Application Security Engineer II

If youre passionate about building a better future for individuals communities and our countryand youre committed to working hard to play your part in building that futureconsider WGU as the next step in your career.

Driven by a mission to expand access to higher education through online competencybased degree programs WGU is also committed to being a great place to work for a diverse workforce of studentfocused professionals. The university has pioneered a new way to learn in the 21st century one that has received praise from academic industry government and media leaders. Whatever your role working for WGU gives you a part to play in helping students graduate creating a better tomorrow for themselves and their families.

The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

At WGU it is not typical for an individual to be hired at or near the top of the range for their position and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:

Pay Range: $105600.00 $158400.00

Job Description

This position is a colocated role. Employees must reside in Salt Lake City UT

The current information security landscape is technically complex and constantly changing. The IT Security Engineer/Analyst II uses their knowledge of current security methods and standards to gather operational information and assess and analyze tools systems and processes in defense of applications systems and networks and collaborate with Infrastructure and business teams.

The Security Engineer/Analyst II will collaborate with software engineering teams to implement robust security best practices and minimize attack surfaces within the environment.

Essential Functions and Responsibilities:

Responsibilities:

• Ability to review pending approval requests (CHG Elevated Privilege Delinea GitHub etc) and scrutinize appropriately with an eye towards leastprivilege access needtoknow and risk concerns. Disposition accordingly and defend those actions with security policies/standards.

• Perform Veracode/Prisma administrative tasks:

  • Assist engineers in interpreting scan results

  • Work with engineers to understand why vulnerability remediation is important

  • Provide more detailed remediation information where necessary (readily available from numerous OSINT resources.

Skills:

• Very strong communication skills both written and spoken.

  • Ability to articulate complex technical details to other security/engineering personnel when necessary.

  • Ability to simplify technical jargon into executive format for giving managementlevel recommendations or feedback.

• Strong understanding of standard SDLC and the importance of each step.

• Strong understanding of OSI model

• Intermediate grasp on enterprise domain management and the various pieces likely to be found in a typical enterprise technology stack.

• Strong understanding of web application development and some degree of handson familiarity with common languages (Java JS C etc).

  • i.e. skilled enough to remediate basic vulnerabilities library updates or things of similar complexity

  • Knowledge of build tools (Maven or Gradle)

  • Ability to read write and interpret basic syntax in at least one highlevel language

• Familiarity with the most common application vulnerabilities and ability to recognize in an application. This will need to be more extensive than OWASP Top 10.

• Comfortability with CLI (Command Line Interface)

• Contribute to the ongoing improvement and expansion of Security Policies & Standards

• Assist with the development of Procedures & Guidelines to bolster executive approved policies/standards.

• Provide general support to the Vulnerability Management Program:

  • Field various inquiries from Engineering personnel/management

  • Work with individual teams to reduce their vulnerability load better manage the ongoing process.

• Assist with new project architectural reviews threat modeling and the development of other basic security documentation.

• Contribute to Standards/Guidelines/Procedures development where gaps exist in the current library.

Competencies:

Organizational or Student Impact:

• Works on assignments of medium to complex level.

• Structure project plans and manages costeffective of tasks.

• Limit errors to prevent impact to client operations costs or schedules.

• This individual will follow established processes and protocols.

Problem Solving & Decision Making:

• Individual meets department and personal goals with some direction/ supervision.

• An important player on large technical projects and programs.

• Uses discretion to help design and implement solutions to somewhat complex problems.

Communication & Influence:

• Communicates with contacts both within and outside of function on matters that require explanation interpretation and advising; typically has responsibility communicating to parties outside of the organization.

• Works to influence parties within the function at an operational level regarding policies practices and procedures.

Leadership & Talent Management:

• May be responsible for providing guidance coaching and training to other employees within the technical area.

• May manage technical projects at this level requiring responsibility for the delegation of work and reviewing others work products.

Job Qualifications:

Minimum Qualifications:

• Bachelors degree in Computer Science or related field or equivalent experience.

• 5 years of relevant experience.

• Subject matter expert in application security or working knowledge of several technical areas.

• Working knowledge of vulnerability scanning.

• Experience in working with compliance and regulatory program requirements.

• Strong understanding of PCI SOX GLBA PII and FERPA requirements.

• Experience analyzing network event and security logs and/or IDS alert logs.

• Experience designing and deploying security solutions.

Preferred Qualifications:

• Security certifications (CISSP CISA CISM GIAC).

Physical Requirements:

• Prolonged periods sitting at a desk and working on a computer.

• Must be able to lift up to 15 pounds at times.

Disclaimer: This Job Description has been designed to indicate the general nature essential duties and responsibilities of work performed by employees within this classification. It does not contain a comprehensive inventory of all duties responsibilities and qualifications that are required of the employee to do this job. Duties responsibilities and activities may change at any time with or without notice. This Job Description does not constitute a contract of employment and the University may exercise its employmentatwill rights at any time.

#LIAW2

Position & Application Details

FullTime Regular Positions (classified as regular and working 40 standard weekly hours): This is a fulltime regular position (classified for 40 standard weekly hours) that is eligible for bonuses; medical dental vision telehealth and mental healthcare; health savings account and flexible spending account; basic and voluntary life insurance; disability coverage; accident critical illness and hospital indemnity supplemental coverages; legal and identity theft coverage; retirement savings plan; wellbeing program; discounted WGU tuition; and flexible paid time off for rest and relaxation with no need for accrual flexible paid sick time with no need for accrual 11 paid holidays and other paid leaves including up to 12 weeks of parental leave.

How to Apply: If interested an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.

Additional Information

Disclaimer: The job posting highlights the most critical responsibilities and requirements of the job. Its not allinclusive.

Accommodations: Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to any protected characteristic as required by law.