COVID-19 Vaccination Information

Across UPMC, our guiding principle is to always prioritize the safety of our employees, patients, and members. UPMC believes that vaccination is important, helps protect all, and advocates that everyone who can be vaccinated should be vaccinated.

UPMC complies with all governmental requirements related to local, state, and federal COVID-19 vaccination for employment. The Jan. 13 Supreme Court of the United States decision that the Centers for Medicare & Medicaid Services federal COVID-19 vaccine mandate will move forward requires UPMC to ensure employees either get vaccinated or receive a requested medical or religious exemption.

If you are not yet vaccinated, we urge you to get a vaccine now. You can schedule your COVID-19 vaccination through UPMC or visit a non-UPMC provider or UPMC Urgent Care location.

Proof of vaccination is not required upon hire; however, employees will be responsible for ensuring post-hire compliance by getting vaccinated or requesting a medical or religious exemption.

For more information about UPMC’s response to COVID-19, please visit

Search Our Jobs

   Current UPMC employees must apply in HR Direct

Information Security Analyst - Senior (Vulnerability Management)

  • Job ID: 397837732
  • Status: Full-Time
  • Regular/Temporary: Regular
  • Hours:
  • Shift: Day Job
  • Facility: Corporate Information Services
  • Department: System Security IT
  • Location: 3600 Forbes Ave, Pittsburgh PA 15213
  • Union Position: No
  • Salary Range: $40.06 to $65.02 / hour



UPMC is actively hiring for a Senior Information Security Analyst role within the Vulnerability Management team. The Vulnerability Management team is responsible for identifying and communicating security vulnerabilities on-premise and in the cloud for UPMC digital assets and applications across UPMC’s domestic and international locations.  

The Information Security Analyst - Senior supports the Information Security Group's efforts to develop secure systems and networks through the identification, implementation, and operation of security tools and the development and execution of security processes and standards.

  • Participate as key member of the organization's incident responses team
  • Work with junior members of the team to assist in the development of their skill sets
  • Participate in education and awareness activities within the organization

If you are someone who has a passion for information security and is excited to work within a close-knit team of highly knowledgeable individuals, then we encourage you to apply today! 


  • Perform comprehensive vulnerability assessments and continuous monitoring across the organization.
  • Manage the entire lifecycle of vulnerabilities from discovery, triage, advising, remediation, and validation.
  • Work with various different business units to perform vulnerability assessments on systems or applications.
  • Examine systems and applications to assess the current security posture.
  • Work with 3rd parties to conduct required security assessments, tests etc.
  • Assists in the planning and execution of Red-Team exercises
  • Participate as key member of the organization's incident responses team
  • Work with junior members of the team to assist in the development of their skill sets
  • Participate in education and awareness activities within the organization
  • Manage vulnerability related tickets to ensure issues are remediated within proper timelines.
  • Participates in an On-Call Team rotation.



  • Typically has a 4-year academic degree and 5+ years of information security or equivalent practical work experience.

  • Demonstrates and applies thorough understanding of information technology tools, best practices, and concepts.

  • Completes on-going training on-the-job, through courses, self-study, certifications and/or advanced degrees to maintain and enhance technical and business capabilities.

  • Maintains current knowledge of security techniques and technologies and applies that knowledge to mitigate risk. Participates in an On-Call Team rotation.

Licensure, Certifications, and Clearances:
CompTIA Network+, Security+ and CISSP certifications are preferred

UPMC is an Equal Opportunity Employer/Disability/Veteran

Total Rewards

More than just competitive pay and benefits, UPMC’s Total Rewards package cares for you in all areas of life — because we believe that you’re at your best when receiving the support you need: professional, personal, financial, and more.

Our Values

At UPMC, we’re driven by shared values that guide our work and keep us accountable to one another. Our Values of Quality & Safety, Dignity & Respect, Caring & Listening, Responsibility & Integrity, Excellence & Innovation play a vital role in creating a cohesive, positive experience for our employees, patients, health plan members, and community. Ready to join us? Apply today.

   Current UPMC employees must apply in HR Direct

Security Alert

We are aware of scams targeting UPMC and other large companies that involve individuals posing as employees to illegitimately conduct interviews and extend false employment offers and payments to gain access to candidates' personal information. Please note that UPMC will not communicate with candidates through third-party email services like Gmail or Yahoo. While some interviews may take place via a video conferencing service, UPMC Talent Acquisition will not conduct interviews via Skype or Google Hangouts. UPMC will never ask for or disburse funds during the recruitment process. If you are hired into a role with a sign-on bonus or similar incentive, funds will be paid to you by UPMC after your start date.

If you suspect you have been a victim of a fraudulent UPMC job offer, please report the attempt using this form.