Job DescriptionJob ID:22002258

"Windstream is considered an essential business and we are HIRING NOW. As our company responds to COVID-19, the safety and wellbeing of our employees, customers, partners and communities is our top priority."

Specialist Info Security

Job Functions:

• Collect and develop cyber threat intelligence to apply to infrastructure and our security controls in order to protect the Windstream environment from known cyber-attack vectors.
• Continuously evaluate and improve the effectiveness of our Security Incident Event Monitoring (SIEM), providing adjustments to security tools, log ingestion and rules sets as required with the ever-changing threat landscape.
• Identify high payoff targets for cyber threat actors within the Windstream environment and ensure effective monitoring tools are in place to detect cyber threat activity.
• Identify process automation opportunities on existing incident response practices
• Drive agile automation solutions and streamline workflows to enhance detection capabilities.
• Participate in the tuning that manage the detection and response capabilities.
• Serve as the technical escalation point for Tier 1 analysts
• Detect and respond to workstation, server and network incidents using SIEM, behavioral analytics, and network analysis.
• Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify potential threats to network security.
• Knowledge of IT Security principles, techniques and technologies
• Knowledge and understanding of network protocols, network devices, multiple operating systems, and secure architectures
• Analyst will respond in a consistent and well-organized manner to help mitigate the impact of cybersecurity incidents on the Windstream environment.
• Ensures identified incidents are formally documented and tracked according to Windstream's Cyber Security policy and guidance from detection through resolution.
• Conduct threat detection and incident handling activities by leveraging security best practices and current detection/response platforms.
• Classify and prioritize threats through use of cyber threat intelligence, intrusion detection systems, firewalls and other boundary protection devices, and any security incident management products deployed.
• Prepares and assists with log source evidence collection related PCI-DSS, SOX and other Windstream requests.
• Participate in Red/Blue team activities.
• Participates in tabletop exercises.
• Willing to work in a 24X7 support schedule.
• Provide strong subject matter expertise.
• Mentor and assist with training plans with junior analysts
• Review all rule tuning request for all of the TDR toolset.
• Conduct threat hunting exercises by leveraging security best practices and current detection/response platforms.
• Document remediation plans to contain and eradicate the threat and secure the environment
• Serve as the technical escalation point for Tier I & II analysts and or MSSP
• Knowledge and experience in analysis of various threat actor groups, attack patterns and tactics, techniques, and procedures (TTPs), deep analysis of threats across the enterprise by combining security rules, content, policy and relevant datasets
• Experience with industrial taxonomies like Cyber Kill Chain, MiTRE's ATT&CK, MiTRE's CAPEC, MiTRE's CAR, NIST, CIF, SANS and STIX 2.0

Required Skills or Experience

• Experience with current cyber threats and the associated tactics, techniques and procedures used to exploit computer networks.
• Cloud experience with AWS and/or Azure environments.
• Knowledge about exploits, vulnerabilities, and cyber attacks
• Proficiency with common cybersecurity frameworks and regulatory requirements like MITRE ATT&CK, Kill Chain, OWASP.
• Strong process execution, time management and organizational skills.
• Familiarity with performing host and network level analysis to determine compromise.
• Familiarity with performing host and network level analysis to determine compromise.
• Experience triaging security events using a variety of tools including QRADAR, FireEye, and or MVision in a security operations environment.
• Experience with packet flow, TCP/UDP traffic, firewall technologies, IDS technologies (e.g., Snort rules), proxy technologies, and antivirus, spam and spyware solutions.
• Experience conducting incident response activities and seeing incidents through to successful remediation.
• Knowledge of IT Security principles, techniques and technologies
• Knowledge and understanding of network protocols, network devices, multiple operating systems, and secure architectures
• Excellent analytical and problem solving skills.
• The ability to learn new technology and concepts quickly
• Strong process execution, time management and organizational skills.
• Strong understanding of malware analysis concepts and methodologies.
• Knowledge and understanding of network protocols, network devices, multiple operating systems, and secure architectures
• Understanding of Risk Management Framework and supporting NIST Publications including FIPS 199 & 200, SP 800-53, 800-70, 800-37
• Strong Familiarity with Linux, Windows, and cyber forensic evidence concepts
• Strong Familiarity with performing host and network level analysis to determine compromise.
• Fundamental knowledge in evaluating and analyzing full packet captures
• Deep knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Strong understanding of malware analysis concepts and methodologies.
• Ability to work independently on initiatives with little oversight.

Minimum Requirements:

College degree in a Technical or related field and 3-5 years professional level experience with 0-1 year supervisory experience for roles with supervision; or 7+ years professional level related Technical experience with 0-1 year supervisory experience for roles with supervision; or an equivalent combination of education and professional level related Technical experience required.

Required Certifications

At least one of the following certifications is required or must be obtained within your first 12 months of employment: CISSP or Sans Core Training (599, 508, or 504)
Job RequirementsMinimum Req [ Link Removed ] degree in a Technical or related field and 3-5 years professional level experience with 0-1 year supervisory experience for roles with supervision; or 7 years professional level related Technical experience with 0-1 year supervisory experience for roles with supervision; or an equivalent combination of education and professional level related Technical experience required.

EEO Statement:Windstream is an equal opportunity employer. At Windstream, we celebrate the authenticity and uniqueness of our people and their ideas. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, genetic information, protected veteran status, current military status, disability, sexual orientation, gender identity, marital status, creed, citizenship status, or any other status protected by law, and to give full consideration to qualified disabled individuals and protected veterans. The diverse voices of our employees fuel our innovation and our inclusive culture. Employment at Windstream is subject to post offer, pre-employment drug testing.