Epic Application Security Analyst

Member of a team that manages and monitors the safety of information systems assets and protects systems from intentional or inadvertent access or destruction. Has a specific focus on the Epic system. Coordinates security efforts between Epic application teams. Ensures that authorized users are able to successfully log in to Hyperspace with the appropriate security to complete their job in the system. Responds to, analyzes, and resolves Information Security issues, concerns, questions, incidents and events. Identifies and evaluates risks and threats. Makes resourceful, practical decisions and addresses unexpected problems. Conducts evaluations of current information security posture and recommends approaches to strengthen as appropriate.
Responsibilities
Plan, coordinate and lead the Epic security project.
Manage security-related coordination between Epic applications (facilitate regular meetings, develop implementation timelines and strategies relating to security).
Maintain the Epic security documentation including the Users and Security Matrix.
Create and maintain role based security for the Epic system and manage related activities.
Make appropriate access decisions in conjunction with application coordinators/analysts and IS operations.
Create appropriate shared security classifications with suitable menus within Epic software leading to a common look and feel across system.
Own and manage Epic security build, testing, and user record creation processes.
Develop Epic user security support plan and train support staff.
Coordinate and implement processes for creation and updates to Epic system security across project teams.
Maintain and manage the Epic security project plan.
Provide regular security status reports to management.
Develop and implement plan for the distribution and the testing of user security and access prior to Go Live.
Perform application vulnerability assessments
Perform code review across a variety of programming languages
Performing assessments of SDLC processes
Develop testing scripts and procedures
Provide technical direction, guidance and assistance during project development and accomplishes all required formal sign-offs
Investigate, resolve, and perform follow-up tasks on system security and related problems. Collaborate to seek resolution of system security issues for points of integration and communicates risk implications to team lead/project manager.
Consult with and advise vendors and technical groups concerning the continued support of application security
Assist customers with quality assurance (testing) and documentation of testing results through standard procedures and processes
Participate in hardware and software selection, modification, and implementation.
Maintain related support tools, including database and application security installation and testing programs and standards/procedures
Ensure test scenarios are adequately documented and perform testing as needed.
Provide documentation and training to transfer knowledge and operational support to the clinical analyst, revenue analyst, and BI developer teams.
Work within established guidelines, standards, methodologies and conventions for application security and documentation. Recommends changes to established guidelines, standards, methodologies and conventions as appropriate
Safeguard protected health information from any intentional or unintentional disclosure in compliance with applicable rules and regulations.
Consult with and advise vendors and technical groups concerning the continued support of reports and databases
Participate in meetings with stakeholders from physician groups, nursing, ED, OB, hospital service departments, information systems, clinic operations, management, executive leadership and reporting. Document main points, issues and key decisions.
Perform other security-related projects that may be assigned according to skills
Maintain professional growth and development through seminars, workshops, and professional affiliations.
Demonstrate positive interpersonal skills by effectively working with other team members to identify and resolve problems with project workflow
Skills and Knowledge
Ability to gain an in-depth understanding of the Epic data model and determine application security requirements
Ability to build extensive knowledge of Epic application security
Knowledge of standard security practices; network architecture, routing and TCP/IP protocols; UNIX and Microsoft operating systems; risk and threat assessment process and practices; general business processes and standards associated with areas of assignment
Working knowledge of ITSM and ITIL.
Strong ethics and understanding of ethics in business and information security
Understanding and familiarity with common code review methods and standards
Experience with code scanning toolsets such as Fortify and Ounce
Knowledge of OWASP tools and methodologies
Understanding of HTTP and web programming
Knowledge of common security requirements within ASP.NET application
Knowledge of standard SDLC practices
Ability to present findings to technical staff and executives
Possess current security certifications (e.g., CISSP, CEH)
Possesses comprehensive knowledge of hospital operations, procedures/functions and the relationships between them.
Demonstrates the ability to build relationships and effectively communicate with the project team, and key clinical stakeholders, including business services, nurses and physicians. Works closely and collaboratively with other project team members including business and clinical leaders.
Participates and sometimes facilitates building, planning and problem solving discussions with project teams, clinicians, and leadership.
Ability to troubleshoot technical issues with application security, including reviewing code and database issues.
Experience with business or clinical computer systems in the areas of data/information warehousing data and reporting of such data required. Solid understanding of computer systems, interfaces, software, and IT functions.
Experience organizing and running multiple projects required.
Can provide regular status updates to project lead/manager.
Strong organization, analysis and problem solving skills required, with an emphasis on attention to detail and the ability to work on multiple projects simultaneously.
Ability to perform project planning and management; conduct systems analysis of business processes; interact with customers and vendors on the phone and in person; establish and maintain excellent customer service and relationships.
Approach problems constructively by focusing on how to move the project forward.
Possesses strong interpersonal skills and effective communication skills, written and oral.
Demonstrates the ability to adapt to project changes related to scope, schedule, workflow, and system utilization.
Familiar with HIPAA, JCAHO and other regulations that impact hospitals and clinics.
Ability to adapt to a changing environment, problem solve and develop solutions. Strong documentation and communication skills.
Experience with Microsoft Office required.
Must be customer focused, results-oriented, flexible and adaptable. Ability to interact with stakeholders at all levels to communicate reporting needs and understand business requirements. Must be able to establish and maintain a high level of customer trust and confidence and have the ability to resolve conflict and manage conflicting priorities.
Ability to establish and achieve goals and maintain timelines. Ability to accurately estimate development time
Strong analytical and problem solving skills
Strong report presentation, interpersonal, verbal, written communication skills
Self-directed and able to work independently with general direction.
Flexible and adaptable
Experience
Bachelor's degree in Computer Engineering, Computer Science, or Information Systems Management or approved equivalent combination of education and experience. Three years of additional related experience may be substituted in lieu of educational requirement.
Minimum three (3) years of experience in the information technology field, preferably concentrated in information security.
Experience with and knowledge of UNIX operating systems desired and Microsoft operating systems required; risk and threat assessment process and practices; project planning and management; business continuity planning, documentation and evaluation
Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint)
Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Webinspect, Accunetix, NTO Spider, Burpsuite Pro)
Experience with static analysis tools (e.g., IBM Appscan Source, HP Fortify)
Experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB))
Experience with web application development (e.g., ASP.NET, ASP, PHP, J2EE, JSP)
Experience with Epic application security a plus

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.

More Jobs

Computer Information Research Scientist Resear...
Arlington, VA Lockheed Martin Corporation
Security Analyst, Entry
Dulles, VA BAE Systems
Senior Information Security Analyst
Herndon, VA General Dynamics Information Technology
APPLICATIONS SYSTEMS ANALYST/PROG 3 (Senior - ...
Hampton, VA CACI International