CommonSpirit Health is a nonprofit organization that is on a mission to improve people’s health while making “the healing presence of God known.” The orga
IT Cybersecurity Engineer - WebAppSec PCI
Location
United States
Posted
2 days ago
Salary
$49 - $80 / hour
Seniority
Mid Level
Job Description
IT Cybersecurity Engineer - WebAppSec PCI
CommonSpirit Health
Role Description The Cybersecurity EngineerWebAppSec position supports the Attack Surface Management (ASM) program for CommonSpirit Health. This program provides web application security services, performs technical security assessment services, maintains WebAppSec security systems and workflows, and provides engagement and reporting services on specific and systemic security vulnerability and configuration issues for the enterprise. The Cybersecurity Engineer will report to the Manager, WebAppSec, as part of the overall Cyber Vigilance and Defence group, focused on identifying, protecting, responding and containing threats and vulnerabilities to the overall CommonSpirit organization. The Cybersecurity Engineer performs web application security services related to PCI compliance such as: - Payment scripts monitoring - Web application security scans - Activities to identify CommonSpirit systems, applications, services, and repositories available on the Internet - Assessing system and application weaknesses, misconfigurations, or other flaws in operating systems, network devices, web applications, or other technologies that could lead to security compromises - Identifying gaps in current control states Monitors the threat and vulnerability landscape and changing business requirements to identify functional, technological and/or control solutions. Develops, integrates, and maintains WebAppSec tools and platforms. Integrates all cybersecurity solutions in an optimal manner to best discover and protect the organization from cyber threats and exposures. May drive one or more projects, acts as a subject matter expert (SME) for one or more discovery or scanning methods, tools, and target environments. Develops and maintains operational security processes, and assists in the remediation of the identified issues. May act as team-lead for other security personnel. Job Responsibilities - Designs, develops, and implements new discovery and assessment solutions to integrate into and test within existing or newly defined architectures. - Provide support on team related engagements with Security Engineering, Identity Management Engineering, Security Architecture, SOC, Network Engineering, Clinical Engineering, Systems Engineering, Application Development, and/or other IT Operations and business function owners. - Act as a security advocate for IT Operations team’s adherence to CommonSpirit Health policies, security standards and requirements, and industry best practices. - Manage workload, prioritizing tasks and documenting time, and other duties as directed by management. - Pursue continuing education to grow and maintain knowledge of best practices, compliance requirements, attack surface discovery methodologies, vulnerabilities, threats and trends in information security, translating into operational action items, policies, procedures, standards and guidelines as part of the IT Security team. - Participate in the collection and documentation of departmental knowledge artifacts, participant in the development and population of knowledge management and collaboration systems for the IT Security team. - Communicates security and technical information to team members and across the IT Organization. - Assists Management in identifying knowledge, process, and technology gaps. - Provide service line support for web application security for PCI compliance. - Create and manage crawling / scanning assessments and workflows, implement and manage script monitoring technologies and services, including alerting and remediation engagement (PCI DSS v4 6.4.3 and 11.6.1), in order to safeguard payment processing applications against fraud and breaches. - Partner with web application development groups to analyze and remediate security concerns within payment pages. - Provide service line support for dynamic application security testing services and remediation engagement. - Perform reviews and analysis of system and applications vulnerabilities and configurations, and support Security technical Risk Management processes. - Proactively identify, engage on, and escalate vulnerability and configuration issues, either system/application specific or systemic. Lead specific engagement and remediation efforts. - Designs, develops, configures, and implements solutions to resolve intermediate technical and business issues related to information security. - Reviews and consults on security of technology solutions to resolve intermediate to high technical and business issues. - Provides support and works on multiple functions of intermediate to high complexity. - Serves as SME for one or more web application security platforms and services. Qualifications - Bachelor's Degree or 4 years of equivalent experience may be considered in lieu of Bachelor's degree. - 2-3 years job related experience required, specifically conducting application security testing or related activity on a multiple set of target types. Requirements - Bachelors in a related field and 3-4 years experience, upon hire.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Cybersecurity - Identity and Access Management Engineer
NTT GroupA global IT innovator founded in 1965, NTT DATA specializes in system integration and networking system services for more than a dozen industries. As an employe
