Skip to main content
Take your higher calling to new heights.

Hello humankindness®

IT Cybersecurity Engineer - WebAppSec PCI

  • CommonSpirit Health
  • Englewood, Colorado, Remote
Apply Refer

About Us

Inspired by faith. Driven by innovation. Powered by humankindness. CommonSpirit Health is building a healthier future for all through its integrated health services. As one of the nation’s largest nonprofit Catholic healthcare organizations, CommonSpirit Health delivers more than 20 million patient encounters annually through more than 2,300 clinics, care sites and 158 hospital-based locations, in addition to its home-based services and virtual care offerings.

Our Mission

As CommonSpirit Health, we make the healing presence of God known in our world by improving the health of the people we serve, especially those who are vulnerable, while we advance social justice for all. To learn more about a calling that defines and unites, please click here for more information about our mission, vision, and values.

The posted compensation range of $48.71 - $80.37 /hour is a reasonable estimate that extends from the lowest to the highest pay CommonSpirit in good faith believes it might pay for this particular job, based on the circumstances at the time of posting. CommonSpirit may ultimately pay more or less than the posted range as permitted by law.

Requisition ID
2026-478009
Employment Type
Full Time
Department
Information Technology
Hours/Pay Period
80
Weekly Schedule
Monday - Friday (8:00 AM - 5:00 PM)
Shift
Day
Remote
Yes
Category
Information Technology
Post End Date
7/6/2026
Job Summary and Responsibilities

Job Summary

The Cybersecurity EngineerWebAppSec position supports the Attack Surface Management (ASM) program for CommonSpirit Health.  This program provides web application security services, performs technical security assessment services, maintains WebAppSec security systems and workflows, and provides engagement and reporting services on specific and systemic security vulnerability and configuration issues for the enterprise.

The Cybersecurity Engineer will report to the Manager, WebAppSec, as part of the overall Cyber Vigilance and Defence group, focused on identifying, protecting, responding and containing threats and vulnerabilities to the overall CommonSpirit organization.

The Cybersecurity Engineer performs web application security services related to PCI compliance such as payment scripts monitoring, web application security scans, activities to identify CommonSpirit systems, applications, services, and repositories available on the Internet, assesses system and application weaknesses, misconfigurations, or other flaws in operating systems, network devices, web applications, or other technologies that could lead to security compromises, as well as gaps in current control states.  Monitors the threat and vulnerability landscape and changing business requirements to identify functional, technological and/or control solutions.  Develops, integrates, and maintains WebAppSec tools and platforms.  Integrates all cybersecurity solutions in an optimal manner to best discover and protect the organization from cyber threats and exposures.    

May drive one or more projects, acts as a subject matter expert (SME) for one or more discovery or scanning methods, tools, and target environments.  Develops and maintains operational security processes, and assists in the remediation of the identified issues.  May act as team-lead for other security personnel.  

Job Responsibilities

  • Designs, develops, and implements new discovery and assessment solutions to integrate into and test within existing or newly defined architectures.
  • Provide support on team related engagements with Security Engineering, Identity Management Engineering, Security Architecture, SOC, Network Engineering, Clinical Engineering, Systems Engineering, Application Development, and/or other IT Operations and business function owners.
  • Act as a security advocate for IT Operations team’s adherence to CommonSpirit Health policies, security standards and requirements, and industry best practices.
  • Manage workload, prioritizing tasks and documenting time, and other duties as directed by management.
  • Pursue continuing education to grow and maintain knowledge of best practices, compliance requirements, attack surface discovery methodologies, vulnerabilities, threats and trends in information security, translating into operational action items, policies, procedures, standards and guidelines as part of the IT Security team.
  • Participate in the collection and documentation of departmental knowledge artifacts, participant in the development and population of knowledge management and collaboration systems for the IT Security team.
  • Communicates security and technical information to team members and across the IT Organization.
  • Assists Management in identifying knowledge, process, and technology gaps.
  • Provide service line support for web application security for PCI compliance.  Create and manage crawling / scanning assessments and workflows, implement and manage script monitoring technologies and services, including alerting and remediation engagement (PCI DSS v4 6.4.3 and 11.6.1), in order to safeguard payment processing applications against fraud and breaches.
  • Partner with web application development groups to analyze and remediate security concerns within payment pages.
  • Provide service line support for dynamic application security testing services and remediation engagement. 
  • Perform reviews and analysis of system and applications vulnerabilities and configurations, and support Security technical Risk Management processes.
  • Proactively identify, engage on, and escalate vulnerability and configuration issues, either system/application specific or systemic.  Lead specific engagement and remediation efforts.
  • Designs, develops, configures, and implements solutions to resolve intermediate technical and business issues related to information security.
  • Reviews and consults on security of technology solutions to resolve intermediate to high technical and business issues.
  • Provides support and works on multiple functions of intermediate to high complexity. 
  • Serves as SME for one or more web application security platforms and services.

Job Requirements

Required

  • Bachelor's Degree or 4 years of equivalent experience may be considered in lieu of Bachelor's degree.
  • 2-3 years job related experience required, specifically conducting application security testing or related activity on a multiple set of target types.


Preferred

  • Bachelors Other In a related field and 3-4 year’s experience, upon hire

Where You'll Work

Inspired by faith. Driven by innovation. Powered by humankindness. CommonSpirit Health is building a healthier future for all through its integrated health services. As one of the nation’s largest nonprofit Catholic healthcare organizations, CommonSpirit Health delivers more than 20 million patient encounters annually through more than 2,300 clinics, care sites and 137 hospital-based locations, in addition to its home-based services and virtual care offerings. CommonSpirit has more than 157,000 employees, 45,000 nurses and 25,000 physicians and advanced practice providers across 24 states and contributes more than $4.2 billion annually in charity care, community benefits and unreimbursed government programs. Together with our patients, physicians, partners, and communities, we are creating a more just, equitable, and innovative healthcare delivery system.

Total Rewards

Depending on the position offered, CommonSpirit Health offers a generous benefit package, including but not limited to medical, prescription drug, dental, vision plans, life insurance, paid time off (full-time benefit eligible team members may receive a minimum of 14 paid time off days, including holidays annually), tuition reimbursement, retirement plan benefit(s) including, but not limited to, 401(k), 403(b), and other defined benefits offerings, as may be amended from time to time. For more information, please visit our Total Rewards.

Unless directed by a Collective Bargaining Agreement, applications for this position will be considered on a rolling basis. CommonSpirit Health cannot anticipate the date by which a successful candidate may be identified.

Apply

Map this location

Look for gyms, restaurants, doctors and schools in the area.

Map this location

CommonSpirit Health™ is an Equal Opportunity/Affirmative Action employer committed to a diverse and inclusive workforce. All qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, parental status, ancestry, veteran status, genetic information, or any other characteristic protected by law. For more information about your EEO rights as an applicant, please click here [PDF].

CommonSpirit Health™ will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c). External hires must pass a post-offer, pre-employment background check/drug screen. Qualified applicants with an arrest and/or conviction will be considered for employment in a manner consistent with federal and state laws, as well as applicable local ordinances, ban the box laws, including but not limited to the San Francisco and Los Angeles Fair Chance Ordinances. If you need a reasonable accommodation for any part of the employment process, please contact us by telephone at (415) 438-5575 and let us know the nature of your request. We will only respond to messages left that involve a request for a reasonable accommodation in the application process. We will accommodate the needs of any qualified candidate who requests a reasonable accommodation under the Americans with Disabilities Act (ADA). CommonSpirit Health™ participates in E-Verify.

You have not viewed any jobs yet.

You have not saved any jobs yet.