IT Cybersecurity Engineer - WebAppSec PCI

About The Position

Requirements

• Bachelor's Degree or 4 years of equivalent experience may be considered in lieu of Bachelor's degree.
• 2-3 years job related experience required, specifically conducting application security testing or related activity on a multiple set of target types.

Nice To Haves

• Bachelors Other In a related field and 3-4 year’s experience, upon hire

Responsibilities

• Designs, develops, and implements new discovery and assessment solutions to integrate into and test within existing or newly defined architectures.
• Provide support on team related engagements with Security Engineering, Identity Management Engineering, Security Architecture, SOC, Network Engineering, Clinical Engineering, Systems Engineering, Application Development, and/or other IT Operations and business function owners.
• Act as a security advocate for IT Operations team’s adherence to CommonSpirit Health policies, security standards and requirements, and industry best practices.
• Manage workload, prioritizing tasks and documenting time, and other duties as directed by management.
• Pursue continuing education to grow and maintain knowledge of best practices, compliance requirements, attack surface discovery methodologies, vulnerabilities, threats and trends in information security, translating into operational action items, policies, procedures, standards and guidelines as part of the IT Security team.
• Participate in the collection and documentation of departmental knowledge artifacts, participant in the development and population of knowledge management and collaboration systems for the IT Security team.
• Communicates security and technical information to team members and across the IT Organization.
• Assists Management in identifying knowledge, process, and technology gaps.
• Provide service line support for web application security for PCI compliance. Create and manage crawling / scanning assessments and workflows, implement and manage script monitoring technologies and services, including alerting and remediation engagement (PCI DSS v4 6.4.3 and 11.6.1), in order to safeguard payment processing applications against fraud and breaches.
• Partner with web application development groups to analyze and remediate security concerns within payment pages.
• Provide service line support for dynamic application security testing services and remediation engagement.
• Perform reviews and analysis of system and applications vulnerabilities and configurations, and support Security technical Risk Management processes.
• Proactively identify, engage on, and escalate vulnerability and configuration issues, either system/application specific or systemic. Lead specific engagement and remediation efforts.
• Designs, develops, configures, and implements solutions to resolve intermediate technical and business issues related to information security.
• Reviews and consults on security of technology solutions to resolve intermediate to high technical and business issues.
• Provides support and works on multiple functions of intermediate to high complexity.
• Serves as SME for one or more web application security platforms and services.