Lead Network Information Security Architect

The Lead Network Information Security Architect within the Global Security Services organization is responsible for conducting security risk assessments specifically targeting network infrastructures in coordination with the Lumen business owners, the Governance, Risk, and Compliance team, and the Product and Platform Security team. The purpose is to ensure compliance with corporate policy, standards, procedures, and industry best practices. The deliverables include metrics, reports, and mitigations associated with potential findings, issues, and risks that could impact Lumen or its customers.

The successful candidate will have extensive technical knowledge of current and emerging network-related cyber threats, as well as security technologies and methods used to protect corporate and customer-facing network infrastructures. This candidate must be able to work independently and as a team leader to consult with internal clients on security topics, providing designs, reviews, and recommendations.

The Main Responsibilities

• Lead assessments of potential risks specifically targeting network infrastructures, including applications, databases, cloud environments, and provide security requirements and recommendations for risk mitigation related to network security.
• Consult as a network security subject matter expert with architects, engineers, third parties and others on potential solutions.
• Recommend new network-oriented information security systems and controls to mitigate emerging threats and risks across the company's network infrastructure.
• Ensure reports and findings on network security are delivered in a timely and appropriate manner to management, operations, and executive leadership.
• Recommend new network security policy, standards, best practices, and system configuration standards. Consult with internal clients on network security topics and policy interpretation.
• Coordinate activities across multiple departments and business units, emphasizing network security principles and practices.
• Stay up-to-date with emerging security trends, vulnerabilities, and best practices, and recommend adjustments to security strategies as needed. 

What We Look For in a Candidate

• 7+ years of relevant experience, including threat modeling, security design reviews, and security architecture
• Proficiency with next-generation firewalls from major vendors such as Palo Alto, Fortinet, and Checkpoint.
• Strong understanding of IDS/IPS technology, including signatures.
• Knowledgeable in Network Detection and Response (NDR).
• Thorough understanding of routing and switching (Access Control Lists (ACLs)).
• Experience with routing protocols (BGP, OSPF, etc.).
• Understanding of proper device hardening (routers, switches, etc.)
• Insight into proper segmentation concepts and enforcement methods.
• Comprehension of Zero Trust principles and their application to functional designs.
• Foundational knowledge of identity and access management concepts/principles, including Authentication and Authorization processes.
• Experience with web application firewalls (WAF)
• Knowledge of design and hardening for bastion/jump hosts
• Proficiency with remote access methods such as user VPN and ZTNA.
• Experience with VPN configuration (IPSEC)
• Understanding of software-defined networking (SDWAN).
• Knowledge of proper methods to secure enterprise and guest WIFI.
• Experience with security architecture and deployment models.
• Experience with securing highly sensitive data.
• Demonstrate knowledge of security technologies, trends, leading practices, and regulatory requirements and government security standards such as FedRAMP and Controlled Unclassified Information (CUI) standards, along with best practices such as NIST Cybersecurity Framework (CSF), NIST 800-171, NIST 800-53, ISO 27001-27002 and other applicable security and privacy laws.
• Strong teamwork and communication skills to collaborate with development, operations, and security teams. Ability to instill a security-first mindset throughout the organization. 
• Commitment to stay up to date with emerging industry updates, trends, security vulnerabilities, and new tools that can enhance security. Willingness to experiment with and adopt innovative solutions to improve security posture.