Logo
University of Colorado Anschutz Medical Campus

Sr./Principal Application Security Engineer

University of Colorado Anschutz Medical Campus, Aurora, Colorado, 80012


University Staff Description University of Colorado Anschutz Medical Campus Department: Information Security and IT Compliance (ISIC) Job Title: Sr./Principal Application Security Engineer Position 00828848 - Requisition 35731 Job Summary: Does this describe you? Do you enjoy using your skills to hunt and resolve threats against web applications? Do you thrive in a fast-paced work environment? Would your work be more rewarding for you if you were working for an organization whose missions include transforming lives, uplifting communities, improving healthcare, and creating breakthroughs in medical research? Would you enjoy having holidays off, great vacation benefits and the opportunity to work in a hybrid environment? We have a dynamic, diverse Security Operations team with highly skilled, collaborative professionals that love to learn and enjoy solving problems. If these things sound like a good fit for you, we'd love to know more about YOU Security Administration: Configure, deploy, and manage web application firewalls to protect web applications from attacks, such as SQL injection, cross-site scripting (XSS), and other OWASP Top 10 threats. Continuously monitor web application firewall alerts and logs to identify and respond to potential security incidents. Develop and maintain web application firewall policies and rules to ensure optimal protection and performance of web applications. Investigate and respond to security incidents related to web application firewalls and enterprise applications, providing detailed analysis and remediation steps. Collaborate with development and operations teams to integrate web application firewall solutions into the application development lifecycle. Develop and enforce application security policies, standards, and guidelines to ensure compliance with industry best practices and regulatory requirements. Monitor threat feeds that provide information about updates, patches, and recommended security controls for applications. Collaborate with Security Operations and system administrators to test and implement recommended security controls Risk Assessment, Tracking, Documentation, and Reporting Identify and track web application firewalls and enterprise applications. Conduct risk assessments, identify gaps, and collaborate with Security Operations and system administrators to implement controls to remediate security and compliance issues affecting applications Manage and track the remediation of identified vulnerabilities, working closely with development teams to ensure timely resolution. Establish and report metrics associated with web application firewall performance and security Regularly report on the security, compliance, and risk status of the inventory of web application firewalls and enterprise applications Work Location: Hybrid - This position is eligible for a hybrid work environment. ISS strives for a high-flex work environment, meaning the role requires flexibility to meet in person for meetings and other activities as needed. The work schedule will be based around core working hours in Colorado Mountain Time. Why Join Us: Information Strategy and Service (ISS) is a large department that encompasses the Office of Information Technology (OIT), Information Security and IT Compliance (ISIC), Enterprise Architecture (EA), and Information, Data Empowerment and Analytics (IDEA). In Information Strategy and Services (ISS) we emphasize six key principles that connect our teams and ensure our success: Curiosity- Explore beyond one's own experience and environment. Compassion- Demonstrates empathy, understanding, and respect for all people. Collaboration- Partner well beyond our space and build partnerships to achieve organizational results. Commitment- Dedication and engagement one has to their job, team, organization and university. Competence- Know our craft and be committed to continuous improvement and learning. Confidence- Be empowered and assured to represent our customers and their needs. The mission of ISS is we improve lives by enabling our University mission of education, research, healthcare, and community engagement through information technology services. We facilitate collaboration, improve data integrity, increase secure access to information and technology, and provide exceptional customer-centric service using our skills, talents, and passions. The mission of the Information Security and IT Compliance division (ISIC) is to deliver information security and IT compliance programs that support the academic, administrative, clinical, research, and strategic goals of CU Anschutz Medical Campus and CU Denver. ISIC is in a unique position to be able to support the missions of two of Colorado's most innovative campuses. The CU Anschutz Medical Campus strives to improve humanity by preventing illness, saving lives, educating health professionals and scientists, advancing science, and serving the community. The CU Denver Campus has a vision to build a radically inclusive model for higher education based on the simple idea that everyone deserves access to an excellent education and a fulfilled life of their design. In ISIC we value our team members and strive to achieve work life balance, inclusivity, and a FUN working environment. We believe diverse teams are more innovative and make better decisions In ISIC, we strive to create a workplace where team members feel heard, valued, and have a sense of belonging. We encourage applications from women, ethnic minorities, persons with disabilities and veterans. We are committed to diversity and equity in education and employment. Core competencies of the Information Security and IT Compliance (ISIC) team: Improve Self: the ability to promote self-development Results Driven: the ability to meet organizational goals and customer expectations Lead Change: the ability to bring about change to meet organizational goals Lead People: leading people toward meeting organizational mission, goals and objectives Build coalitions: the ability to build coalitions internally and with other organizations to achieve common goals Click here to find out more about ISS's Culture and click HERE to view testimonials from ISS Employees about why they enjoy working for ISS Why work for the University? We have AMAZING benefits and offerexceptional amounts of holiday, vacation and sick leave The University of Colorado offers an excellent benefits package including: Medical: Multiple plan options Dental: Multiple plan options Additional Insurance: Disability, Life, Vision Retirement 401(a) Plan: Employer