Description
Responsibilities:
-
Perform security solution design reviews, assessments, and threat modeling activities for existing and new software applications and features.
-
Apply the methods, standards, frameworks, and approaches for describing, analyzing, and documenting the organization's information technology (IT) architecture (e.g., TOGAF, DoDAF, FEAF, Zachman).
-
Evaluate applications, systems, and solutions for compliance with relevant cybersecurity and industry standards (e.g., NIST SP 800-53, HITRUST, HIPAA, PCI-DSS)
-
Interactions with Others - Successfully completes projects, tasks, and initiatives by embracing a team-first approach. Works in collaboration with team and offers feedback, where appropriate, to complete individual and group efforts. Shows the ability to adjust and be flexible to change by adapting approach when necessary. Mentors less experienced staff.
-
Communication - Responsible for demonstrating appropriate, clear, concise, and effective written and oral communications in all interactions to build relationships and accomplish day to day work and projects.
-
Troubleshooting/Critical Thinking - Independently resolve issues. Mentor less experienced staff with issue resolution. Responsible for documentation of resolutions for the team.
-
Leverage security architecture concepts including topology, protocols, components, and principles (e.g., defense-in-depth, least privilege, zero trust).
-
Self Development - Responsible for continuous self-study, trainings, partnering with more senior members of team, and/or seeking out opportunities to broaden scope to stay up to date with industry and organizational trends. Seeks feedback from senior team members for development and effectively incorporates feedback into work and behaviors.
-
Identify and make recommendations to mitigate cybersecurity issues and vulnerabilities that stem from connections with customers and partner organizations
-
Project Management - Plan and lead projects, including staff coordination. Collaborate with other technical teams, as appropriate, for successful completion of project. Lead through influence within an agile development lifecycle for multiple products, services and technologies, exceeding expectations for security and reliability engineering.
-
Core Technology Concepts - Responsible for understanding of complex technologies and their use. Demonstrates initiative to learn about current and future technologies.
-
Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
Qualifications
-
Typically has 10+ years' experience with complex systems environments through education or practical experience.
-
Holds deep technical mastery and business knowledge across a technology domain.
-
Strategic thinking and analytical skills with demonstrated ability to combine broad technical, business, clinical and political factors.
-
Demonstrated success leading teams and collaborating with business partners.
-
Demonstrated understanding of the project management process.
-
10+ years of software development and/or systems engineering experience within an agile DevOps environment (e.g., C++, Java, or Python)
-
Knowledge of modern network access, identity, and access management solutions (e.g., PKI, Oauth, OpenID, SAML).
-
Experience with cloud-based architectures, solutions, and technologies (Azure, AWS, GCP, containers, microservices)
Licensure, Certifications, and Clearances:
UPMC is an Equal Opportunity Employer/Disability/Veteran
Total Rewards
More than just competitive pay and benefits, UPMC’s Total Rewards package cares for you in all areas of life — because we believe that you’re at your best when receiving the support you need: professional, personal, financial, and more.
Our Values
At UPMC, we’re driven by shared values that guide our work and keep us accountable to one another. Our Values of Quality & Safety, Dignity & Respect, Caring & Listening, Responsibility & Integrity, Excellence & Innovation play a vital role in creating a cohesive, positive experience for our employees, patients, health plan members, and community. Ready to join us? Apply today.