• Lead the design, develop, and implementation of incident response playbooks • Perform incident response and coordination • Lead in the assessment of system design and change • Be part of a weekly on-call rotation • Lead the design, develop, and implement engineered solutions that are reliable and maintainable • Support in detection engineering • Identify areas of the business that require security improvement and translate that into a workable solution • Influence and align the team’s vision and strategy • Collaborate cross functionality to support delivery of roadmap items and projects

Role Description The Governor’s Office of Information Technology (OIT) is seeking a Senior Security Engineer (Risk) to join the Office of Information Security (OIS). Our team is currently advancing a strategic transformation to modernize our Risk Management capabilities. We are evolving our security oversight into a highly integrated, automated maturity model designed to provide a data-driven view of the state's threat landscape. As the Senior Security Engineer (Risk), you will serve as a technical leader and subject matter expert dedicated to the identification, quantification, and mitigation of technical risk across the state enterprise. This role requires a seasoned professional with demonstrated leadership experience who can provide technical guidance across the organization and offer strategic direction during complex security evaluations. A primary function of this role is performing comprehensive technical risk assessments on diverse systems and services to ensure they align with the state’s security posture. You will be a key contributor in enabling the creation of a Third-Party Risk Management (TPRM) program designed to scale significantly, performing assessments for a high volume of vendors with efficiency and precision. You will act as a senior technical liaison between system engineers, project managers, and executive leadership, translating high-level vulnerabilities into actionable risk narratives. Your work will directly support the risk management strategic roadmap, ensuring state technology remains resilient through consistent, expert-level evaluation. Key Job Responsibilities - Cross-Functional Technical Guidance & Collaboration: Act as a key security advisor and collaborator for teams across the organization. Partner with technical teams to provide technical guidance on risk mitigation and serve as a technical point of escalation during daily standups. - Perform Complex Risk Assessments: Execute deep-dive technical risk assessments for high-profile state systems, evaluating control implementations across various technical environments. - Support Scalable TPRM Architecture: Design a TPRM program capable of handling an enterprise volume of vendors, defining technical standards for reviewing documentation and establishing automated intake workflows. - Strategic Roadmap Contribution: Support the execution and refinement of the risk management strategic roadmap, driving milestones related to risk intake maturity. - Enable Automation (ServiceNow IRM): Support the transition from legacy workflows to automated processes within the ServiceNow IRM module, ensuring real-time risk visibility. - Threat Landscape Visibility: Partner with data and engineering teams to build "Top 10" Enterprise Risk Dashboards in Splunk, contributing actionable insights for leadership. Qualifications - At least five (5) years of professional experience in security engineering, technical risk management, or high-level systems administration with a focus on security. - Demonstrated experience in a technical leadership capacity, such as serving as a team lead or managing project workstreams. - Proven experience in the full risk lifecycle, including performing risk assessments and developing remediation strategies. Requirements - Additional appropriate education will substitute for the required experience on a year-for-year basis. - Training or Certification (CRISC, CISSP, CISA) related to the work assigned will be credited towards substitution for experience and/or education. Preferred Qualifications - Demonstrated experience utilizing industry security frameworks (such as NIST 800-53, CJIS, IRS Pub 1075, or SOC 2). - Experience validating security controls in various environments, including on-premise infrastructure and modern cloud architectures. - Experience implementing, configuring, or operationalizing the ServiceNow IRM/GRC module. - Previous experience working within or building a high-volume Third-Party Risk Management program. - Experience using Splunk or similar tools to visualize and report on risk metrics. - Ability to "hit the ground running" to meet aggressive roadmap goals. Conditions of Employment - OIT employees must comply with any screening procedures in place at state entity locations. - A pre-employment background check will be conducted as part of the selection process. - Positions supporting certain agencies will require a pre-employment drug test. - This position may require travel within the specified geographic area. Supplemental Information If this posting indicates “remote from anywhere in CO,” periodic reporting to the primary state work location is required. All remote work must be performed in Colorado. Candidates from out of state will be considered, but must relocate and reside in Colorado on the first day of their new position. The State of Colorado strives to create a Colorado for All by building and maintaining workplaces that value and respect all Coloradans through a commitment to equal opportunity and hiring based on merit and fitness. The Governor's Office of Information Technology is committed to the full inclusion of all qualified individuals. Our agency will assist individuals who have a disability with any reasonable accommodation requests related to employment.

• Conduct technical research on new chains and DeFi projects. Identify underlying architecture risks and potential security gaps in new ecosystems. • Deconstruct attack logic and exploit techniques, identify the technical root cause rather than just the symptoms. • Translate research findings into actionable detection rules and security strategies for the wallet. Design measures to block new types of exploits. • Work with the wallet team to implement security rules, ensuring a balance between robust protection and user experience. • Document attack patterns and technical insights into structured formats to build the team's knowledge base and improve AI-assisted operations.