Title: Cybersecurity / IAM Engineer Location: Bethesda, MD, United States Job Description: NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now. We are currently seeking a Cybersecurity / IAM Engineer to join our team in Bethesda (REMOTE), Maryland (US-MD), United States (US). Job Summary: The Cybersecurity / IAM Engineer is responsible for architecting, implementing, and maintaining advanced cybersecurity and identity and access management (IAM) solutions across all client environments, including cloud, IoT, edge, and data systems. This role is critical to ensuring that client meets and sustains compliance with cybersecurity, privacy, and risk management requirements, including RMF, IL4/IL5, and FedRAMP controls. The engineer leads the design and enforcement of secure authentication, authorization, and RBAC frameworks, supporting multi-factor authentication, single sign-on, and integration with providers. The Cybersecurity / IAM Engineer works closely with DevSecOps, software, and infrastructure teams to embed security best practices into all phases of the system lifecycle, including secure configuration baselines, continuous monitoring, vulnerability management, and incident response. The position requires hands-on experience with IAM platforms, PKI, secure directory services, and the implementation of audit logging and compliance reporting. The engineer maintains comprehensive documentation, supports audit and ATO processes, and ensures that all client solutions are resilient, auditable, and optimized for operational readiness and regulatory compliance. Job Duties: - Architect, implement, and maintain advanced IAM solutions, including RBAC, MFA, SSO, and integration with providers - Develop and enforce secure authentication and authorization frameworks for client's cloud, edge, and data environments - Lead the implementation of secure directory services, PKI, and certificate management for all client components - Support continuous monitoring, vulnerability management, and incident response in compliance with DoD RMF, IL4/IL5, and FedRAMP requirements - Collaborate with DevSecOps, software, and infrastructure teams to embed security best practices throughout the system lifecycle - Maintain comprehensive documentation for IAM architectures, security controls, and compliance artifacts - Support audit, ATO, and risk management processes, including evidence collection and remediation of findings - Implement and monitor audit logging, access reviews, and compliance reporting for all client environments - Provide technical support for user provisioning, deprovisioning, and lifecycle management - Participate in security assessments, code reviews, and compliance audits as required by contract and SOW Basic Qualifications: - Master's degree in Cybersecurity, Computer, Electrical, or Electronics Engineering, or Mathematics with a concentration in computer science or equivalent. - Minimum 10 years of experience with cybersecurity engineering - Must be US Citizen with ability to obtain a Secret Clearance Preferred Qualifications: - Experience designing and managing IAM solutions in regulated or mission-critical DoD environments - Proficiency with RBAC, SSO, MFA, PKI, and secure directory services - Experience with DoD RMF, IL4/IL5, and FedRAMP cybersecurity and compliance requirements - Familiarity with AWS GovCloud, cloud security, and secure integration of edge/IoT devices - Strong documentation and communication skills, including the ability to produce compliance artifacts and technical guides - Experience supporting audit, ATO, and risk management processes for federal systems - Information Assurance Management (IAM) or Information Assurance Technical (IAT) or Information Assurance System Architect and Engineer (IASAE) Level I (position-based) per DoD 8570.1M About NTT DATA NTT DATA is a $30 billion business and technology services leader, serving 75% of the Fortune Global 100. We are committed to accelerating client success and positively impacting society through responsible innovation. We are one of the world's leading AI and digital infrastructure providers, with unmatched capabilities in enterprise-scale AI, cloud, security, connectivity, data centers and application services. our consulting and Industry solutions help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have experts in more than 50 countries. We also offer clients access to a robust ecosystem of innovation centers as well as established and start-up partners. NTT DATA is a part of NTT Group, which invests over $3 billion each year in R&D. Whenever possible, we hire locally to NTT DATA offices or client sites. This ensures we can provide timely and effective support tailored to each client’s needs. While many positions offer remote or hybrid work options, these arrangements are subject to change based on client requirements. For employees near an NTT DATA office or client site, in-office attendance may be required for meetings or events, depending on business needs. At NTT DATA, we are committed to staying flexible and meeting the evolving needs of both our clients and employees. NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click here. If you'd like more information on your EEO rights under the law, please click here. For Pay Transparency information, please click here. NTT DATA provides a reasonable range of compensation for specific roles. The starting pay range for this remote role is $90,146 - $208,672. This range reflects the minimum and maximum target compensation for the position across all US locations. Actual compensation will depend on a number of factors, including the candidate’s actual work location, relevant experience, technical skills, and other qualifications. This position may also be eligible for incentive compensation based on individual and/or company performance. If the position offered in temporary, the position will not be eligible for incentive compensation. This position is eligible for company benefits including medical, dental, and vision insurance with an employer contribution, flexible spending or health savings account, life and AD&D insurance, short and long term disability coverage, paid time off, employee assistance, participation in a 401k program with company match, and additional voluntary or legally-required benefits.
