• Design and build application security tooling and guardrails that integrate directly into modern development workflows, including environments that heavily leverage AI-assisted and agentic coding • Partner with Engineering and Infrastructure teams to review application architectures, develop threat models and build in secure by default patterns throughout the software development lifecycle • Identify, prioritise and remediate application security vulnerabilities, working directly with engineers and contributing to fixes where required, across the entire stack. • Ship new security features which directly improve the security posture of our products in production • Design and implement supply chain security controls across build and deployment pipelines, including artefact signing, provenance, dynamic admission controls and SBOM generation

• Perform application security assessments for web and API applications • Integrate security into Secure SDLC (SSDLC) and DevSecOps pipelines • Conduct threat modeling and security design reviews • Execute vulnerability scans using tools like Tenable • Analyze results from SAST, DAST, and manual testing • Document findings including severity, exploitability, reproduction steps, and remediation guidance • Integrate and maintain SAST/DAST tools within CI/CD pipelines • Perform vulnerability validation, PoC development, and false-positive analysis • Apply risk-based prioritization and track remediation to closure • Provide L2/L3 support, incident investigation, and root cause analysis (RCA) • Maintain AppSec documentation, audit evidence, and compliance reports • Track and report vulnerability metrics, scan coverage, and remediation status

• Elevate developer productivity by abstracting common patterns and creating tools that make building delightful. • Design, develop, and optimize our platform to be secure, reliable, and effortlessly scalable. • Diagnose and resolve bottlenecks across the stack to ensure smooth, high-performance systems. • Champion security and reliability, ensuring sensitive data stays protected at all times. • Continuously improve resilience and efficiency, especially under rapid product growth. • Collaborate cross-functionally to design and implement best practices that benefit all teams. • Own projects end-to-end — from ideation to deployment — driving quality, speed, and impact. • Enhance and expand our platform services, enabling the next generation of Assured products.

UC Health is hiring a Full Time IT Application Analyst Analyst- It Application: Seeking a detail-oriented IT Application Analyst to support our Financial Systems team, with a focus on security access management and application support. This role plays a key part in ensuring secure, compliant, and efficient access to critical business systems. About UC Health UC Health is an integrated academic health system serving Greater Cincinnati and Northern Kentucky. In partnership with the University of Cincinnati, UC Health combines clinical expertise and compassion with research and teaching—a combination that provides patients with options for even the most complex situations. Members of UC Health include: UC Medical Center, West Chester Hospital, University of Cincinnati Physicians and UC Health Ambulatory Services (with more than 900 board-certified clinicians and surgeons), Lindner Center of HOPE and several specialized institutes including: UC Gardner Neuroscience Institute and the University of Cincinnati Cancer Center. Many UC Health locations have received national recognition for outstanding quality and patient satisfaction. Learn more at uchealth.com.