Lumen is guided by our belief that humanity is at its best when technology advances the way we live and work. With 450,000 route fiber miles serving customers in more than 60 countries, we deliver the fastest, most secure global platform for applications and data to help businesses, government and communities deliver amazing experiences. Learn more about Lumen’s network, edge cloud, security and communication and collaboration solutions and our purpose to further human progress through technology at news.lumen.com, LinkedIn: /lumentechnologies, Twitter: @lumentechco, Facebook: /lumentechnologies, Instagram: @lumentechnologies and YouTube: /lumentechnologies.
We have an immediate need for a Splunk Enterprise Security Architect, to join the Security Architecture and Engineering team. In this role, you will be a part of a team that builds security products to protect the world’s largest companies, governments, and millions of homes from advanced security threats. Your specific responsibility will be to architect, engineer and oversee the deployment, configuration and support of the Splunk Enterprise Security environment. We are looking for a skilled and driven security expert capable of working independently and as part of the team, to complete tasks assigned by her/his leadership and have excellent communications skills and experience in presenting technical issues to a wide variety of audiences
The Main Responsibilities
- Architect, engineer, implement, administer, and maintain a complex and large Splunk Enterprise Security deployment, in a distributed and clustered environment, in support of the Security Operation center activities – designed to meet compliance requirements and growth while maintaining balance between performance, stability, and agility. Prior experience filtering logs and feeds for required and useful data, in order to minimize the system/data needs is desirable.
- Assist with the automation, deployment, integration, and testing of enterprise systems and services and create and optimize Big Data correlations as a Splunk search language (SPL) expert.
- Monitor and support event feeds to ensure accurate event parsing, event filtering, event aggregation, and event transmission from various sources (workstations, servers, network equipment, …) using network communication protocols, standards and systems such as SYSLOG-NG, Rsyslog, CEF, SSH/TLS, Kafka etc.
- Manage Splunk knowledge objects (Apps, Dashboards, Saved Searches, Scheduled Searches, Alerts). Develop custom applications for handling a variety of data sources. Build meaningful dashboards to provide customers with insights into their data.
- Create and Maintain API and DBConnect based integrations to asset and inventory systems for contextual data gathering and augmentation, as well as provide additional services to the customer, e.g. trouble ticket submission.
- Ensure the deployments meet requirements with respect to functionality, performance, scalability, and reliability while complying with company security standards and principles
- Create and analyze utilization statistics to identify causes for system and application degradations as well as recommend required system enhancements for business case and budget approval.
- Guide routine compliance and audit functions to ensure monitoring requirements of Lumen assets are satisfied.
- Develop, modify and follow associated security operation center processes applicable to the role (e.g. change and outage management).
- Recognized as a subject matter expert within and outside of the Company. The candidate must be able to work collaboratively with diverse end users and a geographically distributed team, and engage in direct communication with Director and VP level leadership.
- Lead architectural approval and security certification processes as needed.
- Responsible for generating high quality technical documentation and configurations to support architecture and solution designs, handoffs and user training
What We Look For in a Candidate
- Undergraduate degree in Computer Science, Engineering, Information systems or related field preferred. Additional years of experience can be substituted in lieu of a degree.
- Minimum of 8+ years of experience in a technical role, including 4+ years of relevant Splunk Enterprise, Enterprise Security administration, Splunk SIEM infrastructure configuration, and support experience.
- Certifications for Splunk Enterprise Certified Architect and Splunk Enterprise Security Certified Admin.
- Experience deploying and managing the Splunk event feed, indexing, processing and analytics infrastructure.
- Experience working in a large enterprise or service provider environment.
- Knowledge of enterprise logging, including application, OS, and security technology logging.
- Experience with Ansible Tower, playbooks and general systems and/or configuration administration through use of Ansible automation, plus experience supporting and administering CentOS7, RHEL 7, etc
- Excellent understanding of common computing platforms, including: Windows, RedHat & Ubuntu Linux Servers; must be very comfortable administering servers from the command line and working with configuration files.
- 3+ years development experience with scripting languages (Python Preferred).
- Development of custom tools and programs based on specified requirements.
- Strong networking experience to aid event collection and troubleshooting.
- Experience in analyzing general system processing throughput, utilization, and capacity.
- Experience in architecting the service provider-grade security infrastructure – with specific focus on Data Analytics, Event Log management, threat detection/prevention and asset intelligence systems.
- Strong work ethic, demonstrated self-starter with a high degree of energy, enthusiasm and a can do attitude to achieve outstanding, timely, and quality results and operate at the highest levels of excellence and process efficiency.
- Strong communication, presentation and teamwork skills and prior work in a collaborative environment
- Demonstrates Company’s values, maintains a positive open demeanor, encourages different points of view; provides timely information; communicates context for business decisions; fosters teamwork and collaboration
- This role requires the ability to design, architect and implement Splunk solutions in support of cybersecurity and operations analysts and data scientists. Customers may exist within the government (Federal, state, or local) and may require a US Government personnel security clearance.
- Experience working with other big data analytics solutions (Elastic Stack, Palantir, HP ArcSight, etc.) is a plus
Working experience in security architecture design, preferably with:
- Access control and firewalls/UTM devices including Web Application Firewall (WAF), Web Content Filtering, Intrusion Detection and Prevention (IDS/IPS) systems, Remote Network Access (IPsec VPN, SSL), Anti-Virus and Anti-Spam (AV/AS), Email and Messaging Security
- Distributed Denial of Service Architecture (DDoS), Flow and Application Monitoring
- Understanding of Integrated network architectures, cloud technologies
Requisition #: 241431
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.
The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.