Senior Cyber Security Engineer
ASRC FederalASRC Federal, a wholly owned subsidiary of Alaska’s largest Alaskan-owned and operated company, the Arctic Slope Regional Corporation (ASRC), is a leading pro
Role Description ASRC Federal is looking for an experienced Senior Cyber Security Analyst (Incident Response & Threat Operations) to join our team in a government contracting (GovCon) environment. This is a full-time remote position with occasional on-site support (Beltsville, MD or Reston, VA). The Senior Cyber Security Analyst is responsible for advanced incident response, threat detection, and Tier II/Tier III Security Operations Center (SOC) support within an enterprise environment. This role focuses on: - Investigating security events - Identifying malicious activity - Responding to cyber incidents - Improving detection capabilities across the organization The ideal candidate has strong hands-on experience in: - Intrusion detection - Threat hunting - Phishing investigations - Endpoint and network analysis - Operational cybersecurity support Key Responsibilities - Serve as a Tier II/Tier III escalation point for complex SOC investigations and cybersecurity incidents. - Investigate and respond to security alerts involving phishing, malicious URLs, malware activity, credential compromise, suspicious authentication activity, and endpoint threats. - Conduct proactive threat hunting activities using SIEM, EDR/XDR, firewall, DNS, email security, and network telemetry data. - Monitor security tools, logs, alerts, and reports to identify suspicious or malicious activity and coordinate appropriate response and remediation actions. - Identify, analyze, and mitigate cybersecurity threats, vulnerabilities, and system weaknesses to reduce organizational risk exposure. - Analyze security events and logs to identify indicators of compromise, attack patterns, and unauthorized activity. - Perform incident response activities including triage, containment, eradication, recovery, and root cause analysis for security incidents. - Support and enhance enterprise security monitoring and detection capabilities across SIEM, EDR/XDR, IDS/IPS, email security, and firewall platforms. - Develop and tune detection rules, alerting logic, and threat detection use cases to improve SOC effectiveness and reduce false positives. - Create scripts and automation solutions using PowerShell, Python, or similar tools to streamline investigations and response activities. - Collaborate with infrastructure, networking, cloud, and endpoint teams during investigations and remediation efforts. - Evaluate emerging threats, vulnerabilities, attack techniques, and security technologies to strengthen enterprise detection and response capabilities. - Provide technical guidance and support for escalated cybersecurity investigations and operational issues. - Document investigative findings, incident timelines, and remediation recommendations. - Participate in on-call incident response support as required. Qualifications - Must be a U.S. Citizen or Permanent Resident (Green Card Holder). - Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or equivalent professional experience. - 7+ years of hands-on experience in cybersecurity operations, incident response, or SOC environments. - Experience supporting Tier II/Tier III SOC investigations and incident handling. - Strong experience with: - SIEM platforms - EDR/XDR technologies - IDS/IPS systems - Email security platforms - Firewall and network security tools - Experience investigating phishing attacks, URL click alerts, malware infections, and account compromise activity. - Strong understanding of TCP/IP, DNS, HTTP/S, VPNs, Active Directory, and enterprise networking concepts. - Experience supporting Windows and Linux environments. - Proficiency in PowerShell, Python, or similar scripting languages. - Strong analytical, troubleshooting, and communication skills. - Ability to work independently in a fast-paced operational environment. Preferred Qualifications - Certifications such as CISSP, GCIH, GCIA, CEH, Security+, or equivalent (at least one is required). - Experience with MITRE ATT&CK, threat intelligence platforms, or SOAR technologies. - Familiarity with cloud security monitoring and enterprise-scale security operations. Benefits - Competitive pay and benefits packages - Health care, dental, vision, life insurance - 401(k) - Education assistance - Paid time off including PTO, holidays, and any other paid leave required by law Additional Information - Reports to: Cybersecurity Governance, Risk & Compliance Leadership - Travel: None - Clearance: Secret clearance preferred but not required; may be required based on project needs. EEO Statement ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.
