Information Security Architect/Engineer

Schedule:

Monday- Friday (40 hrs/wk)

8:00 AM - 5:00 PM

Department: Information Security- 206

Primary Purpose:

The Security Architect provides enterprise leadership for ARUP's security architecture across both IT and The Security Architect provides enterprise leadership for ARUP's security architecture across both IT and laboratory instrument environments-designing and continually enhancing secure-by-default patterns, guardrails, and systems that protect ARUP's information assets and laboratory workflows. The role collaborates closely with system, application, data, and infrastructure owners to architect, design, and implement pragmatic security solutions; defines and documents standards in Security Requirement Guides (SRGs) and Security Technical Implementation Guides (STIGs); and delivers authoritative guidance for operating system hardening, patching, and technical control selection grounded in NIST publications. This position performs security audits and risk assessments, identifies and curates cloud and infrastructure frameworks (e.g., CSA CCM, CIS, NIST, SRG/STIG) for ARUP use, reviews on‑prem and cloud configurations for compliance with NIST, and ensures proposed IT solutions align with ARUP security policies, SRGs, and applicable regulatory requirements. In all work, the Security Architect serves as the primary advisor on security design patterns and risk‑mitigation strategies that balance safety, compliance, usability, and operational efficiency.

About ARUP:

ARUP Laboratories is a national clinical and anatomic pathology reference laboratory and an enterprise of the University of Utah and its Department of Pathology. Based in Salt Lake City, Utah.

ARUP proudly hires top talent to create a work environment of diversity, professional growth and continuous development. Our workforce is committed to the important service we provide to over one million patients each month. We always strive for excellence and have a strong desire to have involvement with the advances in medicine and the role laboratory services plays within each patient's life. We never forget that there is a patient behind every specimen we receive.

We are looking for individuals who want to contribute to ARUP's culture of accountability, integrity, service, and excellence. Consider joining our dynamic team.

Essential Functions:

Lead the design, and enhancement of security architecture and security systems in IT and laboratory instrument systems.

Collaborate with systems, application, and data owner and infrastructure teams to architect, design, and implement security solutions.

Define and document security standards in SRGs and STIGs.

Provide operating system hardening and system patching guidance based on STIGs and NIST publication.

Perform security audits and security risk assessments.

Identify security frameworks for cloud and infrastructure security.

Review system and cloud (AWS, AZURE) configurations for compliance with NIST and enterprise-level security policies.

Expert-level experience architecting, designing, implementing, and maintaining highly available, scalable, and secure AI solutions in the cloud and on-premise.

Support enterprise stakeholders by ensuring alignment of proposed IT solutions with established security policies, SRGs, and regulatory requirements.

Provide authoritative guidance on security architecture, including recommendations on controls, design patterns, and risk mitigation strategies.

Lead threat modeling exercises to proactively identify vulnerabilities and design mitigations.

Champion secure Software Development Life Cycle (SDLC) practices across all development initiatives.

Assess vendor and product risks to ensure compliance with ARUP's security requirements.

Enforce Architecture Governance to maintain consistency and compliance across enterprise systems.

Physical and Other Requirements:

Stooping: Bending body downward and forward by bending spine at the waist.

Reaching: Extending hand(s) and arm(s) in any direction.

Mobility: The person in this position needs to occasionally move between work sites and inside the office to access file cabinets, office machinery, etc.

Communication: The person in this position will work in a highly collaborative environment which requires frequent, clear, and professional communication with others.

PPE: Biohazard laboratory environment that requires use of personal protective equipment in accordance with CDC and OSHA regulations and company policies.

ARUP Policies and Procedures: To conduct self in compliance with all ARUP Policies and Procedures.

Sedentary Work: Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects.

Fine Motor Control: Picking, pinching, typing or otherwise working on computer equipment.

Vision: Having close, far, and peripheral visual acuity to perform a variety of tasks such as making general observations of depth and distance.