate better, move faster, and deliver meaningful outcomes.
Our Lumen 8 behaviors guide how we interact, make decisions, and work together, shaping a culture built to perform and win.
To learn more about Life at Lumen and how we live the Lumen 8, please visit:
https://jobs.lumen.com/global/en/life-at-lumen
Background Screening
If you are selected for a position, there will be a background screen, which may include checks for criminal records and/or motor vehicle reports and/or drug screening, depending on the position requirements. For more information on these checks, please refer to the Post Offer section of our FAQ page. Job-related concerns identified during the background screening may disqualify you from the new position or your current role. Background results will be evaluated on a case-by-case basis.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Equal Employment Opportunities
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, gender expression, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.
Privacy Notice
Lumen is committed to protecting the privacy and security of personal information collected during the recruitment and hiring process. Our Applicant Privacy Notice explains how we collect, use, disclose, and protect applicant information, as well as how individuals may request access to or deletion of their personal data.
To review Lumen’s Global Employment Applicant and Talent Community Privacy Notice, please visit:
https://jobs.lumen.com/global/en/privacy-notice
Disclaimer
The job responsibilities described above indicate the general nature and level of work performed by employees within this classification. It is not intended to include a comprehensive inventory of all duties and responsibilities for this job. Job duties and responsibilities are subject to change based on evolving business needs and conditions.
In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.
Please be advised that Lumen does not require any form of payment from job applicants during the recruitment process. All legitimate job openings will be posted on our official website or communicated through official company email addresses. If you encounter any job offers that request payment in exchange for employment at Lumen, they are not for employment with us, but may relate to another company with a similar name.
Job Segment:
Information Security, Database, Cyber Security, Engineer, Technology, Security, Engineering