Salary: $115,000.00 – $125,000.00 Annually Location : Statewide, CO Job Type: Full Time Job Number: EGB93511 Department: Governor’s Office of Information Technology Opening Date: 06/04/2024 Closing Date: 6/18/2024 11:59 PM Mountain FLSA: Determined by Position Primary Physical Work Address: (Remote from anywhere in CO) FLSA Status: Exempt; position is not eligible for overtime compensation. Department Contact Information: Type of Announcement: This announcement is not governed by the selection processes of the classified personnel system. Applications will be considered from residents and non-residents of Colorado. How To Apply: Please submit an online application for this position at Reach out to the Department Contact to apply using a paper application, including any supplemental questions. Failure to submit a complete and timely application may result in the rejection of your application. Applicants are responsible for ensuring that application materials are received by the appropriate Human Resources office before the closing date and time listed. Department Information Serving People. Serving Colorado. The work of employees at the Governor’s Office of Information Technology (OIT) is challenging and diverse because the needs of agencies, customers and Coloradans constantly evolve. But our focus never changes: improve the lives of all Coloradans through innovation and collaboration. We’re building one of the nation’s leading government IT organizations by reimagining how we support agencies, building first-of-their-kind applications, and creating an inclusive, collaborative culture, together. Join us in the important work of providing equitable access to services. We believe equity, diversity, and inclusion drive our success, and encourage candidates from all identities, backgrounds, and abilities to apply. We know it’s important to support each other, and that means having a healthy balance of work and personal time, and that allow us all to have fulfilling lives. Watch this two-minute video to learn about how OIT’s mission, vision, and values inspire us to provide solutions that power the services Coloradans rely on every day. Description of Job IMPORTANT NOTE: Please review your application to ensure completion. For the most equitable applicant experience, OIT’s hiring team considers only the contents of your application to review your qualifications. Please do not include any attachments (such as resume or cover letter) with your application as these items are not used by OIT’s hiring team. OIT is looking for a skilled Principal Penetration Tester to join our team and play a vital role in safeguarding Colorado State’s networks, applications, and systems. In this key position, you will perform comprehensive penetration tests using both manual and automated methods to identify security vulnerabilities. You will work closely with the Information Security Office to analyze findings, conduct root cause analyses, document results, and recommend measures to enhance security and mitigate risks. Staying current with evolving security threats and techniques, you’ll continuously refine our penetration testing methodologies. Your key daily responsibilities will include: Development of a robust penetration testing program. Scheduling and leading agencies through penetration testing engagements from beginning to end: identifying scope, developing rules of engagement, testing, and readouts. Conducting manual and automated penetration tests (black-box, gray-box, white-box) across various networks, applications, and systems. Providing expertise in designing and implementing security controls aligned with industry standards and best practices. Participating in threat modeling exercises led by the Threat Intel team to identify potential attack vectors and prioritize security efforts. Minimum Qualifications, Substitutions, Conditions of Employment & Appeal Rights A wide salary range is posted for this position and any job offer is based upon a salary analysis to comply with the Colorado Equal Pay for Equal Work Act. The salary analysis considers relevant experience, education, certifications, and state seniority as compared to others doing substantially similar work. While most salary offers are made within the posted range, occasionally an offer is made below or above the posted range based upon this salary analysis. This is a skills-based job announcement. The required minimum qualifications and/or education (if substituting for the proven experience, knowledge, and skills), are as follows: Minimum Qualifications: 6+ years in IT Security, including a minimum of 3 years in Penetration Testing. Substitutions: Additional appropriate education will substitute for the required experience on a year-for-year basis, but cannot completely substitute for these qualifications. Training or Certification related to the work assigned to the position will be assigned credit towards substitution for experience and/or education, but cannot completely substitute for these qualifications. If the minimum qualifications include a degree requirement, additional appropriate paid or unpaid experience will substitute for the required education on a year-for-year basis. Preferred Qualifications: Project management experience. Relevant Certifications ex. GPEN, CCPN, OSCP, GXPN. Secure web app design, cryptography and key material handling, authentication mechanisms (OAUTH, SAML, OpenID), SDLC integration (fuzzing tests, static