Boston Medical Center (BMC)
We’re providing accessible and exceptional care to make a healthier Boston.
Applications Security Analyst III – Senior
Security AnalystSecurity AnalystFull TimeRemoteTeam 5,001-10,000Since 1996H1B No SponsorCompany SiteLinkedIn
Location
United States
Posted
53 days ago
Salary
$83K - $120.5K / year
Associate Degree5 yrs expEnglishCyber SecurityService Now
Job Description
• Own and execute work in a high-volume ServiceNow queue, consistently handling hundreds of tickets per week for joiner/mover/leaver access changes, troubleshooting, and triage
• Prioritize and route requests using impact, urgency, patient-care considerations, risk, and defined SLAs; escalate complex/high-risk issues appropriately
• Troubleshoot access end-to-end (request intent, user attributes, role mapping, provisioning outcomes, in-application authorization) and document decisions/outcomes clearly for auditability
• Serve as the senior escalation point for Epic access design/build and complex access issues; ensure access is scalable, supportable, and aligned to policy
• Develop and maintain standardized access patterns Attribute Based Access Control (ABAC) /templates, privileged/elevated access controls) aligned to least privilege
• Partner with Epic application teams and operational leaders to translate workflows into durable access models and reduce one-off exceptions
• Maintain an Epic access catalog (roles/entitlements, risk tiers, prerequisites, approval paths) and keep it current as workflows evolve
• Support access reviews/attestations for high-risk roles and privileged access; drive remediation of findings and control gaps
• Support investigations related to inappropriate access/privacy concerns and contribute to corrective action plans
• Partner with IAM/IGA stakeholders during SailPoint implementation to ensure Epic is “automation-ready” (clean entitlements, requestable roles, approvals, constraints, and edge-case handling)
• Help align access with authoritative source systems (HR, operations, credentialing, etc.) by defining needed attributes and lifecycle scenarios (joiner/mover/leaver, LOA, contractors, students)
• Support testing/UAT and rollout readiness by validating that automated provisioning yields correct in-application authorization and usable audit trails
• Mentor and quality-review work performed by Level II analysts; establish standard work, runbooks, knowledge articles, and queue hygiene practices
• Track and improve key operational metrics (turnaround time, rework/defect rate, exception volume, access quality) and drive measurable process improvement.
Job Requirements
- Associates degree OR equivalent education or experience
- Epic certification(s), Security strongly preferred
- 5+ years of experience in Epic security/access, application access governance, or closely related healthcare IT security operations with substantial Epic access responsibility
- Strong Epic import/export, Microsoft Excel skills and experience
- Demonstrated expertise in Attribute Based Access Control (ABAC)/least privilege, access standardization, and governing elevated access in a complex clinical/operational environment
- Proven ability to thrive in a high-volume ticket environment while maintaining quality, consistency, and audit-ready documentation
- Strong cross-functional collaboration skills (Epic teams, operations, HR, IAM/IGA, IT) and clear written communication
- Preferred Bachelor’s degree; majors in Computer Science, Information Systems, Cybersecurity, Healthcare Informatics, or related fields are preferred
- Additional Epic certifications
- Strong Data Governance knowledge and experience
- Experience implementing or partnering with IAM/IGA platforms (Okta LCM or SailPoint ISC/IIQ preferred; similar tools acceptable)
- Experience with access reviews/attestations, segregation-of-duties concepts, and audit support in healthcare
- Microsoft Access database experience.
Benefits
- medical
- dental
- vision
- pharmacy
- discretionary annual bonuses and merit increases
- Flexible Spending Accounts
- 403(b) savings matches
- paid time off
- career advancement opportunities
- resources to support employee and family well-being
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
Security Analyst I
PCI Pharma ServicesTogether, delivering life changing therapies. Let's talk future.
Security Analyst56 days ago
Full TimeRemoteTeam 1,001-5,000Since 1971H1B Sponsor
Security Analyst providing frontline security operations support for PCI Pharma
Cyber SecurityDNSLinuxTCP/IP
Pennsylvania
Security Analyst61 days ago
Full TimeRemoteTeam 1,001-5,000H1B No Sponsor
Compliance Specialist managing SOC reporting and risk assessments at Bonterra
Access Control Specialist
US Anesthesia PartnersQuality Anesthesia Care: We're raising the bar for the industry.
Security Analyst61 days ago
Full TimeRemoteTeam 5,001-10,000Since 2012H1B No Sponsor
US Anesthesia Partners is seeking an Access Control Specialist who is responsible for managing user access across enterprise systems, ensuring compliance with internal security policies and external regulatory requirements. This role plays a critical part in safeguarding sensitiv...
Access ControlIdentity and Access ManagementMicrosoft Entra IDActive DirectoryServiceNowExcelAudit PreparationComplianceDocumentation
United States
Lead Security Analyst, Cloud & Endpoint Incident Response
HubSpotThe easy-to-use CRM to scale your business.
Security Analyst62 days ago
Full TimeRemoteTeam 1,001-5,000Since 2006H1B Sponsor
Lead Security Analyst managing AWS and endpoint incident response
AWSCloudLinuxMacOSPythonSplunk
