How to Apply
A cover letter is required for consideration for this position and should be attached as the first page of your resume. The cover letter should address your specific interest in the position and outline skills and experience that directly relate to this position.
The Information Assurance: Michigan Medicine (IA:MM) team was established to protect systems, data, and identities that Michigan Medicine relies upon. The team educates and prepares staff and students for increasing cyber threats, and proactively mitigates IT security risks in partnership with the greater U-M community. The IA:MM team enables teaching, learning, research, and healthcare in a large, open environment by helping to balance risks and threats. IA:MM collaborates and coordinates with university efforts and participates in the development of university-wide security, compliance, and privacy strategies and strives to implement best practice cybersecurity efforts.
The University of Michigan's Information Assurance: Michigan Medicine Team (IA:MM) is seeking a candidate to fulfill the role of Software Security Analyst Intermediate. This role will support identifying defects and appropriate risk reduction countermeasures in software that is produced or utilized at Michigan Medicine to ensure the confidentiality, integrity, and availability of the data, systems, and identities of our workforce, students, and patients. This role will also be responsible for partnering with stakeholders to deliver secure technical solutions.
We are a team that focuses on how we can together help protect Michigan Medicine; it’s patients, students, workforce, data, systems, and identities from cybersecurity threats. We champion our staff, their backgrounds, interests, and abilities with opportunities for training career growth in an increasing critical field. In addition to the benefits of working at one of the best learning and research institutions in the world, we also promote the development of our talented staff’s cybersecurity career within an equitable balance of work and home priorities. This position is being made available with the ability for you to negotiate alternative work schedules and remote/on-site options to suit your work-life balance. Non-Michigan residents should inquire about potential employment while working remotely in a state other than Michigan.
Our Division’s Mission
We serve as a trusted partner and provide a best-in-class security program to uphold and protect the mission of Michigan Medicine.
Our Division’s Vision
We believe in cultivating a shared responsibility of security to enhance how we provide care, deliver education and create innovation to protect the quality of healthcare.
Our Division’s Principles
- Prioritize your self-care, family-care, team-care, then the work.
- Implement balanced assurance solutions.
- Strengthen our department’s capabilities.
- Develop an assurance-minded workforce
- Focus on practical information assurance.
Michigan Medicine improves the health of patients, populations and communities through excellence in education, patient care, community service, research and technology development, and through leadership activities in Michigan, nationally and internationally. Our mission is guided by our Strategic Principles and has three critical components; patient care, education and research that together enhance our contribution to society.
Software Design/Architecture/Implementation (50%)
- Ascertain, monitor, and improve the security of software produced by Michigan Medicine
- Perform software/application security testing
- Engage in the software development processes of development groups at multiple touch points to ensure that software security is adequately addressed
- Support compliance with the official UM Software Security Standards
- Translate software security metrics into actionable intelligence for management/leadership
Software Development Support (15%)
- Raise the security competency of the Michigan Medicine software development community
- Select or provide secure software development training for developers
- Select software development tools that will support secure programming practices
- Support software development tools that allow data collection and reporting at an enterprise level
- Provide mentorship to software developers in secure development practices
- Assist in establishing required developer competency levels and a means for testing and monitoring required competencies
- Promote cross-development group collaboration and information sharing about secure software development practices
- Conduct software development maturity evaluations for entire development groups using either internal or external resources
- Maintain an inventory of software development groups, developers, and the software they develop
Third-Party Application Security (15%)
- Ensure that software obtained from outside sources is securely designed and implemented
- Continually improve security service solutions and offerings by keeping up-to-date on security conferences, seminars, reading, research, and testing
- Develop sound relationships with internal and external customers by providing accurate and effective support
- Serve as a concierge to locate suitable external security resources
- Bachelor’s degree in computer science, information assurance/security, a related field and/or equivalent combination of education, certification and experience.
- 3 years’ systems analysis/programming activities in a business environment.
- Familiarity with authentication/authorization methods, including multi factor authentication
- Familiarity with security concepts such as least privilege, RBAC, cryptographic hashes, encryption, threat modeling concepts, secure coding guidelines, and logging.
- Familiarity with software testing concepts and principles, including input validation testing, fuzzing, static/dynamic analysis, black box/white-box testing, unit tests, integration testing, code coverage, boundary condition testing, and race condition testing
- Working knowledge of virtualization/container technologies
- Familiarity with a variety of languages, frameworks, and web/application servers, and operating systems/platforms.
- Certifications such as CISSP, GIAC-GSEC, GSSP-.NET, GSSP-Java, GWEB, or GWAPT
- Experience with DevOps
- Experience with systems analysis/programming activities in a business environment.
- Ability to reverse engineer system design from source code
- Experience in applying principles and design patterns of secure software architecture.
- Familiarity with application exploit principles and techniques
- Familiarity with disassemblers and debuggers
- Familiarity with software/application patching, change control, and change management
- Familiarity with Experience with conducting code reviews and web application penetration testing.
We offer a benefits package that includes comprehensive training and career development opportunities, generous retirement savings plans, ample paid time off, and a wealth of family care support: careers.umich.edu/benefits/
Michigan Medicine conducts background screening and pre-employment drug testing on job candidates upon acceptance of a contingent job offer and may use a third party administrator to conduct background screenings. Background screenings are performed in compliance with the Fair Credit Report Act. Pre-employment drug testing applies to all selected candidates, including new or additional faculty and staff appointments, as well as transfers from other U-M campuses.
Job openings are posted for a minimum of seven calendar days. The review and selection process may begin as early as the eighth day after posting. This opening may be removed from posting boards and filled anytime after the minimum posting period has ended.
U-M EEO/AA Statement
The University of Michigan is an equal opportunity/affirmative action employer.