Windstream Holdings, Inc., is a leading provider of advanced network communications and technology solutions for consumers, small businesses, enterprise organizations and carrier partners across the U.S.

• Kinetic is a premier internet solutions provider on a mission to deliver ultra-fast, reliable internet to consumers and small businesses across the U.S., helping them Internet better™.
• Windstream Enterprise is a leading managed services provider providing strategic communications and security products to mid-size businesses and enterprise clients.
• Windstream Wholesale provides high-capacity, high-performance networking solutions and services to other telecom carriers, data centers, content providers and enterprises.

The Windstream team provides innovative software and network solutions to connect people and empower business in a world of infinite possibilities!

ABOUT THE ROLE:

The Information Security Specialist is a crucial member of the Threat Detection and Response (TDR) team, dedicated to safeguarding the Uniti environment against cyber threats. This role involves a blend of expertise in cybersecurity tactics and an analytical mindset to detect, investigate, and mitigate potential security incidents. The Specialist will act as both a subject matter expert and a mentor, fostering knowledge and skills development within the team.

WHAT YOU’LL DO:

• Alert Management: Detect and respond to security alerts from both TDR and third-party tooling.
• Incident Handling: Coordinate a well-structured response to cybersecurity incidents to minimize their impact.
• Expertise Provision: Serve as a subject matter expert in information security within the organization.
• Mentorship: Provide guidance and help develop training plans for junior team members.
• Tool Optimization: Oversee the review and tuning of rules for all TDR tools.
• SIEM Enhancement: Continuously improve the SIEM system, adjust security tools, log ingestion, and rule sets in response to the evolving threat landscape.
• Playbook Development: Create incident response playbooks based on SOC escalation metrics.
• Automation and Streamlining: Develop and drive agile automation solutions to enhance detection capabilities, making use of Security Orchestration, Automation, and Response (SOAR) tools.
• Threat Modeling: Conduct threat modeling exercises to maintain robust security postures.
• Threat Hunting: Execute threat hunts on Common Vulnerabilities and Exposures (CVEs) and Indicators of Compromise (IOCs), ensuring effective monitoring.
• Remediation Documentation: Document remediation strategies to neutralize threats and secure the environment.
• Technical Escalation: Act as an escalation point for Tier I & II analysts or Managed Security Service Providers (MSSP).
• Incident Response: Manage the entire incident response process, from initial alert to recovery and post-incident analysis.
• Log Review and Engineering: Conduct log reviews and engineer the integration of log sources with security tools.
• Policy and Documentation Maintenance: Ensure the creation and updating of cybersecurity service standards, documentation, and processes.
• Incident Tracking: Formally document and track incidents from detection to resolution.
• Performance Metrics: Develop metrics for Incident Response to foster process improvements.
• Cyber Threat Intelligence: Collect and utilize threat intelligence to bolster defenses against known attack vectors.
• Threat Classification: Prioritize threats based on intelligence and system alerts.
• Compliance Assistance: Aid in artifact collection for compliance with standards such as PCI-DSS and SOX.
• Team Exercises: Engage in Red/Blue team activities and participate in tabletop exercises.
• Shift Availability: Availability to work on a 24x7 schedule to ensure continuous security coverage.