WindStream Communications Risk and Application Security Analyst in Twinsburg, Ohio
The Security Risk Analyst II will be a part of the Application Security Team focused on code quality. The Application Security Team works with the application development teams to ensure technology security and vulnerabilities are addressed and remediated throughout the system development life cycle (SDLC). Primary focus is to provide proactive solutions to correct vulnerabilities or mitigate security risks. In this exciting role, you will work with business units, process owners, and cutting-edge technologies to assess, detect, and mitigate security risks. The ideal candidate for this position should have IT security experience, excellent networking skills, a strong understanding of information security risks, IT technologies, and a passion for the security discipline. The Security Risk Analyst II will assist in application security testing, dynamic application system testing (DAST), developing IT security risk profiles, execute on project initiatives, and participating in governance activities to ensure risks are appropriately identified and addressed during code reviews and SDLC.
SPECIFIC RESPONSIBILITIES INCLUDE, BUT ARE NOT LIMITED TO:
The individual should demonstrate effective communication skills, an understanding of application security, and will exercise judgment within existing practices and policies. * Perform baseline static application security assessments (SAST) on new applications and changes to applications * Assist application security risk or compliance remediation efforts and communication * Experience working in a consultative role providing guidance and requirements to development, systems, network and infrastructure teams, while driving the enterprise risk and security strategy and policies * Prepare and present application security assessment reports and recommendations to reduce information security risks to system owners and business units * Maintain partnerships with application development teams, participate in corrective action plans for identified issues * Communicate and collaborate with multiple lines of business and information technology teams within Windstream to help provide effective solutions * Build effective relationships with key stakeholders who own and support IT infrastructure, applications, processes and operations * Engage in the initial requirements definition (including analysis of threats and risks and alignment with architecture standards) * Assist with threat modeling and architecture risk analysis, including Secure SDLC testing requirements throughout the development lifecycle * Populate and extrapolate and maintain metrics and reporting data * Identify enhancements to IS tools, standards, and processes * Other duties as assigned
REQUIRED SKILLS AND EXPERIENCE: * College degree in business, computer science, information systems, engineering, or a related discipline required or equivalent security certification * 2 years of experience with Information Security and Risk Management initiatives, teams, and programs or equivalent course work * Application security testing experience and development exposure * Familiarity with Micro Focus Fortify on Demand, Trustwave App Scanner, Tenable Nexxus Security Center, or similar industry tools * Understanding of the Information control areas including Authentication, Authorization, Access Control, auditing, cryptography for applications * Working knowledge of OWASP Guidelines (XSS, SQL Injection, etc.) for application security * Experience with network security technologies including firewalls, Intrusions Detection and Prevention Systems, Router ACLs, Enterprise Anti-Virus, Content Filtering, etc. * Awareness of project management methodologies
PREFERRED SKILLS AND EXPERIENCE: * Knowledge of software development lifecycle processes, integration of security assessments in System Development Life Cycle (SDLC) process, and secure coding practices * Network / System Administration experience / background * Security Certifications a plus (i.e. CISSP, CISA, CSSLP, CEH, SSCP) * Familiarity with penetration testing practices
College degree in a Technical or related field and 2-4 years professional level experience; or 6 years professional level related Technical experience; or an equivalent combination of education and professional level related Technical experience required.
Primary Location: *US-Ohio-Twinsburg
Job Category: IT
Requisition ID: 19000412
Other Locations: US-New York-Rochester, US-Arkansas-Little Rock, US-South Carolina-Greenville, US-North Carolina-Charlotte
Employment at Windstream is subject to post offer, pre-employment drug testing. Equal Opportunity Employer including minority/female/disability/veteran; Without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, disability, marital status, citizenship status, military status, protected veteran status or employment status. Windstream is a drug-free workplace.