Job DescriptionJob ID:22002848

Info Security Engineer II

The Info Security Engineer II role partners with infrastructure and application teams to ensure visibility to vulnerabilities and continuously improve the security posture of environment. This individual will work closely with network engineering, product groups and infrastructure staff while performing cyber security vulnerability assessments through Vulnerability and Compliance scanning, Static Application Security Testing, Dynamic Application Security Testing, and ensuring proper reporting of vulnerabilities. The ideal candidate will also be capable of planning and designing effective Cyber Security processes and systems in support of the following security functions (Vulnerability Scanning, CASB, SAST, DAST, DAM, Red Team/Pen testing). The person in this position will apply proven communication, analytical and problem-solving skills to help identify, communicate, and resolve Info Security issues.

The candidate should have cyber security experience, system or network management background, a strong understanding of information security risks, IT technologies, and a passion for the security discipline.

Responsibilities:

• Implement, maintain, and monitor Vulnerability Management for Windstream's networks and systems.
• You will become the lead security expert for vulnerability scans, and act as a point of contact for Qualys VMDR.
• Ensure vulnerability scanners (Qualys Virtual Appliance) are utilized effectively.
• Execute baseline configuration (CIS) scans and evaluate and review for compliance to security baseline standards.
• Assist with web application security testing (Qualys WAS, Burp Suite) and effectively communicate the identified vulnerabilities to the application team.

• Adhere to and promote all Windstream and Windstream's Cyber Security policies and procedures.
• Familiarity with security frameworks, particularly NIST Cybersecurity Framework.
• Familiarity with compliance frameworks, particularly PCI and SOX
• Maintain confidentiality of all cybersecurity incidents, events, and information.
• Periodic on-call duty which may require nights and weekend work (i.e., emergency outages, scheduled maintenance activities).

• Build productive relationships with key stakeholders who own and support IT infrastructure, applications, processes, and operations.
• Provide strong subject matter expertise.
• Ability to effectively prioritize and execute tasks in a fast paced and rapidly changing environment.
• Must have strong communication skills, both verbal and writing skills.
• Team-oriented and skilled in working within a collaborative environment.

• Self-motivated and directed, strong time management and organizational skills.
• Performs other duties and responsibilities as assigned.

Required Skills/Competencies:

• College degree or currently enrolled in business, computer science, information systems, engineering, or a related discipline or equivalent combination of education and experience required

• Security Certification (i.e., CISSP, CISA, CSSLP, CEH, or SSCP)
• 4+ years of experience with cybersecurity initiatives, teams, and programs
• Working knowledge of OWASP Guidelines (XSS, SQL Injection, etc.) for application security
• Minimum of two (2) years IT Server or Network Engineering experience
• Understanding of Microservices and container vulnerability management (AquaSec)

• Familiar with common security testing software such as web application testing (ZAP, Burp Suite, Qualys), network security tools (wireshark, nmap, snort), and penetration testing tools (Metasploit)
• Strong background in one or more of the following: Windows, Active Directory, macOS, Linux, Mobile (Android, iOS), Web applications, backend services and servers, Advanced networking, virtualization, DevOps and/or cloud infrastructure
• Experience in some aspect of offensive security / Red Team testing (e.g., network penetration testing, application assessments, social engineering)
• Network / System Administration experience / background.

Job RequirementsMinimum Requirements: College degree in a Technical or related field and 3-5 years professional level experience with 0-1 year supervisory experience for roles with supervision; or 7 years professional level related Technical experience with 0-1 year supervisory experience for roles with supervision; or an equivalent combination of education and professional level related Technical experience required.

EEO Statement:Windstream is an equal opportunity employer. At Windstream, we celebrate the authenticity and uniqueness of our people and their ideas. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, genetic information, protected veteran status, current military status, disability, sexual orientation, gender identity, marital status, creed, citizenship status, or any other status protected by law, and to give full consideration to qualified disabled individuals and protected veterans. The diverse voices of our employees fuel our innovation and our inclusive culture. Employment at Windstream is subject to post offer, pre-employment drug testing.