Incident Responses Specialist-Info Security ( 100% Remote)

Job Function:

The Specialist Info Security is a crucial member of the Threat Detection and Response (TDR) team, dedicated to safeguarding the Windstream environment against cyber threats. This role involves a blend of expertise in cybersecurity tactics and an analytical mindset to detect, investigate, and mitigate potential security incidents. The Specialist will act as both a subject matter expert and a mentor, fostering knowledge and skills development within the team.

Key Responsibilities:

• Alert Management: Detect and respond to security alerts from both TDR and third-party tooling.

• Incident Handling: Coordinate a well-structured response to cybersecurity incidents to minimize their impact.

• Expertise Provision: Serve as a subject matter expert in information security within the organization.

• Mentorship: Provide guidance and help develop training plans for junior team members.

• Tool Optimization: Oversee the review and tuning of rules for all TDR tools.

• SIEM Enhancement: Continuously improve the SIEM system, adjusting security tools, log ingestion, and rule sets in response to the evolving threat landscape.

• Playbook Development: Create incident response playbooks based on SOC escalation metrics. Automation and Streamlining: Develop and drive agile automation solutions to enhance detection capabilities, making use of Security Orchestration, Automation, and Response (SOAR) tools.

• Threat Modeling: Conduct threat modeling exercises to maintain robust security postures.

• Threat Hunting: Execute threat hunts on Common Vulnerabilities and Exposures (CVEs) and Indicators of Compromise (IOCs), ensuring effective monitoring.

• Remediation Documentation: Document remediation strategies to neutralize threats and secure the environment.

• Technical Escalation: Act as an escalation point for Tier I & II analysts or Managed Security Service Providers (MSSP).

• Incident Response: Manage the entire incident response process, from initial alert to recovery and post-incident analysis.

• Log Review and Engineering: Conduct log reviews and engineer the integration of log sources with security tools.

• Policy and Documentation Maintenance: Ensure the creation and updating of cybersecurity service standards, documentation, and processes.

• Incident Tracking: Formally document and track incidents from detection to resolution.

• Performance Metrics: Develop metrics for Incident Response to foster process improvements.

• Cyber Threat Intelligence: Collect and utilize threat intelligence to bolster defenses against known attack vectors.

• Threat Classification: Prioritize threats based on intelligence and system alerts.

• Compliance Assistance: Aid in artifact collection for compliance with standards such as PCI-DSS and SOX.

• Team Exercises: Engage in Red/Blue team activities and participate in tabletop exercises.

• Shift Availability: Availability to work on a 24x7 schedule to ensure continuous security coverage.

Required Skills or Experience:

• Comprehensive knowledge of network protocols, devices, operating systems, cloud computing, and secure architectures, including proficiency in Windows, Linux, Azure, and Oracle Cloud.

• Proficiency with SIEM, SOAR, IDS/IPS, EDR, Mail Gateways, Proxy, PKI, SYSLOG, and other network/security components.

• Proven experience in incident response and remediation.

• Familiarity with NIST Publications such as SP 800-53, 800-61, 800-70, 800-37.

• Understanding of IT Security principles, techniques, and technologies.

• Capability to conduct host and network analysis, including packet capture analysis.

• In-depth knowledge of the MITRE ATT&CK Framework, and understanding of OWASP, Kill Chain, and other security frameworks.

• Strong grasp of malware analysis concepts and methodologies.

• Ability to independently manage initiatives with minimal oversight.

• Ownership of toolsets or processes within the security domain.

• Expertise in managing Incidents, Service Requests, Change, and Problem management processes.

• Experience with current cyber threats and their exploitation tactics.

• Exceptional analytical and problem-solving skills.

• Excellent time management and organizational skills.

• Quick learner for new technologies and concepts.

Required Certifications:

Candidates must possess or be willing to obtain within the first 12 months of employment one of the following certifications: Certified Information Systems Security Professional (CISSP) or SANS Global Information Assurance Certification (GCIH).

Our Benefits:

• Medical, Dental, Vision Insurance Plans
• 401K Plan
• Health & Flexible Savings Account
• Life and AD&D, Spousal Life, Child Life Insurance Plans
• Educational Assistance Plan
• Identity Theft, Legal, Auto & Home and Pet Insurance
• https://windstreambenefits.com

Windstream DEI&B Statement:

Connecting people in a world of infinite possibilities. At Windstream, we celebrate the authenticity and uniqueness of our people and their ideas. The diverse voices of our employees fuel our innovation and the inclusive, equitable culture we are building fosters belonging and empowers each one of us to create amazing customer experiences.

Our Employee Resource Groups:

• WinVets – Veteran Employee Resource Group

• WOW – Women Employee Resource Group

• WINPRIDE – LGBTQ+ Employee Resource Group

• WBPN – Black Professional Resource Group

• WARG – Ability Resource Group

• LaFamilia –Hispanic Resource Group

The starting compensation range for this job is: 76,300 - 104,200

Actual base pay for this job will depend on the candidate's primary work location and other factors, such as relevant skills and experience.

Job Requirements

Qualifications

Minimum Requirements: College degree in a Technical or related field and 3-5 years professional level experience with 0-1 year supervisory experience for roles with supervision; or 7 years professional level related Technical experience with 0-1 year supervisory experience for roles with supervision; or an equivalent combination of education and professional level related Technical experience required.

EEO Statement: Windstream is an equal opportunity employer. At Windstream, we celebrate the authenticity and uniqueness of our people and their ideas. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, genetic information, protected veteran status, current military status, disability, sexual orientation, gender identity, marital status, creed, citizenship status, or any other status protected by law, and to give full consideration to qualified disabled individuals and protected veterans. The diverse voices of our employees fuel our innovation and our inclusive culture. Employment at Windstream is subject to post offer, pre-employment drug testing.