Pro/Sr

University Staff Description University of Colorado Anschutz Medical Campus

Department: Information Security and IT Compliance (ISIC)

Job Title: Pro/Sr./Principal Application Security Engineer

Position - Requisition

Job Summary:

Does this describe you?

Do you enjoy using your skills to hunt and resolve threats against web applications? Do you thrive in a fast-paced work environment? Would your work be more rewarding for you if you were working for an organization whose missions include transforming lives, uplifting communities, improving healthcare, and creating breakthroughs in medical research? Would you enjoy having holidays off, great vacation benefits and the opportunity to work in a hybrid environment? We have a dynamic, diverse Security Operations team with highly skilled, collaborative professionals that love to learn and enjoy solving problems. If these things sound like a good fit for you, we'd love to know more about YOU.

Security Administration:
•  Configure, deploy, and manage web application firewalls to protect web applications from attacks, such as SQL injection, cross-site scripting (XSS), and other OWASP Top 10 threats.
•  Continuously monitor web application firewall alerts and logs to identify and respond to potential security incidents.
•  Develop and maintain web application firewall policies and rules to ensure optimal protection and performance of web applications.
•  Investigate and respond to security incidents related to web application firewalls and enterprise applications, providing detailed analysis and remediation steps.
•  Collaborate with development and operations teams to integrate web application firewall solutions into the application development lifecycle.
•  Develop and enforce application security policies, standards, and guidelines to ensure compliance with industry best practices and regulatory requirements.
•  Monitor threat feeds that provide information about updates, patches, and recommended security controls for applications.
•  Collaborate with Security Operations and system administrators to test and implement recommended security controls Risk Assessment, Tracking, Documentation, and Reporting:
•  Identify and track web application firewalls and enterprise applications.
•  Conduct risk assessments, identify gaps, and collaborate with Security Operations and system administrators to implement controls to remediate security and compliance issues affecting applications
•  Manage and track the remediation of identified vulnerabilities, working closely with development teams to ensure timely resolution.
•  Establish and report metrics associated with web application firewall performance and security
•  Regularly report on the security, compliance, and risk status of the inventory of web application firewalls and enterprise applications Work Location:

Hybrid - This position is eligible for a hybrid work environment. ISS strives for a high-flex work environment, meaning the role requires flexibility to meet in person for meetings and other activities as needed. The work schedule will be based around core working hours in Colorado Mountain Time.

Why Join Us:

Information Strategy and Service (ISS) is a large department that encompasses the Office of Information Technology (OIT ), Information Security and IT Compliance (ISIC) , Enterprise Architecture (EA), and Information, Data Empowerment and Assurance (IDEA). In Information Strategy and Services (ISS) we emphasize six key principles that connect our teams and ensure our success:
•  Curiosity- Explore beyond one's own experience and environment.
•  Compassion- Demonstrates empathy, understanding, and respect for all people.
•  Collaboration- Partner well beyond our space and build partnerships to achieve organizational results.
•  Commitment- Dedication and engagement one has to their job, team, organization and university.
•  Competence- Know our craft and be committed to continuous improvement and learning.
•  Confidence- Be empowered and assured to represent our customers and their needs. We improve lives by enabling our university mission of education, research, healthcare, and community engagement through information technology service. We facilitate collaboration, improve data integrity, increase secure access to information and technology, and provide exceptional customer-centric service using our skills, talents, and passions.

Active investment in our people is foundational in delivering service excellence:
•  We help new team members effectively integrate and build lasting social connections through our Buddy Program
•  We prioritize learning and development to build critical skills through our Workforce Development Program
•  We provide training to supervisors on team effectiveness and coaching
•  We communicate, connect, and collaborate in monthly town halls and annual summits
•  We offer flexible work arrangements when possible The mission of the Information Security and IT Compliance division (ISIC) is to deliver information security and IT compliance programs that support the academic, administrative, clinical, research, and strategic goals of CU Anschutz Medical Campus and CU Denver. ISIC is in a unique position to be able to support the missions of two of Colorado's most innovative campuses. The CU Anschutz Medical Campus strives to improve humanity by preventing illness, saving lives, educating health professionals and scientists, advancing science, and serving the community. The CU Denver Campus has a vision to build a radically inclusive model for higher education based on the simple idea that everyone deserves access to an excellent education and a fulfilled life of their design.

In ISIC we value our team members and strive to achieve work life balance, inclusivity, and a FUN working environment. We believe diverse teams are more innovative and make better decisions. In ISIC, we strive to create a workplace where team members feel heard, valued, and have a sense of belonging. We encourage applications from women, ethnic minorities, persons with disabilities and veterans. We are committed to diversity and equity in education and employment.

Core competencies of the Information Security and IT Compliance (ISIC) team:
•  Improve Self: the ability to promote self-development
•  Results Driven: the ability to meet organizational goals and customer expectations
•  Lead Change: the ability to bring about change to meet organizational goals
•  Lead People: leading people toward meeting organizational mission, goals and objectives
•  Build coalitions: the ability to build coalitions internally and with other organizations to achieve common goals Click here to find out more about ISS's Culture and click HERE to view testimonials from ISS Employees about why they enjoy working for ISS.

Why work for the University?

We have AMAZING benefits and offerexceptional amounts of holiday, vacation and sick leave. The University of Colorado offers an excellent benefits package including:
•  Medical: Multiple plan options
•  Dental: Multiple plan options
•  Additional Insurance: Disability, Life, Vision
•  Retirement 401(a) Plan: Employer contributes 10% of your gross pay
•  Paid Time Off: Accruals over the year
•  Vacation Days: 22/year (maximum accrual 352 hours)
•  Sick Days: 15/year (unlimited maximum accrual)
•  Holiday Days: 10/year
•  Tuition Benefit: Employees have access to this benefit on all CU campuses
•  ECO Pass: Reduced rate RTD Bus and light rail service There are many additional perks & programs with the CU Advantage.

Qualifications:

Minimum Qualifications:

Education:

PRINCIPAL
•  BA or BS in Information Security, Computer Science, Management Information Systems, Information Technology, Business or related field. SENIOR
•  BA or BS in Computer Science, Management Information Systems, Information Technology, Business or related field PROFESSIONAL
•  BA or BS in Computer Science, Management Information Systems, Information Technology, Business or related field Experience:

PRINCIPAL
•  5-7 or more years' of extensive experience administering web application firewalls and administering application security in an enterprise environment. SENIOR
•  3-4 years' experience administering web application firewalls and administering application security in an enterprise environment. PROFESSIONAL
•  1-2 years' experience administering web application firewalls and administering application security in an enterprise environment. Substitution: A combination of education and related technical/paraprofessional experience may be substituted for the associate degree on a year for year basis.

Applicants must meet minimum qualifications at the time of hire.

Preferred Qualifications:

PRINCIPAL
•  Certified Information Systems Security Professional (CISSP)
•  Certified Information Security Manager (CISM)
•  Certified Information Systems Auditor (CISA)
•  Certified Ethical Hacker (CEH)
•  GIAC Web Application Penetration Tester (GWAPT)
•  ITIL Practices with a focus on Information Security Management and relationship management SENIOR
•  CompTIA Security+ . click apply for full job details