Senior Security Engineer
ANDREW, an Amphenol CompanyANDREW is an "Equal Opportunity Employer" - Minority/Female/Disabled/Veteran/Sexual Orientation/Gender Identity/National Origin. For additional company information please visit our website at https://www.andrew.com/
Role Description Join our team and help shape the future of connectivity indoors and outdoors. Together, let’s push the boundaries of technology and advance sustainable networks worldwide. As a Senior Security Engineer, you will play a key role in building ANDREW's standalone cybersecurity program as the company transitions critical security operations, tools, and infrastructure. This highly technical individual contributor role will help design, implement, and operate security capabilities across endpoint, identity, cloud, data, and network security domains while supporting the company's global IT transformation efforts. You will partner closely with security, infrastructure, and business teams to establish scalable security processes, deploy enterprise security platforms, respond to cybersecurity incidents, and strengthen the organization's overall security posture. You Will Make an Impact By: - Supporting the transition of cybersecurity platforms, processes, and operational responsibilities as part of the company's IT separation initiative. - Designing, implementing, and administering enterprise security technologies including CrowdStrike, Microsoft Defender, CyberArk, Darktrace, Netskope, Qualys, Microsoft Purview, Intune, Cribl, and related security platforms. - Serving as a senior technical resource for cybersecurity investigations, incident response activities, root cause analysis, containment, remediation, and recovery efforts. - Partnering with external security operations providers and internal stakeholders to investigate and respond to cybersecurity incidents. - Developing and enhancing endpoint detection and response (EDR) capabilities to improve threat visibility and response effectiveness across the enterprise. - Implementing and maintaining security controls supporting endpoint security, privileged access management, identity protection, vulnerability management, and data protection. - Driving vulnerability assessment and remediation activities while partnering with infrastructure and application teams to reduce enterprise risk. - Supporting data governance and Data Loss Prevention (DLP) initiatives utilizing Microsoft Purview and related technologies. - Monitoring and securing cloud, web, and SaaS environments through Netskope and other cloud security solutions. - Leveraging Darktrace and other advanced threat detection technologies to identify anomalous behavior and emerging threats. - Designing and optimizing security telemetry, log ingestion, and monitoring capabilities utilizing Cribl and related technologies. - Developing security automation, operational playbooks, standard operating procedures, and security documentation to support a growing global security program. - Supporting phishing awareness and security education initiatives across the organization. - Collaborating with global security team members to provide operational support, share technical expertise, and ensure consistent security coverage across platforms. - Contributing to the development of security standards, policies, and best practices that support ANDREW's long-term cybersecurity strategy. Qualifications - Bachelor's degree in Information Security, Computer Science, Information Technology, Engineering, or a related field, or equivalent work experience. - 7+ years of experience in cybersecurity, security engineering, security operations, incident response, or a related technical discipline. - Hands-on experience administering and supporting CrowdStrike Falcon, Microsoft Defender, and CyberArk within an enterprise environment. - Experience investigating and responding to cybersecurity incidents utilizing endpoint detection and response (EDR) technologies. - Strong understanding of endpoint security, identity and access management (IAM), privileged access management (PAM), vulnerability management, incident response, and data protection principles. - Experience supporting multiple cybersecurity domains, including endpoint security, cloud security, identity security, vulnerability management, and threat detection. - Experience correlating and analyzing security events across endpoint, network, cloud, identity, and application environments. - Demonstrated ability to independently troubleshoot, investigate, and resolve complex security issues. - Experience developing security processes, operational procedures, or technical documentation. Requirements - You Will Excite Us If You Have: - Experience supporting mergers, acquisitions, divestitures, or large-scale IT transformation initiatives. - Experience participating in the response and recovery efforts associated with significant cybersecurity incidents or breaches. - Experience with Microsoft Sentinel or other SIEM/SOAR platforms. - Experience integrating security technologies through APIs, automation frameworks, or orchestration tools. - Experience working within small-to-medium-sized organizations where security engineers maintain responsibility across multiple security disciplines. - Familiarity with cybersecurity frameworks and standards including NIST, ISO 27001, CIS Controls, and MITRE ATT&CK. - Industry certifications such as CISSP, GIAC, GSEC, GCIH, Security+, CEH, CCSP, or equivalent. - Experience supporting global manufacturing, telecommunications, or technology organizations. Benefits Why ANDREW? - Explore exciting career opportunities at ANDREW, part of the Amphenol family. - With a legacy of over 85 years in wireless innovation, we empower mobile operators and enterprises with cutting-edge solutions. - ANDREW, an Amphenol company, is proud of our reputation as an excellent employer. - Our focus is to provide the highest level of support and responsiveness to both our employees and our customers, the world's largest technology companies. - ANDREW offers the opportunity for career growth within a global organization. - We believe that our company is unique in that every employee, regardless of his or her position, has the ability to positively impact the business. - ANDREW is an “Equal Opportunity Employer” - Minority/Female/Disabled/Veteran/Sexual Orientation/Gender Identity/National Origin. For additional company information please visit our website at https://www.andrew.com/ Please note we do not accept applications via email. If you have questions after applying, please contact talentacquisition@andrew.com .
Cloud Network Engineer
TEKsystemsWe're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia.
Role Description We are hiring a DevOps Engineer to build and operationalize our Azure platform for a production React + Java + MySQL application. This role will own cloud infrastructure, CI/CD, release automation, networking, security integration, and disaster recovery preparation as we move from proof of concept into a maintainable in-house production environment. Responsibilities: - Design and implement Azure infrastructure for application hosting, data services, and supporting platform components. - Build and maintain infrastructure as code using Terraform. - Design and operate CI/CD pipelines for application and infrastructure delivery. - Implement blue/green or staged release patterns, including deployment slots where appropriate. - Partner with security/networking teams on firewall, routing, and Palo Alto integration. - Establish monitoring, alerting, logging, and operational dashboards. - Create and validate backup, restore, and disaster recovery procedures. - Document the maintenance playbook and support transition to internal ownership. - Support production cutover, troubleshooting, and post-deployment stabilization. What success looks like: - Azure environment is production-ready and reproducible. - Deployment process is automated and low-risk. - Operational documentation is complete and usable by internal staff. - Disaster recovery steps are tested and documented. - Internal handoff is smooth and sustainable. Qualifications - Strong hands-on experience with Azure. - Practical experience with Terraform. - Experience building CI/CD pipelines. - Solid understanding of networking and cloud security. - Experience with release engineering and production support. - Ability to document operational procedures clearly. Requirements - Experience with App Service deployment slots and blue/green releases. - Experience with Argo CD or GitOps concepts. - Experience working with Palo Alto or similar enterprise network controls. - Experience with backups, restore testing, and disaster recovery planning. Benefits - Medical, dental & vision - Critical Illness, Accident, and Hospital - 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available - Life Insurance (Voluntary Life & AD&D for the employee and dependents) - Short and long-term disability - Health Spending Account (HSA) - Transportation benefits - Employee Assistance Program - Time Off/Leave (PTO, Vacation or Sick Leave) Company Description This is a Contract position based out of Menasha, WI. The pay range for this position is $60.00 - $72.00/hr. This position is anticipated to close on Jul 13, 2026.
