Job Function: The Specialist Info Security is a crucial member of the Threat Detection and Response (TDR) team, dedicated to safeguarding the Windstream environment against cyber threats. This role involves a blend of expertise in cybersecurity tactics and an analytical mindset to detect, investigate, and mitigate potential security incidents. The Specialist will act as both a subject matter expert and a mentor, fostering knowledge and skills development within the team. Key Responsibilities: Alert Management: Detect and respond to security alerts from both TDR and third-party tooling. Incident Handling: Coordinate a well-structured response to cybersecurity incidents to minimize their impact. Expertise Provision: Serve as a subject matter expert in information security within the organization. Mentorship: Provide guidance and help develop training plans for junior team members. Tool Optimization: Oversee the review and tuning of rules for all TDR tools. SIEM Enhancement: Continuously improve the SIEM system, adjusting security tools, log ingestion, and rule sets in response to the evolving threat landscape. Playbook Development: Create incident response playbooks based on SOC escalation metrics. Automation and Streamlining: Develop and drive agile automation solutions to enhance detection capabilities, making use of Security Orchestration, Automation, and Response (SOAR) tools. Threat Modeling: Conduct threat modeling exercises to maintain robust security postures. Threat Hunting: Execute threat hunts on Common Vulnerabilities and Exposures (CVEs) and Indicators of Compromise (IOCs), ensuring effective monitoring. Remediation Documentation: Document remediation strategies to neutralize threats and secure the environment. Technical Escalation: Act as an escalation point for Tier I & II analysts or Managed Security Service Providers (MSSP). Incident Response: Manage the entire incident response process, from initial alert to recovery and post-incident analysis. Log Review and Engineering: Conduct log reviews and engineer the integration of log sources with security tools. Policy and Documentation Maintenance: Ensure the creation and updating of cybersecurity service standards, documentation, and processes. Incident Tracking: Formally document and track incidents from detection to resolution. Performance Metrics: Develop metrics for Incident Response to foster process improvements. Cyber Threat Intelligence: Collect and utilize threat intelligence to bolster defenses against known attack vectors. Threat Classification: Prioritize threats based on intelligence and system alerts. Compliance Assistance: Aid in artifact collection for compliance with standards such as PCI-DSS and SOX. Team Exercises: Engage in Red/Blue team activities and participate in tabletop exercises. Shift Availability: Availability to work on a 24x7 schedule to ensure continuous security coverage. Required Skills or Experience: Comprehensive knowledge of network protocols, devices, operating systems, cloud computing, and secure architectures, including proficiency in Windows, Linux, Azure, and Oracle Cloud. Proficiency with SIEM, SOAR, IDS/IPS, EDR, Mail Gateways, Proxy, PKI, SYSLOG, and other network/security components. Proven experience in incident response and remediation. Familiarity with NIST Publications such as SP 800-53, 800-61, 800-70, 800-37. Understanding of IT Security principles, techniques, and technologies. Capability to conduct host and network analysis, including packet capture analysis. In-depth knowledge of the MITRE ATT&CK Framework, and understanding of OWASP, Kill Chain, and other security frameworks. Strong grasp of malware analysis concepts and methodologies. Ability to independently manage initiatives with minimal oversight. Ownership of toolsets or processes within the security domain. Expertise in managing Incidents, Service Requests, Change, and Problem management processes. Experience with current cyber threats and their exploitation tactics. Exceptional analytical and problem-solving skills. Excellent time management and organizational skills. Quick learner for new technologies and concepts. Required Certifications: Candidates must possess or be willing to obtain within the first 12 months of employment one of the following certifications: Certified Information Systems Security Professional (CISSP) or SANS Global Information Assurance Certification (GCIH). Physical Tasks- Standing Occasionally: 0-33% | Walking Occasionally: 0-33% |Sitting Continuously: 67-100% | Bending: Occasionally: 0-33% | Crouching: Occasionally: 0-33% | Pushing-Pulling: Occasionally: 0-33% | Carrying: Occasional: 0-33% | Reaching Above Head: Occasionally: 0-33% | Lifting-Lowering >1-15 lbs: Occasionally: 0-33% | Repetitive Hand Action: Medium Dexterity: Continuously: 67-100% | Fine Manipulating: frequently: 34% - 66%Audio Visual Needs - Hearing: Continuously: 67-100%| Near Vision: Continuously: 67-100% | Far Vision: Occasionally: 0-33% | Peripheral Vision: Occasionally: 0-33%Equipment Used in Job Performance: Computer, Printer, Telephone, Basic Office Supplies, Copier Minimum Requirements: College degree in a Technical or related field and 3-5 years professional level experience with 0-1 year supervisory experience for roles with supervision; or 7 years professional level related Technical experience with 0-1 year supervisory experience for roles with supervision; or an equivalent combination of education and professional level related Technical experience required. Actual base pay for this job will depend on the candidate's primary work location and other factors, such as relevant skills and experience The starting compensation range for this job is 76,300 to 104,000