Job Description

Info Security Principal

The Info Security Principal serves as one of the company’s principal Info Security Engineers that can speak to the cybersecurity landscape, effective cybersecurity tools and processes, as well as discuss and present to members of diverse levels of Windstream's Cyber Security organization.  This role also partners with infrastructure and application teams to ensure visibility to vulnerabilities and continuously improve the security posture of environment.  The ideal candidate will also be capable of planning and designing effective cybersecurity processes and systems in support of the following security functions (Red Team/Pen testing, vulnerability scanning, CASB, SAST, DAST).  The individual in this position will apply proven communication, analytical and problem-solving skills to help identify, communicate, and resolve Info Security issues. 

The candidate must be well organized, results orientated, team player capable of working under a minimum of supervision.  As well as have cyber security experience, system or network management background, a strong understanding of information security risks, IT technologies, and a passion for the security discipline.

Responsibilities:

• Direct cybersecurity testing on new applications and changes to applications and supporting infrastructure.
• Lead security expert and primary point of contact for Red Team and penetration testing activities.
• Perform static application security testing (SAST) and dynamic application security testing (DAST)
• Work with the application development teams to ensure security vulnerabilities are understood, addressed, and remediated throughout the system development life cycle (SDLC).
• Assist with application security risk or compliance remediation efforts and communications.
• Prepare and present security assessment reports and recommendations to reduce cybersecurity risks to system owners and business units.
• Develop and implement security solutions that support a global connected (cloud) platform across multiple regions and countries
• Leverage web application security testing tools (Qualys, Burp Suite) and effectively communicate the identified vulnerabilities to the application team.
• Implement, maintain, and oversee Vulnerability Management for Windstream’s networks and systems.
• Support infrastructure and application teams with understanding vulnerabilities and implementing security fixes.
• Identify vulnerabilities and misconfigurations and recommend remediations where necessary.
• Adhere to all Windstream and Windstream's Cyber Security policies and procedures.
• Familiarity with security frameworks, particularly NIST Cybersecurity Framework.
• Familiarity with compliance frameworks, particularly PCI and SOX
• Maintain confidentiality of all cybersecurity incidents, events, and information.
• Periodic on-call duty which may require nights and weekend work (i.e., emergency outages, scheduled maintenance activities).
• Leads developing and communicating the cybersecurity architectural vision for supported security solutions.
• Provide strong subject matter expertise.
• Ability to effectively prioritize and execute tasks in a fast paced and rapidly changing environment.  
• Must possess strong communication skills, both verbal and writing skills.
• Team-oriented and skilled in working within a collaborative environment.
• Self-motivated and directed, strong time management and organizational skills.
• Performs other duties and responsibilities as assigned.  

Required Skills/Competencies:

• College degree or currently enrolled in business, computer science, information systems, engineering, or a related discipline or equivalent combination of education and experience required
• Security Certification (i.e., CISSP, OSCP, CSSLP, CEH, or SSCP)
• Understanding of fundamental cybersecurity concepts and technology.
• 6+ years of experience with cybersecurity initiatives, teams, and programs, 15+ years total of IT experience a plus
• Strong background in one or more of the following: Windows, Active Directory, DevOps, Linux, Mobile (Android, iOS), Web applications, backend services and servers, advanced networking, virtualization, and/or cloud infrastructure.
• Experience in some aspect of offensive security / Red Team testing (e.g., network penetration testing, application assessments, social engineering)
• Working knowledge of OWASP Guidelines (XSS, SQL Injection, etc.) for application security
• Familiar with common security testing software such as web application testing (ZAP, Burp Suite, Qualys), network security tools (wireshark, nmap, snort), and penetration testing tools (Metasploit).
• Network / System Administration experience / background. 

#LI-TG1