Info Security Engineer II
The Info Security Engineer II role is partnering with software development teams to bake-in security throughout the SDLC and continuously improve the security posture of releases. This individual will lead teams to perform secure code reviews and identify remediation techniques that can be leveraged across the organization. The ideal candidate is capable of planning and designing effective Info Security processes and systems in support of the following Info Security functions (CASB, DAM, Vulnerability Scanning, SAST, DAST, Red Team/Pen testing). This individual will apply proven communication, analytical and problem-solving skills to help identify, communicate, and resolve Info Security issues.
The ideal candidate for this position should have cyber security experience, application development skills, a strong understanding of information security risks, IT technologies, and a passion for the security discipline.
- Work with software development teams to strengthen and improve overall security within Windstream developed applications.
- You will become the lead security expert for Static Application Security Testing (SAST), and act as the point of contact for Micro Focus Fortify on Demand (FoD).
- Execute web application security testing and effectively communicate the identified vulnerabilities to the application team.
- Support software development teams with understanding software vulnerabilities and implementing security fixes and ensuring application security scanners are utilized correctly.
- Identify vulnerabilities and misconfigurations and recommend remediations where necessary.
- Contribute to the secure software development lifecycle (SSDLC) and promotion of secure coding practices within software development teams.
- Understanding of fundamental cybersecurity concepts and technology.
- Adhere to all Windstream and Windstream's Cyber Security policies and procedures.
- Familiarity with security frameworks, particularly NIST Cybersecurity Framework.
- Familiarity with compliance frameworks, particularly PCI and SOX
- Maintain confidentiality of all cybersecurity incidents, events, and information.
- Periodic on-call duty which may require nights and weekend work (i.e., emergency outages, scheduled maintenance activities).
- Build productive relationships with key stakeholders who own and support IT infrastructure, applications, processes, and operations.
- Leads developing and communicating the cybersecurity architectural vision for supported security solutions.
- Provide strong subject matter expertise.
- Ability to effectively prioritize and execute tasks in a fast paced and rapidly changing environment.
- Must have strong communication skills, both verbal and writing skills.
- Team-oriented and skilled in working within a collaborative environment.
- Self-motivated and directed, strong time management and organizational skills.
- Performs other duties and responsibilities as assigned.
- College degree or currently enrolled in business, computer science, information systems, engineering, or a related discipline or equivalent combination of education and experience required.
- Security Certification (i.e. CISSP, CISA, CSSLP, CEH, or SSCP)
- 4 years of experience with cybersecurity initiatives, teams, and programs.
- Working knowledge of OWASP Guidelines (XSS, SQL Injection, etc.) for application security
- 2 years of experience with one or more programming languages (such as C , Java, .Net, Python, etc.)
- Familiar with common security testing software such as web application testing (ZAP, BurpeSuite, Qualys), network security tools (wireshark, nmap, snort), and penetration testing tools (Metasploit).
- Strong background in one or more of the following: Windows, Active Directory, macOS, Linux, Mobile (Android, iOS), Web applications, backend services and servers, Advanced networking, virtualization, DevOps and/or cloud infrastructure.
- Experience in some aspect of offensive security / Red Team testing (e.g., network penetration testing, application assessments, social engineering)
- Network / System Administration experience / background.
EEO Statement: Windstream is an equal opportunity employer. At Windstream, we celebrate the authenticity and uniqueness of our people and their ideas. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, disability and veteran status. The diverse voices of our employees fuel our innovation and our inclusive culture. Employment at Windstream is subject to post offer, pre-employment drug testing.
Let us know
Help us maintain the quality of jobs posted on RemoteTechJobs and let us know if: