Analyst II-Info Security in Work From Home at Windstream

Date Posted: 2/15/2021

Job Snapshot

  • Employee Type:
    Full-Time
  • Job Type:
  • Experience:
    2 to 4 years
  • Date Posted:
    2/15/2021

Job Description

Job ID:21000657

Security Risk Analyst II

The Security Risk Analyst II will be a part of the Security & Vulnerability Testing Team focused on vulnerability and application testing.  The Application Security Team works with the application development teams to ensure technology security and vulnerabilities are addressed and remediated throughout the system development life cycle (SDLC).  Primary focus is to provide proactive solutions to correct vulnerabilities or mitigate security risks.  In this exciting role, you will work with business units, process owners, and cutting-edge technologies to assess, detect, and mitigate security risks.  The ideal candidate for this position should have IT security experience, excellent networking skills, a strong understanding of information security risks, IT technologies, and a passion for the security discipline. The Security Risk Analyst II will assist in application security testing, dynamic application system testing (DAST), developing IT security risk profiles, execute on project initiatives, and participating in governance activities to ensure risks are appropriately identified and addressed during code reviews and SDLC.

SPECIFIC RESPONSIBLITIES INCLUDE, BUT ARE NOT LIMITED TO:

The individual should demonstrate effective communication skills, an understanding of application security, and will exercise judgment within existing practices and policies.

  • Perform baseline static application security assessments (SAST) on new applications and changes to applications
  • Assist application security risk or compliance remediation efforts and communication
  • Experience working in a consultative role providing guidance and requirements to development, systems, network and infrastructure teams, while driving the enterprise risk and security strategy and policies
  • Prepare and present application security assessment reports and recommendations to reduce information security risks to system owners and business units
  • Maintain partnerships with application development teams, participate in corrective action plans for identified issues
  • Communicate and collaborate with multiple lines of business and information technology teams within Windstream to help provide effective solutions
  • Build effective relationships with key stakeholders who own and support IT infrastructure, applications, processes and operations
  • Engage in the initial requirements definition (including analysis of threats and risks and alignment with architecture standards)
  • Assist with threat modeling and architecture risk analysis, including Secure SDLC testing requirements throughout the development lifecycle
  • Populate and extrapolate and maintain metrics and reporting data
  • Identify enhancements to IS tools, standards, and processes
  • Other duties as assigned

REQUIRED SKILLS AND EXPERIENCE:

  • College degree in business, computer science, information systems, engineering, or a related discipline required or equivalent security certification
  • 2+ years of experience with Information Security and Risk Management initiatives, teams, and programs or equivalent course work
  • Application security testing experience and development exposure
  • Familiarity with Micro Focus Fortify on Demand, Trustwave App Scanner, Tenable Nexxus Security Center, or similar industry tools
  • Understanding of the Information control areas including Authentication, Authorization, Access Control, auditing, cryptography for applications
  • Working knowledge of OWASP Guidelines (XSS, SQL Injection, etc.) for application security
  • Experience with network security technologies including firewalls, Intrusions Detection and Prevention Systems, Router ACLs, Enterprise Anti-Virus, Content Filtering, etc.
  • Awareness of project management methodologies

PREFERRED SKILLS AND EXPERIENCE:

  • Knowledge of software development lifecycle processes, integration of security assessments in System Development Life Cycle (SDLC) process, and secure coding practices
  • Network / System Administration experience / background
  • Security Certifications a plus (i.e. CISSP, CISA, CSSLP, CEH, SSCP)
  • Familiarity with penetration testing practices

Job Requirements

Minimum Requirements: 

College degree in a Technical or related field and 2-4 years professional level experience; or 6 years professional level related Technical experience; or an equivalent combination of education and professional level related Technical experience required.



EEO Statement: Windstream is an equal opportunity employer. At Windstream, we celebrate the authenticity and uniqueness of our people and their ideas. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, disability and veteran status. The diverse voices of our employees fuel our innovation and our inclusive culture. Employment at Windstream is subject to post offer, pre-employment drug testing.