and dynamic code analysis). Proficiency with scripting languages. Conditions of Employment: OIT candidates and employees must comply with any screening procedures in place at state entity locations where they might be required to perform work. A pre-employment background check will be conducted as part of the selection process. Positions supporting some agencies such as the Department of Corrections and the Department of Public Safety will also require a pre-employment drug test. This position may require travel within the specified geographic area, and to locations across the state as needed. This position may require on-call duties as needed by the position. Supplemental Information If this posting indicates “remote from anywhere in CO” in the title, periodic reporting to the primary state work location designated for the position is required. All remote work must be performed in Colorado. While candidates from out of state will be considered for this role, the candidate selected for the position must relocate and reside in Colorado on the first day of their new position. There is no form of relocation assistance, financial or otherwise, available for any position.A reasonable timeframe for relocation will be established on an individual basis, while considering business needs, and determining a start date. Our application process and what to expect after you apply are described in the videos found here. The State of Colorado believes that equity, diversity, and inclusion drive our success, and we encourage candidates from all identities, backgrounds, and abilities to apply. The State of Colorado is an equal opportunity employer committed to building inclusive, innovative work environments with employees who reflect our communities and enthusiastically serve them. Therefore, in all aspects of the employment process, we provide employment opportunities to all qualified applicants without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity or expression, pregnancy, medical condition related to pregnancy, creed, ancestry, national origin, marital status, genetic information, or military status (with preference given to military veterans), or any other protected status in accordance with applicable law. The Governor’s Office of Information Technology is committed to the full inclusion of all qualified individuals. As part of this commitment, our agency will assist individuals who have a disability with any reasonable accommodation requests related to employment, including completing the application process, interviewing, completing any pre-employment testing, participating in the employee selection process, and/or to perform essential job functions where the requested accommodation does not impose an undue hardship. If you have a disability and require reasonable accommodation to ensure you have a positive experience applying or interviewing for this position, please direct your inquiries to our ADA Coordinator at or call (303) 764-7900. This posting may be used to fill multiple vacancies based upon business need. The Governor’s Office of Information Technology does NOT offer sponsored Visas for employment purposes. Please note that each agency’s contact information is different; therefore, we encourage all applicants to view the full, official job announcement which includes contact information and class title. Select the job you wish to view, then click on the “Print” icon. 01 What is it about this job that led you to apply? 02 Please describe how you learned of this job opening. 03 The Governor’s Office of Information Technology (OIT) complies with Colorado’s Equal Pay for Equal Work Act. While a wide salary range is posted, specific criteria (experience, education, state seniority, etc.) will be used to determine any salary offer. While most salary offers are made within the posted range, occasionally an offer is made below or above the posted range based upon this salary analysis. It is this salary analysis, rather than any negotiation process, that determines any salary offer. Please acknowledge your understanding of this process and the posted salary range for this position. Yes, I understand the above statement. 04 All remote work must be performed from within the State of Colorado. If you live out of state and are selected for this position you must relocate to Colorado before commencing employment. There is no form of relocation assistance, financial or otherwise, available for any position. Do you wish to proceed with your submission? Yes, I understand the above statement. 05 If any of the State of Colorado positions listed in your employment history were performed as a contract employee, you MUST list the position/s, State Agency, and the name of the contracting company by whom you were paid during the contract position. If this does not apply, please type “N/A”. 06 Do you currently reside in the state of Colorado? Yes No 07 Will you now or in the future require sponsorship for employment visa status, including but not limited to H-1B or F-1 student visa status. Yes, I will require sponsorship for employment visa status, including but not limited to H-1B or F-1 student visa status? No, I will not require any type of Visa sponsorship. 08 When in your career did you perform proactive research to detect new attack vectors and critical vulnerabilities? Required Question
OffSec Certified Professional (OSCP) penetration-testing Project management scripting-languages cryptography