Research Data Security Engineer III

Philadelphia, PA, US, 19146

Job Type: 

Req ID: 25974

Shift: Days

Employment Status: AF - Active - Regular - Full Time 

Job Summary

The Department of Biomedical and Health Informatics (DBHi) is seeking an experienced Research Data Security Engineer III who will be able to work closely with DevOps, Infrastructure, and Application Development teams to focus on security. An individual who has practical knowledge of hybrid cloud environments and their intricacies, as well as production deployment experience will be a welcome member of the Scientific Computing team.

The Research Data Security Engineer III in the Department of Biomedical and Health Informatics develops and implements innovative security solutions to the challenging problems in the collection, management, analysis and interpretation of biomedical, genomic and clinical data. This role will work on a small team focused on security controls to support the goals of a curated enterprise research data sharing and storage program called Arcus. The role requires a high level of collaboration and teamwork.
We are looking for a highly creative person who shares our mission to advance child health and who will thrive in a continuous learning environment, acquiring and applying both new technical skills and biomedical domain knowledge.  Specifically, the Research Security Engineer III will:

•    Design and Implement Identity Access Management roles and policies. 
•    Maintain an advanced understanding of networking and asset isolation. 
•    Apply Data Loss Prevention techniques to sensitive datasets. 
•    Use their experience in Asset/Threat/Vulnerability discovery, management, and remediation
•    Bake security into all layers of the software development lifecycle. 
•    Innovate solutions that have a high impact on data-intensive clinical and translational research.
•    Design, test, and maintain these solutions as part of the Arcus data platform.
•    Mentor staff and educate others in Security practices

Job Responsibilities

A Research Data Security Engineer III is a senior contributor with similar responsibilities as the Research Data Security Engineer II, but with a great degree of complexity. A Research Data Security Engineer III may be involved in some leadership activities. A Research Data Security Engineer III also:

  • Defines and documents information security principles and processes to assist enterprise solution architects in security decisions for the enterprise, including access control, security information and event monitoring, and data loss prevention, perimeter (e.g., firewalls, IPS, web filtering) and network security (host-based firewalls, anti-virus, disk encryption).
  • Develops, builds, tests deployment strategies for information security solutions for application development as part of the organizations System Development Life Cycle (SDLC) methodologies.
  • Defines and documents system security and compliance requirements in support of approved PMO projects, existing operational activities, trace all system security and compliance requirements, validates that requirements are addressed, including validation of the final detailed security design specifications to support PMO life cycle activities.
  • Performs analysis and fulfills requests of eDiscovery & forensics investigations independently by collecting evidence and maintaining chain of custody of records.
  • Participates as a member of the Hospital CERT team and performs various security information and event management procedures to support security investigations.
  • Participates on related InfoSec standards for business continuity and change management activities (e.g., table tops and change review board) and educates IS Hospital management on security issues (e.g., PCI, Identity and Access Management (IAM), Role Based Access Control (RBAC) models
  • Reviews periodic risk analysis and risk assessment activities in support of regulatory requirements (e.g., HIPAA Security & Privacy Rules, PCI DSS, and Joint Commission) utilizing established Governance Risk Compliance (GRC) technology or customized solutions.
  • Facilitates analysis of information security issues and recommends solutions for remediation.
  • Meets with clinical and business units to determine specific security requirements for application development & validate that requirements, documentation, design, and build are complete and accurate for application level development projects.
  • Supports CHOP IS capital budget planning process.

Required Education and Experience


  • Bachelor’s degree in Computer Science, Information Systems, or related field required.
  • 5 – 12 years related work experience; 4+ years of experience with information security, regulatory compliance and risk management concepts
  • 3 years of security architecture/engineering required
  • Comprehensive understanding of InfoSec risk management concepts, security engineering principles & practices, (e.g., COBIT or NIST).
  • Demonstrates a basic knowledge and understanding of Information security principles, System Development Life Cycle (SDLC), general and IT controls, security engineering principles, and related information security policies and procedures.
  • Exhibits knowledge of industry regulatory standards and accreditation requirements (HIPAA, PCI, and Joint Commission).

Preferred Education, Experience & Cert/Lic

Certified Internal Auditor (CIA), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC) or other industry related certification.


    • Kubernetes, AWS and/or GCP experience preferred
    • Working knowledge of HIPAA and the domain of Biomedical Research
    • ElasticSearch and Jenkins experience preferred
    • Experience with an IDM provider such as Auth0, Ping, or Okta
    • Experience with a Cloud Access Security Broker (CASB)                                                                                                                     

Additional Technical Requirements

1. Comprehensive know of information security regulations, standards and leading practices, including understanding of EHR application access controls.
2. Good knowledge of basic database query techniques & data mining to analyze data (e.g., Excel, SQL, Quickbase, Business Objects) or other related database functionality.
3. Knowledge of MS Active Directory, UNIX, and Clinical Applications a plus.
4. Experience implementing application level security in clinical and financial systems (e.g., Epic, Lawson). ERP experience a plus (PeopleSoft, SAP).
5. Understands different firewall architectures (packet filter, application firewalls, application proxy, and VPN) and brands (Checkpoint, Cisco)
6. General understanding of networking and communication techniques including WANs, LANs, Internet, Intranet, protocols, such as TCP/IP and their impact on security.
7. Some knowledge of security applications such as intrusion detection systems and forensics packages (EnCASE), ArcSight, Foundstone
8. Understands differences in perimeter and DMZ architectures & experience with industry standards with system architectures including various UNIX and Microsoft Windows server and desktop platforms.
9. Has experience with application layer formats, usage and characteristics (HTTP, FTP, SSH, DNS, SMTP). Has knowledge of system architecture and design.
10. Microsoft, UNIX, Lawson, and Clinical Applications (e.g., Epic).
11. Experience with industry standard SDLC methodologies; hands-on experience in Project Server methodologies, PMO project management skills, including use of MS productivity tools (Access, Word, PowerPoint, Visio, Project).
12. Experience with risk management frameworks.

Information Security Requirements
1. Understand and comply with all enterprise and IS departmental information security policies, procedures and standards.
2. Support the integration of information security in the development, design, and implementation of Hospital Technology Resources that process, transmit, or store CHOP information.
3. Support all compliance activities related to state, federal regulatory requirements, healthcare accreditation standards, and all other applicable regulations that govern the use and disclosure of patient, financial, or other confidential information.


All CHOP employees who work in a patient building or who provide patient care are required to receive an annual influenza vaccine unless they are granted a medical or religious exemption.

Children's Hospital of Philadelphia is committed to providing a safe and healthy environment for its patients, family members, visitors and employees. In an effort to achieve this goal, employment at Children's Hospital of Philadelphia, other than for positions with regularly scheduled hours in New Jersey, is contingent upon an attestation that the job applicant does not use tobacco products or nicotine in any form and a negative nicotine screen (the latter occurs after a job offer).

Children's Hospital of Philadelphia is an equal opportunity employer. We do not discriminate on the basis of race, color, gender, gender identity, sexual orientation, age, religion, national or ethnic origin, disability or protected veteran status.

VEVRAA Federal Contractor/Seeking priority referrals for protected veterans.  Please contact our hiring official with any referrals or questions.

CHOP Careers Contact 

Talent Acquisition

2716 South Street, 6th Floor

Philadelphia, PA 19146 

Phone: 866-820-9288




Nearest Major Market: Philadelphia

Job Segment: Database, Medical, Medical Research, Clinical Research, Technology, Healthcare, Research