Title: Applications Security Engineer Locations: Charlotte, NC; Seattle, WA; Denver, CO Hybrid Job Description: PLEASE NOTE: We are not able to offer sponsorship for this position, now or in the future. Candidates who can work a hybrid schedule (Tues-Thurs in-office) in one of our offices (Charlotte, NC; Seattle, WA; Denver, CO) are preferred. The Position LendingTree is seeking an Applications Security Engineer to join our security team with a primary focus on edge security and externally facing application protections. This role centers on supporting critical InfoSec programs, including SaaS Security Posture Management (SSPM), web application firewall (WAF) engineering, and remediation of findings from external security scanning tools. The Application Security Engineer will serve as a subject matter expert for web-edge controls, particularly Cloudflare, while partnering with internal teams to triage alerts, drive remediation efforts, and maintain the security posture of LendingTree’s web-facing applications and cloud services. Success in this role requires strong technical depth in application-layer defenses, the ability to manage and operationalize security tooling, and clear communication with both technical and non-technical stakeholders. Key Responsibilities Web Application Firewall (WAF) Subject Matter Expert Serve as the Application Security program’s primary authority on web application firewall technologies, with deep expertise in Cloudflare. Partner with engineering and security teams to design, implement, tune, and maintain WAF rules to protect web-facing applications. Cloud Compliance & External Scanning Remediation As an extension of the AppSec program, this role will continuously monitor and assess the effectiveness of our cloud compliance and security tools, such as our SaaS security posture management platform, and use those insights to drive measurable improvements to our overall cloud security posture. Fraud Program Support Support the Fraud Program by providing research assistance to identify and model anomalous patterns, with the goal of using those models to improve automated defenses. Collaboration & Communication Work closely with internal and external stakeholders across engineering, product, and security teams. Translate complex security findings and recommendations into clear, actionable guidance for non-technical audiences. This role is ideal for someone who thrives at the intersection of application security, cloud security, and collaboration—and who enjoys taking ownership of critical security programs that protect the business at scale. Required Skills - Strong foundational knowledge of application security principles, with an emphasis on protecting web-facing and edge-exposed applications. - Hands-on experience with Web Application Firewall (WAF) technologies, including rule creation, tuning, alert triage, and false-positive reduction; Cloudflare and Azure Front Door experience strongly preferred. - Working knowledge of SaaS Security Posture Management (SSPM) concepts and platforms, including alert review, access posture validation, and remediation workflows. - Experience supporting or operating security monitoring and remediation programs, such as fraud detection, abuse prevention, or incident-driven security initiatives. - Familiarity with external security scanning tools (e.g., DAST, cloud posture scanners, or web exposure scanning) and the ability to manage findings through remediation and closure. - Understanding of cloud security and compliance fundamentals, including shared responsibility models and common cloud risk patterns. - Ability to prioritize, track, and coordinate remediation efforts across multiple teams and security programs. - Strong analytical and troubleshooting skills, with the ability to investigate security findings and recommend practical, risk-based solutions. - Excellent written and verbal communication skills, with demonstrated ability to translate technical security issues into clear, actionable guidance for non-technical stakeholders. - Proven ability to collaborate effectively with engineering, product, and security teams. Why Join Us By joining our team, you’ll have the unique opportunity to work in a dynamic fintech environment, collaborating with talented professionals while playing a pivotal role in ensuring compliance excellence. If you’re passionate about combining regulatory expertise with creative problem-solving and enjoy working in a fast-paced innovation-driven industry, this position is for you. ABOUT LENDINGTREE LendingTree is the nation’s leading online lending marketplace. We connect consumers with multiple lenders so they can easily compare options and find the right fit — from mortgages and personal loans to credit, savings, and insurance products. Our founder, Doug Lebda, started LendingTree in 1996 after his own frustrating house-hunting experience. What began as a simple idea to make loan shopping easier has grown into a platform that empowers millions of people to make smarter financial decisions every day. What else you should know: - We’re a publicly traded company (NASDAQ: TREE). - We’ve welcomed several other companies into the LendingTree family to expand our reach and capabilities. - We’ve built the LendingTree app and My LendingTree dashboard to give consumers tools to manage and monitor their financial health. - We’re also committed to giving back — through philanthropic programs, volunteer opportunities, and partnerships that strengthen the communities where we live and work. Compensation: Base salary: $100,000-$110,000 (base pay offered may vary depending on location, internal factors, job-related knowledge, and experience.) - Additional: Annual performance-based bonus - Benefits: Medical, dental, vision insurance, and 401(k) matching OUR CULTURE We’re a collaborative, entrepreneurial team that values curiosity, creativity, and getting things done together. Our teammates are some of the brightest, most driven people you’ll meet — and we celebrate innovation, inclusion, and ownership. At LendingTree, you’ll find an inclusive culture where diverse perspectives make us stronger. We believe in working hard and supporting one another — with the flexibility and trust that help you thrive both personally and professionally. We’re proud to offer generous benefits, wellness programs, and time-off policies designed to help you recharge, stay healthy, and bring your best self to work every day. And yes — we still have fun doing it (our “GSD – Get Stuff Done” award is a fan favorite!) LendingTree is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate based on race, color, religion (or creed), gender, gender expression, age, national origin, disability, marital status, sexual orientation, or military status.