Search Jobs

CenturyLink Principal Information Security Architect - MFA / VPN / DLP in BROOMFIELD, Colorado

CenturyLink (NYSE: CTL) at is a global communications and IT services company focused on connecting its customers to the power of the digital world. CenturyLink offers network and data systems management, big data analytics, managed security services, hosting, cloud, and IT consulting services. The company provides broadband, voice, video, advanced data and managed network services over a robust 265,000-route-mile U.S. fiber network and a 360,000-route-mile international transport network. Visit CenturyLink at for more information.

Job Description

Responsible for developing high-level architectural designs, supporting engineering, documentation, implementation, and management of modern security infrastructure, processes, and long-term strategy. You will provide architectural framework, technical guidance, and operational leadership to the senior security technology team and other technical IT staff. This senior position will have both a strategic and tactical focus around modernizing networks, platforms, application security technologies; aligning HIPAA, NIST based security controls and industry best practices. Candidates will possess superior understanding of enterprise class security technology architecture, with a specific focus on modern solutions that consider user experience with strong security capabilities. Candidate should be an expert with host and network security hardening, networking protocols, common intrusion techniques, and risk management concepts. You will work closely with the CSO, Cyber Defense, CISO, technical engineering teams, vendors, and peer to provide superior security strategy advanced over industry norms. You will provide technical guidance and architectural leadership to our security operations team, engineer design members, and other technical IT staff. This advanced leadership role will mentor other members of the Active Defense team, and assist with escalations and lead advanced troubleshooting of Active Defense technologies as needed.

Technology Primary Focus: Multi-Factor Authentication (MFA), Radius Platform, & Virtual Private Networks (VPN).

  • Develop modern MFA and VPN architecture and implementation plans, with specific focus on user experience and integrated security solutions

  • Continuously improve the time, cost, and reduce risk associated with Access Request functionality, while driving future direction and evolution of access management technologies and processes.

  • Design solutions to manage the concept of multiple identities as they may lifecycle across multiple platforms including Active Directory, KnownAccess, Gemalto, Microsoft and other MFA solutions

  • Drive creative, economical, and elegant engineering solutions for technical challenges

  • Document and communicate solutions to the rest of the engineering team, third party vendors (as required), and all stakeholders (detail appropriate to the audience).

  • Mentor and direct junior members of the team.

  • Performs other projects and duties as assigned or required.

Additional future Support areas could include: Data Loss Prevention (DLP), Mail Filtering, Firewall, Intrusion Detection (IDS), Intrusion Prevention (IPS), TACACS Management, Virtual Private Network (VPN) Concentrators. Host-Based Instruction Detection Systems (HIDS), Host-Based Intrusion Prevention System (HIPS), Acceptable Use Policy, DMCA Complaints, Privilege Account Management Solutions


  • 15 years of professional experience in network, information technology or security (preferred) relevant experience, with compliance, governance and audit understanding

  • Bachelor’s Degree: Telecommunications, Computer Science, Engineering, Cybersecurity, related field or equivalent experience

  • Direct experience in security control architecture to address security requirements; identify control deficiencies and make recommendations

  • Proven expert with security tools and concepts such as firewalls, multi-factor authentication, TACACS, virtual private networks (VPN), intrusion detection and prevention, endpoint security, mobility management, Host-Based intrusion detection and prevention, SIEM, privilege management, data loss prevention, Email Filtering.

  • Expert with health monitoring tools and technologies

  • Extensive experience with multiple operating systems; Linux, Windows, macOS, Solaris

  • Extensive knowledge of networks, applications, operating systems, databases, scripting languages, etc.

  • Strong interpersonal and written/oral communication skills

  • Proven expert in risk-based assessment methodologies, threat modeling or other risk identification techniques

  • Excellent analytical and problem-solving skills with good knowledge of tools and techniques for anticipating, recognizing and resolving technical problems pertaining to security.

  • Experience with system security vulnerabilities and remediation techniques

  • Experience in large enterprise or carrier data centers and/or networks

  • Desired Certifications:

  • CISSP, CEH, GCIH, GPEN, GWAPT, GSEC, CISM or CISA or equivalent level certifications

  • Network or Operating System certifications current or expired.

Additional Information:

  • Can work anywhere in the US

  • Occasional travel required

Alternate Location: US-Colorado-Broomfield; US-Colorado-Littleton; US-Kansas-New Century; US-Missouri-St Louis; US-Ohio-Dublin; US-Texas-Austin; US-Virginia-Arlington; US-Virginia-Ashburn; US-Virginia-Herndon; US-Washington-Bellevue

Requisition # : 209101

This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at

EEO Statement

We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.


The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.