A cover letter is required for consideration for this position and should be attached as the first page of your resume. The cover letter should address your specific interest in the position and outline skills and experience that directly relate to this position.
The University of Michigan's Information Assurance: Michigan Medicine Team (IA:MM) is seeking a candidate to fulfill the role of Software Security Analyst Intermediate. This role will support identifying defects and appropriate risk reduction countermeasures in software that is produced or utilized at Michigan Medicine to ensure the confidentiality, integrity, and availability of the data, systems, and identities of our workforce, students, and patients. This role will also be responsible for partnering with stakeholders to deliver secure technical solutions.
Ascertain, monitor, and improve the security of software produced by Michigan Medicine
Perform software/application security testing
Engage in the software development processes of development groups at multiple touch points to ensure that software security is adequately addressed
Support compliance with the official UM Software Security Standards
Translate software security metrics into actionable intelligence for management/leadership
Software Development Support
Raise the security competency of the Michigan Medicine software development community
Select or provide secure software development training for developers
Select software development tools that will support secure programming practices
Support software development tools that allow data collection and reporting at an enterprise level
Provide mentorship to software developers in secure development practice
Assist in establishing required developer competency levels and a means for testing and monitoring required competencies
Promote cross-development group collaboration and information sharing about secure software development practices
Conduct software development maturity evaluations for entire development groups using either internal or external resources
Maintain an inventory of software development groups, developers, and the software they develop
Third-Party Application Security
Ensure that software obtained from outside sources is securely designed and implemented
Continually improve security service solutions and offerings by keeping up-to-date on security conferences, seminars, reading, research, and testing
Develop sound relationships with internal and external customers by providing accurate and effective support
Serve as a concierge to locate suitable external security resources
Bachelor’s degree in computer science, information assurance/security, a related field and/or equivalent combination of education, certification and experience
3 years systems analysis/programming activities in a business environment
Familiarity with authentication/authorization methods, including multi factor authentication
Familiarity with security concepts such as least privilege, RBAC, cryptographic hashes, encryption, threat modeling concepts, secure coding guidelines, and logging
Familiarity with software testing concepts and principles, including input validation testing, fuzzing, static/dynamic analysis, black box/white-box testing, unit tests, integration testing, code coverage, boundary condition testing, and race condition testing
Working knowledge of virtualization/container technologies
Familiarity with a variety of languages, frameworks, and web/application servers, and operating systems/platforms
Certifications such as CISSP, GIAC-GSEC, GSSP-.NET, GSSP-Java, GWEB, or GWAPT
Experience with DevOps
Experience with systems analysis/programming activities in a business environment
Ability to reverse engineer system design from source code
Experience in applying principles and design patterns of secure software architecture
Familiarity with application exploit principles and techniques
Familiarity with disassemblers and debuggers
Familiarity with software/application patching, change control, and change management
Familiarity with Experience with conducting code reviews and web application penetration testing
Michigan Medicine conducts background screening and pre-employment drug testing on job candidates upon acceptance of a contingent job offer and may use a third party administrator to conduct background screenings. Background screenings are performed in compliance with the Fair Credit Report Act. Pre-employment drug testing applies to all selected candidates, including new or additional faculty and staff appointments, as well as transfers from other U-M campuses.
Michigan Medicine improves the health of patients, populations and communities through excellence in education, patient care, community service, research and technology development, and through leadership activities in Michigan, nationally and internationally. Our mission is guided by our Strategic Principles and has three critical components; patient care, education and research that together enhance our contribution to society.
Job openings are posted for a minimum of seven calendar days. The review and selection process may begin as early as the eighth day after posting. This opening may be removed from posting boards and filled anytime after the minimum posting period has ended.
The University of Michigan is an equal opportunity/affirmative action employer.
Internal Number: 196424
About University of Michigan - Ann Arbor
A great university is made so by its faculty and staff, and Michigan is recognized as one of the best universities to work for in the country. The Michigan culture is known for engaging faculty and staff in all facets of the university to create a workplace that is vibrant and stimulating.For two consecutive years, the Chronicle of Higher Education has placed U-M in its "Great Colleges to Work For" survey. In particular, the university earns high marks for strong relations between faculty and administrators, a collaborative system of governance, strong pay and benefits, and a healthy work/life balance.