Cybersecurity-Senior/Consultant - Application Protection

at Intermountain Health in Springfield, Illinois, United States

Job Description

Job Description:

The Cybersecurity Senior or Consultant team member is responsible for the design, development, and daily operations of Intermountain’s Cybersecurity Application Protection Program. Intermountain is a cloud-first organization and this person will be tightly integrated into Intermountain’s cloud devops teams to ensure best practice cybersecurity is embedded into applications, projects, and services. Key duties include conducting application security testing (both static and dynamic code analysis), building and delivering application security training, building security into CI/CD pipelines in cloud DevOps environments, performing software composition analysis, and overseeing continuous code inspection processes and technologies. Additionally, they will design and implement API security processes, build application threat models, and assist with application microsegmentation initiatives. This role also involves creating and maintaining enterprise security standards in line with industry best practices. The individual should be proficient in various information systems and cybersecurity technologies, cloud technologies, secure software development practices, application and code security scanning tools (such as Burp Enterprise/Pro, Veracode, Snyk, etc.), application threat modeling methodologies, and API security technologies and methods (such as Azure APIM, Mulesoft, Kong, etc.). This individual will mentor cybersecurity team members, application developers, cloud devops engineers, and others on best practice application security techniques and the most effective use of security technologies. They are expected to work independently, delivering quality results that meet established standards with moderate supervision and general guidance.

Job Functions

Design and implement application security processes in both cloud and on-prem environments:

+ Identifying application security weaknesses and/or code defects.

+ Developing security strategies as part of SSDLC

+ Performing application security tests

+ Ensuring that applications and services are secured and implemented with best security practices

+ Implementing software application security controls

+ Designing technical solutions to address security weaknesses

+ Identifying potential attack paths within an application and recommending remediation

Conduct research and analysis to understand security vulnerabilities and threats.

Administer security tools for static and dynamic application security testing.

Design and build the API security program.

Design, build, and maintain the security of CI/CD pipelines.

Design and build application security automation processes and technologies.

Build application threat models and conduct threat assessments using those models.

Produce relevant and material application security metrics and reports.

Minimum Qualifications

Demonstrated Skills:

+ Communication

+ Time management

+ Accountability

+ Reliability

+ Professionalism

+ Broadened perspective

+ Collaboration

+ Critical thinking

+ Problem solving

+ Demonstrated experience in cybersecurity technologies and information systems

Preferred Qualifications

+ Bachelor’s degree in Computer Science, Information Systems, or related field preferred. Degree must be obtained through an accredited institution. Education is verified.

+ Possess/willing to pursue IT Security industry certification such as CISSP

+ 7-10 years of related work experience

+ Competent level understanding of information security related regulations (HIPAA/PCI/DSS)

+ Expert level understanding of IS security vulnerability assessment tools/techniques

+ Strong competency managing and securing cloud-based development

+ Strong analysis and attention to detail, problem resolution, judgment, and decision-making skills

+ Ability to effectively prioritize/execute tasks in high-pressure environment

+ Ability to collaborate and communicate effectively

+ Expert level knowledge of web application security and its application

+ Expert level knowledge of the SDLC, development best practices and secure coding guidelines

+ Expert level knowledge of application security tools

+ Expert level knowledge of source code analysis

+ Expert level knowledge of automation enablement

Physical Requirements:

Interact with others requiring the employee to communicate information.

- and -

Operate computers and other IT equipment requiring the ability to move fingers and hands.

- and -

See and read computer monitors and documents.

- and -

Remain sitting or standing for long periods of time to perform work on a computer, telephone, or other equipment.

Anticipated job posting close date:

08/04/2024

Location:

Lake Park Building

Work City:

West Valley City

Work State:

Utah

Scheduled Weekly Hours:

40

The hourly range for this position is listed below. Actual hourly rate dependent upon experience.

$59.47 – $93.64

We care about your well-being – mind, body, and spirit – which is why we provide our caregivers a generous benefits package that covers a wide range of programs to foster a sustainable culture of wellness that encompasses living healthy, happy, secure, connected, and engaged.

Learn more about our comprehensive benefits packages for our Idaho, Nevada, and Utah based caregivers (https://intermountainhealthcare.org/careers/working-for-intermountain/employee-benefits/) , and for our Colorado, Montana, and Kansas based caregivers (http://www.sclhealthbenefits.org) ; and our commitment to diversity, equity, and inclusion (https://intermountainhealthcare.org/careers/working-for-intermountain/diversity/) .

Intermountain Health is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.