A cover letter is required for consideration for this position and should be attached as the first page of your resume. The cover letter should address your specific interest in the position and outline skills and experience that directly relate to this position.
Information Assurance: Michigan Medicine
The Information Assurance: Michigan Medicine (IA:MM) team was established to protect systems, data, and identities that Michigan Medicine relies upon. The team educates and prepares staff and students for increasing cyber threats, and proactively mitigates IT security risks in partnership with the greater U-M community. The IA:MM team enables teaching, learning, research, and healthcare in a large, open environment by helping to balance risks and threats. IA:MM collaborates and coordinates with university efforts and participates in the development of university-wide security, compliance, and privacy strategies and strives to implement best practice cybersecurity efforts.
The University of Michigan's Information Assurance: Michigan Medicine Team (IA:MM) is seeking a candidate to fulfill the role of Software Security Analyst Intermediate. This role will support identifying defects and appropriate risk reduction countermeasures in software that is produced or utilized at Michigan Medicine to ensure the confidentiality, integrity, and availability of the data, systems, and identities of our workforce, students, and patients. This role will also be responsible for partnering with stakeholders to deliver secure technical solutions. IA:MM values positive teamwork and a work-life balance including commitments to professional growth and development.
Software Design/Architecture/Implementation (50%)
Ascertain, monitor, and improve the security of software produced by Michigan Medicine
Perform software/application security testing
Engage in the software development processes of development groups at multiple touch points to ensure that software security is adequately addressed
Support compliance with the official UM Software Security Standards
Translate software security metrics into actionable intelligence for management/leadership
Software Development Support (15%)
Raise the security competency of the Michigan Medicine software development community
Select or provide secure software development training for developers
Select software development tools that will support secure programming practices
Support software development tools that allow data collection and reporting at an enterprise level
Provide mentorship to software developers in secure development practices
Assist in establishing required developer competency levels and a means for testing and monitoring required competencies
Promote cross-development group collaboration and information sharing about secure software development practices
Conduct software development maturity evaluations for entire development groups using either internal or external resources
Maintain an inventory of software development groups, developers, and the software they develop
Third-Party Application Security (15%)
Ensure that software obtained from outside sources is securely designed and implemented
Continually improve security service solutions and offerings by keeping up-to-date on security conferences, seminars, reading, research, and testing
Develop sound relationships with internal and external customers by providing accurate and effective support
Serve as a concierge to locate suitable external security resources
Bachelor’s degree in computer science, computer engineering, information assurance/security, or a related field and/or equivalent combination of education, certification and experience.
3 years’ systems analysis/programming activities in a business environment.
Familiarity with authentication/authorization methods, including multifactor authentication
Familiarity with security concepts such as least privilege, RBAC, cryptographic hashes, encryption, and logging
Experience working in a production software development environment.
Experience in applying principles and design patterns of secure software architecture.
Familiarity with software/application patching
Familiarity with change control and change management
Familiarity with threat modeling concepts, such as S.T.R.I.D.E: Spoofing of user identity, Tampering, Repudiation, Information disclosure, Denial of service), and Elevation of privilege
Familiarity with secure coding guidelines, such as the OWASP Secure Coding Guidelines
Experience with conducting code reviews
Familiarity with software testing concepts and principles, including input validation testing, fuzzing, static/dynamic analysis, black box/white-box testing, unit tests, integration testing, code coverage, boundary condition testing, and race condition testing
Working knowledge of virtualization/container technologies
Familiarity with a variety of languages, frameworks, and web/application servers, and operating systems/platforms. Examples may include, but are not limited to:
Operating systems/platforms: Windows, iOS, Linux, OS X, and Android
Ability to reverse engineer system design from source code
Ability to work independently and proactively
Excellent organizational, analytical, and independent problem-solving skills
Ability to communicate effectively, both verbally and in writing
Demonstrated success coordinating and completing multiple tasks within established and changing deadlines
Ability to contribute and collaborate effectively as a lead member of a highly-functioning and productive team
Certifications such as CISSP, GIAC-GSEC, GSSP-.NET, GSSP-Java, GWEB, or GWAPT
Experience in a healthcare environment
Experience with Agile development
Experience with DevOps
5 years’ systems analysis/programming activities in a business environment.
A Master’s degree in computer science, information assurance/security, or a related field and/or equivalent combination of education, certification and experience
Active participation in the information security community
Experience in giving security-related conference presentations
Experience in conducting security training
Familiarity with application exploit principles and techniques
Familiarity with disassemblers and debuggers
Ability to reverse engineer software available only in binary form
Experience with web application penetration testing
Michigan Medicine conducts background screening and pre-employment drug testing on job candidates upon acceptance of a contingent job offer and may use a third party administrator to conduct background screenings. Background screenings are performed in compliance with the Fair Credit Report Act. Pre-employment drug testing applies to all selected candidates, including new or additional faculty and staff appointments, as well as transfers from other U-M campuses.
Michigan Medicine improves the health of patients, populations and communities through excellence in education, patient care, community service, research and technology development, and through leadership activities in Michigan, nationally and internationally. Our mission is guided by our Strategic Principles and has three critical components; patient care, education and research that together enhance our contribution to society.
Job openings are posted for a minimum of seven calendar days. The review and selection process may begin as early as the eighth day after posting. This opening may be removed from posting boards and filled anytime after the minimum posting period has ended.
The University of Michigan is an equal opportunity/affirmative action employer.
Internal Number: 174978
About University of Michigan - Ann Arbor
A great university is made so by its faculty and staff, and Michigan is recognized as one of the best universities to work for in the country. The Michigan culture is known for engaging faculty and staff in all facets of the university to create a workplace that is vibrant and stimulating.For two consecutive years, the Chronicle of Higher Education has placed U-M in its "Great Colleges to Work For" survey. In particular, the university earns high marks for strong relations between faculty and administrators, a collaborative system of governance, strong pay and benefits, and a healthy work/life balance.