About the Role:
The Info Security Engineer I role partners with software development teams to bake-in security throughout the SDLC and continuously improve the security posture of releases. This individual will assist in performing secure code reviews and support remediation efforts. The ideal candidate can execute effective Info Security tools and processes in support of the following Info Security functions (CASB, DAM, Vulnerability Scanning, SAST, DAST, Red Team/Pen testing). This individual will apply proven communication, analytical and problem-solving skills to help identify, communicate, and resolve Info Security issues.
The candidate for this position should have cybersecurityexperience, application development skills, a strong understanding of information securityrisks, IT technologies, and a passion for the security discipline.
- Assess vulnerabilities in external code dependencies, and guide development towards a more secure state
- Use Micro Focus Fortify on Demand (FoD) to enable Static Application Security Testing (SAST) on Windstream developed applications.
- Execute web application security testing (automated and/or manual) and effectively communicate the identified vulnerabilities to the application teams.
- Support software development teams with understanding software vulnerabilities and implementing security fixes and ensuring application security scanners are optimized.
- Assist with vulnerability scans to identify system and network vulnerabilities
- Contribute to the secure software development lifecycle (SSDLC) and promotion of secure coding practices within software development teams.
- Understanding of fundamental cybersecurity concepts and technology.
- Adhere to all Windstream and Windstream's Cyber Security policies and procedures.
- Familiarity with security frameworks, particularly NIST Cybersecurity Framework and compliance frameworks, particularly PCI and SOX
- Participates in the research and identification of new and emerging technology to augment Windstream's cybersecurity posture.
- Periodic on-call duty which may require nights and weekend work (i.e., emergency outages, scheduled maintenance activities).
- Maintain confidentiality of all cybersecurity incidents, events, and information.
- Build relationships with key stakeholders who own and support IT infrastructure, applications, processes, and operations.
- Provide strong subject matter expertise.
- Ability to effectively prioritize and execute tasks in a fast paced and rapidly changing environment.
- Must have strong communication skills, both verbal and writing skills.
- Team-oriented and skilled in working within a collaborative environment.
- Self-motivated and directed, strong time management and organizational skills.
- Performs other duties and responsibilities as assigned.
- College degree or currently enrolled in business, computer science, information systems, engineering, or a related discipline or equivalent combination of education and experience required.
- 1+ years of experience with cybersecurity initiatives, teams, and programs.
- Working knowledge of OWASP Guidelines (XSS, SQL Injection, etc.) for application security
- Experience with one or more programming languages (such as C++, Java, .Net, Python, etc.)
- Familiar with common security testing software such as web application testing (ZAP, BurpeSuite, Qualys), network security tools (wireshark, nmap, snort), and penetration testing tools (Metasploit).
- Knowledge of network and web protocols, and Linux/Unix tools and architecture.
- Experience in one or more of the following: Windows, Active Directory, macOS, Linux, Mobile (Android, iOS), Web applications, backend services and servers, Advanced networking, virtualization, DevOps and/or cloud infrastructure.
- Experience in some aspect of offensive security / Red Team testing (e.g., network penetration testing, application assessments, social engineering).
- Network / System Administration experience / background.
College degree in a Technical or related field and 1-3 years professional level experience