• Be part of our Global Engineering Network! • Ensure that security is seamlessly integrated into the Software Development Lifecycle (SDLC). • Drive security initiatives from design to deployment. • Conduct advanced security assessments. • Champion a "shift-left" security culture. • Development and maintenance of a formal Secure Software Development Lifecycle (SSDLC) program. • Collaborate with architects and engineers to review feature designs, identify threats, and recommend secure alternatives. • Facilitate threat modeling sessions for new features and existing high-risk applications. • Perform advanced manual and automated penetration testing on web applications, mobile apps (iOS/Android), and APIs. • Manage, tune, and scale SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis) tools. • Integrate security tooling into CI/CD pipelines (e.g., Jenkins, GitLab CI, GitHub Actions) to provide rapid feedback to developers. • Triage, validate, and prioritize security findings from internal tools and external bug bounty programs. • Work with development teams to drive remediation efforts. • Participate in security incident response activities as a subject matter expert for application-level issues. • Stay up-to-date with the latest security threats, exploits, and vulnerabilities​.

Where You’ll Work Inspired by faith. Driven by innovation. Powered by humankindness. CommonSpirit Health is building a healthier future for all through its integrated health services. As one of the nation’s largest nonprofit Catholic healthcare organizations, CommonSpirit Health delivers more than 20 million patient encounters annually through more than 2,300 clinics, care sites and 137 hospital-based locations, in addition to its home-based services and virtual care offerings. CommonSpirit has more than 157,000 employees, 45,000 nurses and 25,000 physicians and advanced practice providers across 24 states and contributes more than $4.2 billion annually in charity care, community benefits and unreimbursed government programs. Together with our patients, physicians, partners, and communities, we are creating a more just, equitable, and innovative healthcare delivery system. Job Summary and Responsibilities The Epic Technical Principal Analyst creates or enhances applications that meet the needs of end-users and achieve business goals by identifying opportunities for improvement, making recommendations, then designing and implementing solutions. The Technical Principal Analyst works on several solutions at a time that tend to be of high complexity. They provide technical guidance and mentoring to application analyst teams and oversee the application analysts aspects of all projects. This includes assisting with workload distribution, support prioritization, and productivity\metric monitoring. Reviews and analyzes systems including testing and documenting Epic applications. The Principal role will operate as a front-line organizational liaison connecting IT, facilities, and other CommonSpirit operational groups to assist with developing and implementing technical solutions to increase the efficacy of the Epic system. The Principal role understands the strategic direction of both IT and CommonSpirit Health and works closely with other Principals to ensure consistency of support for enterprise initiatives. Works with technical staff, analysts, and Epic staff to build, configure, deploy, implement, operate, and maintain the Cache / IRIS database in a highly complex and fast-growing Epic environment. Ensures the reliability, security, and performance of numerous environments within the system. Responsible for performing installations, upgrades, patching and database configurations for Cache and IRIS systems, while maintaining proper documentation throughout the process. Works with all CommonSpirit teams as a resource during downtimes, failovers, updates, and upgrades. Services to include: hardware/software installation, operations, maintenance, patching, upgrades, monitoring and business continuity operations. Reviews and analyzes systems including testing and documenting Epic applications. Understands system options and configurations completely and can suggest and lead teams through decisions on the best way to configure and utilize the system. Remote eligible. Job Requirements Bachelors degree and 4 years of equivalent experience may be considered in lieu of Bachelor's degree Required experience: 5 years of relevant experience Experience with determining and documenting current workflows and designing future workflows to facilitate support. Experience in troubleshooting and resolving database integrity issues, performance issues, record locking issues, mirror replication issues, log shipping issues, connectivity issues, security issues. Preferred experience: 5 years of Epic Cache / IRIS operational database administration experience 5 years of Unix operating system administration and Unix tools operations 3 years of Red Hat (RHEL) system administration experience

• Act as a technical project manager, serving as an interface between customers, partner companies, and the sales team • Drive demand creation by maximizing Arrow Interconnect, Electromechanical, and Power Supply content in designs • Build and develop customer and supplier relationships by creating technical initiatives and programs • Develop and drive strategic technical plans by supplier line, technology, or customer solutions • Take responsibility for expanding business potential through targeted project work with strategic customers • Partner with the sales team, providing technical support and consulting to promote demand creation • Attend supplier training sessions in person and via conference calls

• Maintain and enhance existing application components, including 4th generation language (4GL) code such as Oracle Forms, Reports, and JavaScript. • Develop, test, and maintain application functionality during quarterly Agile sprints, supporting bug fixes, emergency priority requirements, and minor system enhancements. • Conduct code reviews at key development milestones (50%, 75%, and 90% completion) to ensure code quality and maintainability. • Apply secure coding best practices, including adherence to OWASP principles and DoD Application Security and Development (ASD) STIG requirements. • Design, maintain, and automate system interfaces and data exchange processes between the core application and internal or external interfacing systems. • Support approximately 300 annual data exchanges using Secure File Transfer Protocol (SFTP) and implement modernized data exchange mechanisms such as API-based integrations. • Develop reusable integration processes to connect with data sources across multiple cloud infrastructures and incorporate them into the enterprise architecture. • Integrate application functionality with DoD and Service-level systems to support enterprise interoperability. • Support the migration and deployment of applications to Cloud Service Providers (CSPs) in compliance with the DoD Cloud Computing Security Requirements Guide (SRG). • Assist with modernizing the existing monolithic application architecture toward micro front end and micro services based solutions. • Develop cloud-native application components and micro services supporting ongoing system modernization initiatives. • Contribute to the development of an enterprise system architecture roadmap supporting modernization efforts through 2030 and beyond. • Implement user interface and user experience improvements as part of application modernization activities. • Develop and execute unit testing and automated test cases, ensuring functionality meets performance and quality requirements. • Integrate automated tests into DevSecOps CI/CD pipelines prior to deployment authorization. • Participate in System Testing, User Acceptance Testing (UAT), interface testing, and regression testing for system releases and updates. • Perform application security scans using tools such as Fortify and Sonatype, and re-mediate vulnerabilities in accordance with Cyber Hardening Policies.