Application Security Engineer

Position Summary

Career Interest : The University of Kansas Health System is seeking an Application Security Engineer to spearhead the maturity of our Application Security program and serve as the primary liaison between our development and cybersecurity teams.

As our AppSec Engineer, you will :

• Act as the lead cybersecurity resource for application developers, providing secure coding guidance and training.
• Perform architecture reviews, code reviews, and risk assessments to identify application vulnerabilities and ensure remediation.
• Refine and promote our existing secure coding standards, guidelines, libraries, and best practices across teams.
• Advise development leads on integrating security into agile sprints and CI / CD pipelines through training, workshops, and tools.
• Coordinate security testing and engage other cybersecurity resources for assessments of high-risk applications.
• Track and report on application security KPIs, compliance, and risk reduction activities across teams.
• Mature our AppSec program by improving processes, automation, and framework integrations.
• Stay current on the latest AppSec threats, vulnerabilities, and security standards.

This role requires excellent communication skills to build relationships and deliver tailored AppSec guidance.

Responsibilities :

Perform penetration testing across all UKHS networks, servers, endpoints, applications and services on a rolling schedule.

Penetration testing to include :

• Recommend, scope, and procure a statement of work (SOW) for each penetration test.
• Coordinate timelines and potential impact with organizational leadership.
• Conduct full vulnerability scans and incorporate findings into penetration testing methodology.
• Validate security controls by testing exploits and bypass techniques.
• Post testing environment cleanup to leave no trace.
• Research all findings and develop recommendations for remediation.
• Compile final reports and deliverables.
• Review and discuss findings with organizational leadership
• Research past, current, and trending cybersecurity attacks, with an emphasis on healthcare technologies.
• Build out and stage simulated attack scenarios for weekly incident response drills blue / red team exercises.

JOB REQUIREMENTS

Required :

• Bachelor’s degree from an accredited University or 8+ years of experience in lieu of degree
• Demonstrated expert-level ability to use conceptual and innovative thinking to develop solutions to unique and complex problems with broad impacts on the business
• Demonstrated expert-level interpersonal communication skills, must be able to effectively communicate technical and strategic information to a wide-variety of stakeholders at all levels of the organization;

includes executive presentations.

• Demonstrated expertise in at least 1 scripting language
• Recognized expert and thought leader in a business-critical discipline
• Intimate understanding for the assigned portion of Cybersecurity organization, with at least 5 years-experience in a large enterprise environment
• Working-level knowledge of all 8 cybersecurity domains : Security & Risk Management, Asset Security, Security Engineering, Communications & Network Security, Identity & Access Management, Security Assessment & Testing, Security Operations, Software Development Security
• Understanding of MS Azure and how it applies to strategic technology transformations
• Functional understanding of internal, regulatory, and industry standards as they apply to a business environment.
• Demonstrated experience working effectively in high-pressure situations
• Strong attention to detail with an analytical mind and outstanding problem-solving skills

Time Type : Full time

Full time

Job Requisition ID : R-36098

R-36098