Application Security Engineer II

If you're passionate about building a better future for individuals, communities, and our country-and you're committed to working hard to play your part in building that future-consider WGU as the next step in your career.

Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.

The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

At WGU, it is not typical for an individual to be hired at or near the top of the range for their position, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:

Job Description

This position is a co-located role. Employees must reside in Salt Lake City, UT

The current information security landscape is technically complex and constantly changing. The IT Security Engineer/Analyst II uses their knowledge of current security methods and standards to gather operational information and assess and analyze tools, systems, and processes in defense of applications, systems, and networks and collaborate with Infrastructure and business teams.

The Security Engineer/Analyst II will collaborate with software engineering teams to implement robust security best practices and minimize attack surfaces within the environment.

Essential Functions and Responsibilities:

Responsibilities:

• Ability to review pending approval requests (CHG, Elevated Privilege, Delinea, GitHub, etc) and scrutinize appropriately with an eye towards least-privilege access, need-to-know, and risk concerns. Disposition accordingly and defend those actions with security policies/standards.

• Perform Veracode/Prisma administrative tasks:

  • Assist engineers in interpreting scan results,

  • Work with engineers to understand why vulnerability remediation is important,

  • Provide more detailed remediation information where necessary (readily available from numerous OSINT resources.)

Skills:

• Very strong communication skills, both written and spoken.

  • Ability to articulate complex technical details to other security/engineering personnel when necessary.

  • Ability to simplify technical jargon into executive format for giving management-level recommendations or feedback.

• Strong understanding of standard SDLC and the importance of each step.

• Strong understanding of OSI model

• Intermediate grasp on enterprise domain management and the various pieces likely to be found in a typical enterprise technology stack.

• Strong understanding of web application development and some degree of hands-on familiarity with common languages (Java, JS, C++, etc).

  • i.e. skilled enough to remediate basic vulnerabilities - library updates or things of similar complexity

  • Knowledge of build tools (Maven or Gradle)

  • Ability to read, write, and interpret basic syntax in at least one high-level language

• Familiarity with the most common application vulnerabilities, and ability to recognize in an application. This will need to be more extensive than OWASP Top 10.

• Comfortability with CLI (Command Line Interface)

• Contribute to the ongoing improvement and expansion of Security Policies & Standards

• Assist with the development of Procedures & Guidelines to bolster executive approved policies/standards.

• Provide general support to the Vulnerability Management Program:

  • Field various inquiries from Engineering personnel/management

  • Work with individual teams to reduce their vulnerability load better manage the ongoing process.

• Assist with new project architectural reviews, threat modeling, and the development of other basic security documentation.

• Contribute to Standards/Guidelines/Procedures development where gaps exist in the current library.

Competencies:

Organizational or Student Impact:

• Works on assignments of medium to complex level.

• Structure project plans and manages cost-effective execution of tasks.

• Limit errors to prevent impact to client operations, costs, or schedules.

• This individual will follow established processes and protocols.

Problem Solving & Decision Making:

• Individual meets department and personal goals with some direction/ supervision.

• An important player on large technical projects and programs.

• Uses discretion to help design and implement solutions to somewhat complex problems.

Communication & Influence:

• Communicates with contacts both within and outside of function on matters that require explanation, interpretation, and advising; typically has responsibility communicating to parties outside of the organization.

• Works to influence parties within the function at an operational level regarding policies, practices, and procedures.

Leadership & Talent Management:

• May be responsible for providing guidance, coaching, and training to other employees within the technical area.

• May manage technical projects at this level, requiring responsibility for the delegation of work and reviewing others' work products.

Job Qualifications:

Minimum Qualifications:

• Bachelor's degree in Computer Science or related field or equivalent experience.

• 5+ years of relevant experience.

• Subject matter expert in application security or working knowledge of several technical areas.

• Working knowledge of vulnerability scanning.

• Experience in working with compliance and regulatory program requirements.

• Strong understanding of PCI, SOX, GLBA, PII and FERPA requirements.

• Experience analyzing network, event and security logs, and/or IDS alert logs.

• Experience designing and deploying security solutions.

Preferred Qualifications:

• Security certifications (CISSP, CISA, CISM, GIAC).

Physical Requirements:

• Prolonged periods sitting at a desk and working on a computer.

• Must be able to lift up to 15 pounds at times.

Disclaimer: This Job Description has been designed to indicate the general nature, essential duties, and responsibilities of work performed by employees within this classification. It does not contain a comprehensive inventory of all duties, responsibilities, and qualifications that are required of the employee to do this job. Duties, responsibilities and activities may change at any time with or without notice. This Job Description does not constitute a contract of employment and the University may exercise its employment-at-will rights at any time.

#LI-AW2

Position & Application Details

How to Apply: If interested, an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.

Additional Information

Disclaimer: The job posting highlights the most critical responsibilities and requirements of the job. It's not all-inclusive.

Accommodations: Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at recruiting@wgu.edu.

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to any protected characteristic as required by law.