Role Description We are seeking a QA Security Analyst to ensure the quality and security of our applications. This role combines functional testing with security testing, focusing on identifying vulnerabilities early in the development lifecycle. The ideal candidate has a strong QA background with hands-on experience in security testing and a solid understanding of common application vulnerabilities. - Perform functional, regression, and security testing for web and/or mobile applications - Identify and report security vulnerabilities (e.g., OWASP Top 10) - Conduct API security testing and validation - Execute basic to intermediate penetration testing activities - Validate fixes for reported vulnerabilities - Collaborate with developers to ensure secure coding practices - Develop and maintain test cases, including security-focused scenarios - Integrate security testing into CI/CD pipelines where applicable - Document test results and provide clear reporting Qualifications - 2–5 years of experience in QA or software testing - Strong understanding of software testing methodologies and lifecycle - Experience with API testing tools (e.g., Postman) - Familiarity with automation tools (e.g., Selenium, Cypress) - Basic understanding of security testing principles

Title: Information Security Analyst Requisition Number: JR10010344 Remote Type: Hybrid Location: Madison, Wisconsin Category: Information Technology Time Type: Full time Job Category: Academic Staff Employment Type: Regular Job Profile: Info Sec Analyst III (Inst) Job Summary: The Risk Management and Compliance (RMC) team within the Office of Cybersecurity is looking for an experienced risk analyst to address the internal security review requests from UW-Madison campus partners. This could include new tools, services, platforms or departmental risk reviews to ensure the security of UW-Madison data at all levels – Public to Restricted (ePHI). This position will work collaboratively with our campus partners, UW-Madison service providers, and third-party vendors to assess risk and present these risks to campus stakeholders. Responsibilities include evaluating current system use and data classification as entered by the system owner, collaboration with the Office of Compliance on privacy risks and presentation of overall risk with opportunities to improve security prior to utilization. Information gathered to establish the data flow and scope of these requests will be entered by campus partners in an enterprise risk review tool (OneTrust). A successful individual will have information security expertise as well as project management, business analysis, solution implementation skills, the ability to communicate to technical, non-technical staff and university leadership. This position reports to the Office of Cybersecurity and serves as a campus technical expert and authority on information security risk analysis and compliance matters. As a trusted advisor and partner with UW-Madison campus partners, UW System integration teams, project managers and system owners, this position will focus on the most efficient and impactful way to review risk of existing tools and present opportunities for improving overall security. This position will also have specific responsibility to assist in the establishment and maintenance of an RMC project management tool to improve overall efficiency. Acquiring feedback from campus partners and liaisons is also required to make procedural adjustments to the service this team offers. The candidate selected for this position may perform a combination of on-site and remote work subject to an approved flexible work arrangement (FWA), which is reviewed and approved annually. Remote work requires successful candidates to possess their own high-speed internet and phone to perform the work on a university provided computer. Per University policy, transportation between home and assigned work location is not payable/reimbursable and will be at the expense of the employee. This position will primarily work remotely but may occasionally need to come to campus for scheduled meetings, retreats, or workshops. The Division of Information Technology (DoIT) is an exciting and dynamic work environment grounded in organizational principles that include family and personal life/work balance; an inclusive, respectful, and supportive work environment; professional development opportunities; innovation; and alignment with the campus's teaching, learning, and research missions. DoIT provides core IT infrastructure services to the university, develops and implements services for the university and in some cases, for the Universities of Wisconsin, plays a major role in managing the state-wide higher education network and regional networks. Key Job Responsibilities: - Conducts vulnerability-scanning analysis, tests security controls, documents the results of risk assessments, and designs procedures to prevent future incidents - Assists in the design, development, and implementation of security methodology and infrastructure for major systems - Liaison with campus IT practitioners to gather needs and feedback for RMC to ensure efficiency - Configures, develops, and tests applications and security controls - Assist in development and documentation of an RMC project management tool to include processes and workflows Department: Division of Information Technology, Office of Cybersecurity, Risk Management & Compliance (RMC) The Office of Cybersecurity leads and manages university efforts to reduce risk through data protection, continuous diagnostics, cybersecurity awareness training, and effective processes and procedures to safeguard intellectual property and sensitive information. The office has four teams: Risk Management and Compliance, Cybersecurity Operations, Business Systems Security and Cybersecurity Programs, and IT Policies. The Risk Management & Compliance (RMC) team has established a formalized risk assessment program for campus. This program offers review and validation on technical, administrative, and physical controls that affect the security of a vendor or service handling UW–‍Madison data. RMC assessments are designed to communicate levels of risk and provide recommendations for risk reduction. Compensation: Starting salary will be based on experience and qualifications. Well qualified applicants can anticipate to earn between $97,000 - $115,000, with final salary based on experience and qualifications. Employees in this position can expect to receive benefits such as generous vacation, holidays, and sick leave; competitive insurances and savings accounts; retirement benefits. Required Qualifications: - Established professional experience conducting risk assessments against recognized standards (NIST, COBIT or ISO) with minimal oversight. - Established professional experience working with security requirements within a healthcare, higher ed, or research organization. - Working knowledge of NIST, HIPAA, or PCI Data Security standards along with virtual environment, AI and cloud computing services and demonstrate professional certification in Information Security or IT Audits. - Experience executing project management skills including setting expectations, design review, threat modeling and risk profiling while working across a large, distributed organization that is representative of diverse IT and business communities. - Experience working independently to conduct technical investigations with diverse constituents, providing detailed written reports and presentations. - Experience communicating effectively to and accepting feedback from leadership, peers, technical teams and risk assessment customers (all campus levels). Preferred Qualifications: - Experience in assessing vendors as part of procurement and implementation stagess - Experience using standard industry applications to create or update current documents to meet compliance reporting requirements (i.e. office productivity software, project management software) - Expertise using vulnerability management tools to analyze discovered vulnerabilities against current configurations to determine the organizational risk. - Experience serving as both a lead and a contributing team member on projects - Knowledge of enterprise project management tools and skills to navigate them (Ie JIRA). Education: Bachelor's Degree Preferred Minimum Institutional Statement on Diversity: Diversity is a source of strength, creativity, and innovation for UW-Madison. We value the contributions of each person and respect the profound ways their identity, culture, background, experience, status, abilities, and opinion enrich the university community. We commit ourselves to the pursuit of excellence in teaching, research, outreach, and diversity as inextricably linked goals. The University of Wisconsin-Madison fulfills its public mission by creating a welcoming and inclusive community for people from every background - people who as students, faculty, and staff serve Wisconsin and the world. The University of Wisconsin-Madison is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to, including but not limited to, race, color, religion, sex, sexual orientation, national origin, age, pregnancy, disability, or status as a protected veteran and other bases as defined by federal regulations and UW System policies. We promote excellence by acknowledging skills and expertise from all backgrounds and encourage all qualified individuals to apply.

