COVID-19 Vaccination Information

Across UPMC, our guiding principle is to always prioritize the safety of our employees, patients, and members. UPMC believes that vaccination is important, helps protect all, and advocates that everyone who can be vaccinated should be vaccinated.

UPMC complies with all governmental requirements related to local, state, and federal COVID-19 vaccination for employment. The Jan. 13 Supreme Court of the United States decision that the Centers for Medicare & Medicaid Services federal COVID-19 vaccine mandate will move forward requires UPMC to ensure employees either get vaccinated or receive a requested medical or religious exemption.

If you are not yet vaccinated, we urge you to get a vaccine now. You can schedule your COVID-19 vaccination through UPMC or visit a non-UPMC provider or UPMC Urgent Care location.

Proof of vaccination is not required upon hire; however, employees will be responsible for ensuring post-hire compliance by getting vaccinated or requesting a medical or religious exemption.

For more information about UPMC’s response to COVID-19, please visit

Search Our Jobs

   Current UPMC employees must apply in HR Direct

Systems Engineer (Security Risk Management) - Expert

  • Job ID: 562797599
  • Status: Full-Time
  • Regular/Temporary: Regular
  • Hours:
  • Shift: Day Job
  • Facility: Corporate Information Services
  • Department: HPLAN-Security Risk Mgmt
  • Location: 600 Grant St, Pittsburgh PA 15219
  • Union Position: No
  • Salary Range: $55.02 to $89.64 / hour


UPMC is hiring an Expert Systems Engineer to join the Health Plan's Security Risk Management team! 
The Systems Engineer Expert ensures that the stakeholder security and reliability requirements necessary to protect the organization’s mission and business processes are adequately addressed in all aspects of the IT and application architectures including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes. Acts as the subject matter expert and is the primary stakeholder for defined technologies and capabilities. Responsible for discovering and evaluating new technologies and defining POCs. This position will partner with solution architects, application development and delivery teams, quality assurance, product owners and other functions, and key business stakeholders.

  • Perform security solution design reviews, assessments, and threat modeling activities for existing and new software applications and features.
  • Apply the methods, standards, frameworks, and approaches for describing, analyzing, and documenting the organization's information technology (IT) architecture (e.g., TOGAF, DoDAF, FEAF, Zachman).
  • Evaluate applications, systems, and solutions for compliance with relevant cybersecurity and industry standards (e.g., NIST SP 800-53, HITRUST, HIPAA, PCI-DSS)
  • Interactions with Others - Successfully completes projects, tasks, and initiatives by embracing a team-first approach. Works in collaboration with team and offers feedback, where appropriate, to complete individual and group efforts. Shows the ability to adjust and be flexible to change by adapting approach when necessary. Mentors less experienced staff.
  • Communication - Responsible for demonstrating appropriate, clear, concise, and effective written and oral communications in all interactions to build relationships and accomplish day to day work and projects.
  • Troubleshooting/Critical Thinking - Independently resolve issues. Mentor less experienced staff with issue resolution. Responsible for documentation of resolutions for the team.
  • Leverage security architecture concepts including topology, protocols, components, and principles (e.g., defense-in-depth, least privilege, zero trust).
  • Self Development - Responsible for continuous self-study, trainings, partnering with more senior members of team, and/or seeking out opportunities to broaden scope to stay up to date with industry and organizational trends. Seeks feedback from senior team members for development and effectively incorporates feedback into work and behaviors.
  • Identify and make recommendations to mitigate cybersecurity issues and vulnerabilities that stem from connections with customers and partner organizations
  • Project Management - Plan and lead projects, including staff coordination. Collaborate with other technical teams, as appropriate, for successful completion of project. Lead through influence within an agile development lifecycle for multiple products, services and technologies, exceeding expectations for security and reliability engineering.
  • Core Technology Concepts - Responsible for understanding of complex technologies and their use. Demonstrates initiative to learn about current and future technologies.
  • Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.


  • Typically has 10+ years' experience with complex systems environments through education or practical experience.
  • Holds deep technical mastery and business knowledge across a technology domain.
  • Strategic thinking and analytical skills with demonstrated ability to combine broad technical, business, clinical and political factors.
  • Demonstrated success leading teams and collaborating with business partners.
  • Demonstrated understanding of the project management process. 
Preferred Qualifications: 
  • 10+ years of software development and/or systems engineering experience within an agile DevOps environment (e.g., C++, Java, or Python)
  • Knowledge of modern network access, identity, and access management solutions (e.g., PKI, Oauth, OpenID, SAML).
  • Experience with cloud-based architectures, solutions, and technologies (Azure, AWS, GCP, containers, microservices)
This is a remote position with workspace available in US Steel Tower (Pittsburgh, PA) if needed

Licensure, Certifications, and Clearances:

UPMC is an Equal Opportunity Employer/Disability/Veteran
UPMC has a Center for Engagement and Inclusion that is charged with executing leading-edge and next-generation diversity strategies to advance the organization’s diversity management capability and its national presence as a diversity leader. This includes having Employee Resource Groups, such as Women in Information Technology (WIT), Female Leadership Innovation and Growth in Health Care & Technology (FLIGHT), or PRIDE Health, that support the implementation of our diversity strategy.

Total Rewards

More than just competitive pay and benefits, UPMC’s Total Rewards package cares for you in all areas of life — because we believe that you’re at your best when receiving the support you need: professional, personal, financial, and more.

Our Values

At UPMC, we’re driven by shared values that guide our work and keep us accountable to one another. Our Values of Quality & Safety, Dignity & Respect, Caring & Listening, Responsibility & Integrity, Excellence & Innovation play a vital role in creating a cohesive, positive experience for our employees, patients, health plan members, and community. Ready to join us? Apply today.

   Current UPMC employees must apply in HR Direct

Security Alert

We are aware of scams targeting UPMC and other large companies that involve individuals posing as employees to illegitimately conduct interviews and extend false employment offers and payments to gain access to candidates' personal information. Please note that UPMC will not communicate with candidates through third-party email services like Gmail or Yahoo. While some interviews may take place via a video conferencing service, UPMC Talent Acquisition will not conduct interviews via Skype or Google Hangouts. UPMC will never ask for or disburse funds during the recruitment process. If you are hired into a role with a sign-on bonus or similar incentive, funds will be paid to you by UPMC after your start date.

If you suspect you have been a victim of a fraudulent UPMC job offer, please report the attempt using this form.