contributes 10% of your gross pay Paid Time Off: Accruals over the year Vacation Days: 22/year (maximum accrual 352 hours) Sick Days: 15/year (unlimited maximum accrual) Holiday Days: 10/year Tuition Benefit: Employees have access to this benefit on all CU campuses ECO Pass: Reduced rate RTD Bus and light rail service There are many additional perks & programs with the CU Advantage. Diversity and Equity: The University of Colorado Anschutz Medical Campus is committed to recruiting and supporting a diverse student body, faculty and administrative staff. The university strives to promote a culture of inclusiveness, respect, communication and understanding. We encourage applications from women, ethnically minoritized individuals, persons with disabilities, persons within the LGBTQ community and all veterans. In addition, the Anschutz Campus has also been recognized as an Age-Friendly University. The University of Colorado is committed to diversity and equality in education and employment. Qualifications: Minimum Qualifications: Education: PRINCIPAL BA or BS in Information Security, Computer Science, Management Information Systems, Information Technology, Business or related field. SENIOR BA or BS in Computer Science, Management Information Systems, Information Technology, Business or related field Experience: PRINCIPAL 5-7 or more years' of extensive experience administering web application firewalls and administering application security SENIOR 3-4 years' experience administering web application firewalls and administering application security A combination of education and related technical/paraprofessional experience may be substituted for the bachelor's degree on a year for year basis. Applicants must meet minimum qualifications at the time of hire. Preferred Qualifications: PRINCIPAL Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified Ethical Hacker (CEH) GIAC Web Application Penetration Tester (GWAPT) ITIL Practices with a focus on Information Security Management and relationship management SENIOR CompTIA Security Certified Ethical Hacker (CEH) GIAC Web Application Penetration Tester (GWAPT) ITIL Practices with a focus on Information Security Management and relationship management Knowledge, Skills and Abilities: Strong business acumen Results oriented Excellent written and verbal communication skills. Commitment to building and sustaining positive relationships and partnering with constituents. Commitment to organizational success. Strong organizational and planning skills. Dedication to efficient and effective productivity. Commitment to ongoing learning as well as increasing skills and knowledge of laws, policies, standards, and best practices Applied knowledge of IT systems, frameworks, and a minimum of two of the following: cybersecurity, healthcare security, IT compliance, IT industry best practices Curiosity, motivation, and a desire for continuous learning A belief that strong relationships are key to success A self-starter with a can-do attitude Strong analytical, problem-solving, and interpersonal problem-solving skills Proven experience as a web application firewall administrator. Proficiency in web application technologies, web application security, and network security principles Strong knowledge of security and compliance capabilities. Practical application of cybersecurity frameworks controls Strong knowledge of regulatory requirements for security, privacy, and data protection. Excellent problem-solving and analytical skills. Strong communication skills to effectively collaborate with team members and report to stakeholders. A collaborator with a focus on providing solutions based on the requirements and necessary outcomes of those whom we serve. Please be advised that this position is not eligible now or in the future for visa sponsorship. How to Apply: For full consideration, please submit the following document(s): 1. A letter of interest describing relevant job experiences as they relate to listed job qualifications and interest in the position (only use if a cover letter is necessary) 2. Curriculum vitae / Resume 3. Three to five professional references, including name, address, phone number (mobile number if appropriate), and email address Questions should be directed to: ISS Human Resources iss-humanresourcescuanschutz.edu Screening of Applications Begins: Immediately and continues until position is filled. For best consideration, apply by January 3, 2025 Anticipated Pay Range: The starting salary range ( or hiring range ) for this position has been established as: Senior $81,051-$110,454; Principal $93,208-$110,454 The above salary range ( or hiring range ) represents the University's good faith and reasonable estimate of the range of possible compensation at the time of posting. This position may be eligible for overtime compensation, depending on the level. Your total compensation goes beyond the number on your paycheck. The University of Colorado provides generous leave, health plans and retirement contributions that add to your bottom line. Total Compensation Calculator: http://www.cu.edu/node/153125 ADA Statement: The University will provide reasonable accommodations to applicants with disabilities throughout the employment application process. To request an accommodation pursuant to the Americans with Disabilities Act, please contact the Human Resources ADA Coordinator at hr.adacoordinatorcuanschutz.edu. Background Check Statement: The University of Colorado Anschutz Medical Campus is dedicated to ensuring a safe and secure environment for our faculty, staff, students and visitors. To assist in achieving that goal, we conduct background investigations for all prospective employees. Vaccination Statement: CU Anschutz strongly encourages vaccination against the COVID-19 virus and other vaccine preventable diseases. If you work, visit, or volunteer in healthcare facilities or clinics operated by our affiliated hospital or clinical partners or by CU Anschutz, you will be required to comply with the vaccination and medical surveillance policies of the facilities or clinics where you work, visit, or volunteer, respectively. In addition, if you work in certain research areas or perform certain safety sensitive job duties, you must enroll in the occupational health medical surveillance program. Application Materials Required: Cover Letter, Resume/CV, List of References Job Category: Information Technology Primary Location: Aurora Department: U0001 Anschutz Med Campus or Denver - 22168 - ADM AVCOIT SC Admin Schedule: Full-time Posting Date: Dec 16, 2024 Unposting Date: Ongoing Posting Contact Name: ISS Human Resources Posting Contact Email: iss-humanresourcescuanschutz.edu Position Number: 00828848