Role Description This position will lead the development, support, and functionality rollout of an Electronic Health Record (EHR) system. - Using subject matter expertise, lead and coordinate the IT team members and collaborate with the organization in optimizing their workflow processes through building applications tailored to meet the organizations’ needs. - Responsible for learning the EHR system’s capabilities and functional use, and applying knowledge of Healthcare Business workflows to assist in the implementation of a system that meets process needs. Essential Responsibilities - Lead efforts to resolve complex technical issues and system errors, especially situations that require cross-team collaboration. - Work closely with operations to develop and coordinate team members to implement issue resolution plans. - Lead work efforts to perform routine maintenance tasks, such as software updates, patches, and upgrades, to ensure the stability and security of the EHR system. - Coordinate and lead testing and validation activities for system changes, enhancements, and upgrades, following pre-defined change management processes. - Play a key role in strategic planning initiatives related to EHR systems, collaborating with leadership to align technology investments with organizational goals and objectives. - Drive continuous improvement initiatives to enhance the functionality, usability, and interoperability of EHR systems. - Take on project management responsibilities for EHR implementation projects, system upgrades, and other initiatives. - Establish and enforce governance processes and procedures for EHR system management, ensuring compliance with regulatory requirements. - Provide leadership and mentorship to junior analysts and team members, fostering a culture of collaboration and continuous improvement. - This role will help the team’s supervisor shape the direction of the team in day-to-day work and coordinating needs for projects. Qualifications - 5+ years of experience in an Epic Security role - Certification in 1 or more Epic Applications - Multiple Epic implementation experience - Bachelor’s degree Requirements - Expert Level - This is a Contract to Hire position based out of Oklahoma City, OK. Benefits - The pay range for this position is $50.00 - $60.00/hr. - Medical, dental & vision - Critical Illness, Accident, and Hospital - 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available - Life Insurance (Voluntary Life & AD&D for the employee and dependents) - Short and long-term disability - Health Spending Account (HSA) - Transportation benefits - Employee Assistance Program - Time Off/Leave (PTO, Vacation or Sick Leave) Workplace Type - This is a fully remote position. Application Deadline - This position is anticipated to close on May 6, 2026.

• Monitor and investigate activity across dark web forums, marketplaces, encrypted messaging platforms, and other covert channels. • Track threat actor behavior, campaigns, and emerging TTPs (tactics, techniques, and procedures). • Collect, tag, and analyze relevant data including leaks, malware distribution, initial access sales, and exploit trade. • Produce high-quality intelligence reports, alerts, and briefings tailored to both technical and executive audiences. • Work with product, research, and exposure teams to enrich findings with external data and client relevance. • Maintain strong operational security (OPSEC) protocols during intelligence gathering and engagement.