Posts in category jobs

Web Security Best Practices in Medical Informatics: OWASP Top 10

A lot of what the Medical Informatics division does for Frontiers, the KUMC CTSA program, is install, configure, maintain, support, enhance, or--in a few cases--build from scratch systems to manage data, facilitate work-flow, and enforce policy in clinical and translational research.

As our development team grows, it's increasingly important that everybody is up to speed on best practices in secure web application development.

A few months ago, I picked up a copy of The Tangled Web by Michal Zalewski because while I was a long-time participant in the development of the architecture and standards for the Web, I didn't follow a lot of the nitty gritty details as they developed. Who knew that Internet Explorer would take back-ticks (`) around attribute values in HTML? I do now, thanks to Zalewski.

I was chatting with a couple teammates about the risks around drupal customization, and I suggested that they should read this book too. That seemed daunting, but we agreed that a reading group around the book looked like fun.

When I got out the calendar to plan the first meeting, I looked at the first few chapters and realized that the tour of the foundations of the Web provided there would be great if we had started a couple months ago. Plus, the book is much more browser-focused, while a lot of what we do is back-end integration with databases and such.

The OWASP Top 10 Web Application Security Risks looks like a better fit where we are right now:

  1. Injection
  2. Cross-Site Scripting (XSS)
  3. Broken Authentication and Session Management
  4. Insecure Direct Object References
  5. Cross-Site Request Forgery (CSRF)
  6. Security Misconfiguration
  7. Insecure Cryptographic Storage
  8. Failure to Restrict URL Access
  9. Insufficient Transport Layer Protection
  10. Unvalidated Redirects and Forwards

I expect we'll follow up with The Tangled Web in due course.

Meanwhile, I notice there's a OWASP Kansas City chapter that meets Wed. Sept 12, 2012 6:30 PM at McCoys Foundry in Westport. That reminds me... we have an open position for a Biomedical Informatics Software Engineer.

We are recruiting for a Research Assistant Professor in Medical Informatics

Position Summary This Research Assistant Professor Faculty position is in the Division of Medical Informatics, Department of Biostatistics, within the School of Medicine.

The division of medical informatics seeks highly motivated individuals with a passion for software development, scientific discovery, and improving healthcare. Be part of a rapidly growing team developing informatics to further translational research (KUMC just received a NIH Clinical and Translational Science Award beginning June 2011) and serving a dynamic community (Kansas City was selected by Google as the first ultra high-speed fiber connected community).

Responsibilities will include developing informatics infrastructure capabilities, conducting research, and especially collaborative research. The position is expected to engage in collaborative research with other faculty from programs and departments within the School and University. The candidate will also be expected to collaborate with the State of Kansas and affiliate organizations such as the University of Kansas Hospital. The candidate may also be expected to teach courses for graduate students in biostatistics and other disciplines.

Key Roles and Responsibilities:

  • Work as an independent informatician to provide collaborate research support related to the development of informatics solutions for KUMC researchers and affiliates.
  • Possess the ability to design/develop key components of the informatics infrastructure, including terminology, data models, knowledge resources, dynamic end-user interfaces, and aggregations of data designed to support research.
  • Participate in team based software development and system management.
  • Evaluate clinical and research information systems and interventions at KUMC and affiliate organizations.
  • Contribute to the writing of grants to support new projects and the writing of manuscripts to publish findings from ongoing project and system evaluations.
  • Teach informatics courses for graduate students in biostatistics and other disciplines.
  • Perform other duties as may be assigned by the division director or chair.

Required Qualifications:

PhD., M.D., or D.O. and training in biomedical informatics through advanced degree programs, fellowship training, or comparable experiences in knowledge management, clinical decision support, translational informatics and relevant informatics standards. The ability to promote effective teamwork in a rapidly changing multidisciplinary research environment. Superior interpersonal and communications skills as demonstrated by excellence in speaking, writing and listening. Informatics research experience with clinical, public health, and medical administrative systems.

Preferred Qualifications:

The individuals expertise should draw from the broader field of biomedical informatics to complement and expand the department's capabilities. Desirable experiences and domains include: clinical information system and clinical decision support public health informatics quantitative/qualitative informatics evaluation methods statistics, biostatistics and quality management methods Database and application development HL7 data integration/system architecture ontology management (UMLS, LOINC, SNOMED, FDB, RxNORM) data warehousing; the division's HERON clinical repository utilizes i2b2 (over 500 million observations) to store information from our affiliate clinical organizations clinical research informatics; both Velos and REDCap are used for clinical research information systems knowledge discovery and statistical learning methods natural language processing laboratory/pathology information systems especially in support of tissue management and cancer research

Feel free to contact me, rwaitman@… to learn more, visit the rest of this wiki to learn about our work.  Or, just go ahead and apply for position M0203705: Research Assistant Professor in Medical Informatics.

We have a great opportunity for a Biomedical Informatics Software Engineer!

The division of medical informatics seeks highly motivated individuals with a passion for software development, scientific discovery, and improving healthcare. This position is responsible for developing and maintaining medical informatics applications to support Kansas University Medical Center. This includes developing/interacting with clinical systems (Ex. EPIC, Cerner), data warehouses and analytics, national terminology vocabularies (UMLS, RxNorm, LOINC, FDB), clinical research systems (Ex. VELOS), and external registries and state/national datasets.

-- Job J0084846